- 783
- 211
A hacker who goes by the name Machine1337 has put up for sale a data dump that allegedly contains 89 million Steam user records. The dump contains SMS messages with one-time codes for Steam, as well as the phone numbers of their recipients. Researchers speculate that this may be related to a compromise of Twilio.
Machine1337 (aka EnergyWeaponsUser) is selling the dump for $5,000, but has made 3,000 records publicly available as a sample of the data.
Independent gaming journalist MellowOnline1, who is also the founder of the group SteamSentinels, which tracks abuse and fraud in the Steam ecosystem, speculates that this leak is not related to a compromise of Steam itself, and is more likely the result of a supply chain attack that affected Twilio.
MellowOnline1 notes that the dump contains technical evidence that is similar to a leak of SMS logs from Twilio's internal systems. According to him, this could be a hack of an administrator account or the abuse of API keys.
Twilio is a cloud PaaS provider and two-factor authentication (2FA) product that can be used to send SMS messages, instant messages, emails, push notifications, voice calls, and TOTP (Time-based One-Time Password), which is widely used in many applications (including Steam) to authenticate users. According
to journalists from Bleeping Computer , who studied a free sample of the data published by Machine1337, some of the SMS messages are clearly codes for confirming access to a Steam account or linking a phone number to it. At the same time, some of the data was obtained relatively recently: many of them are dated early March.
However, the journalists were unable to determine whether this leak was specifically related to Twilio. According to them, the compromise could also have occurred, for example, on the side of the SMS provider, which is an intermediary in the transfer of codes between Twilio and Steam users.
Twilio representatives told the publication that they had already investigated the possible incident and found no signs of compromise.
[td]"There is no evidence that Twilio's systems were compromised. We analyzed a sample of the data published online and found no indication that the data could have been obtained from Twilio's systems," the company said.[/td]As a precaution, Steam users are advised to use Steam Guard Mobile Authenticator for additional protection. They should also monitor their account activity to detect suspicious activity in time.
Machine1337 (aka EnergyWeaponsUser) is selling the dump for $5,000, but has made 3,000 records publicly available as a sample of the data.
Independent gaming journalist MellowOnline1, who is also the founder of the group SteamSentinels, which tracks abuse and fraud in the Steam ecosystem, speculates that this leak is not related to a compromise of Steam itself, and is more likely the result of a supply chain attack that affected Twilio.
MellowOnline1 notes that the dump contains technical evidence that is similar to a leak of SMS logs from Twilio's internal systems. According to him, this could be a hack of an administrator account or the abuse of API keys.
Twilio is a cloud PaaS provider and two-factor authentication (2FA) product that can be used to send SMS messages, instant messages, emails, push notifications, voice calls, and TOTP (Time-based One-Time Password), which is widely used in many applications (including Steam) to authenticate users. According
to journalists from Bleeping Computer , who studied a free sample of the data published by Machine1337, some of the SMS messages are clearly codes for confirming access to a Steam account or linking a phone number to it. At the same time, some of the data was obtained relatively recently: many of them are dated early March.
However, the journalists were unable to determine whether this leak was specifically related to Twilio. According to them, the compromise could also have occurred, for example, on the side of the SMS provider, which is an intermediary in the transfer of codes between Twilio and Steam users.
Twilio representatives told the publication that they had already investigated the possible incident and found no signs of compromise.