Originally posted by falcaux:

Twilio here we go again.
It wouldn't be the first time they managed to breach Authy's security. Last time they stole users' phone numbers.

https://www.linkedin.com/posts/underdark-ai_cybersecurity-databreach-steam-activity-7327022917370703872-JqN3/

Key word in the topic title: Alleged.

Good thing I don't have to look up the definition of the word so I can move along quickly.

This OP doesn't even understand the word "allegation". Thanks you saved my click.

I mentioned Twilio. Maybe you're overestimating your understanding.

Originally posted by falcaux:

I mentioned Twilio. Maybe you're overestimating your understanding.

Twilio is not Steam 2FA provider as it's confirmed in regarding your link. Maybe you should too.

Thanks for confirming once again that you overestimate your understanding. You just confirmed that Twilio has been hacked which is the origin of my post. English is not my first language but apparently neither is yours.

Originally posted by falcaux:

Thanks for confirming once again that you overestimate your understanding. You just confirmed that Twilio has been hacked which is the origin of my post. English is not my first language but apparently neither is yours.

English not being your first language is obvious, you're saying incredibly stupid things right now lacking any comprehension of what is being said to you or what is being said in the article.

Twilio has not been hacked.
Steam has not been hacked.
Nothing is confirmed, just a dodgy dark-net listing with zero confirmations.

For all we know, it's just a scam group testing dark net monitoring and how proactive Steam will respond to a fake allegation.

IF, and a big IF here, IF there is a hack, it's on neither Steam or Twilio. It would be a supply-chain hack on a yet unknown company. We literally don't know yet. But considering the claim of having 89m steam accounts and only selling it for 5k? ♥♥♥♥♥♥♥♥. Or, the 'data' is completely worthless.

Originally posted by Assume I have 400 Ping:

IF, and a big IF here, IF there is a hack, it's on neither Steam or Twilio.

The LinkedIn post says that as well, yeah. It reads, and I quote:

The data includes message contents, delivery status, metadata, and routing costs — suggesting backend access to a vendor dashboard or API, not Steam directly.

I am afraid to my account hehe

Well, it seems nothing to be actually worried about.

And now, back to our regularly scheduled programming.

Conflicting information. Valve says no Twilio, that page says the breach is at Steam (explains some of what we saw from users) Twilio is the thing. Surely Valve wouldn't say "we don't use Twilio"... because they use Authy which is owned by Twilio?

Originally posted by Realigo Actual:

Conflicting information. Valve says no Twilio, that page says the breach is at Steam (explains some of what we saw from users) Twilio is the thing. Surely Valve wouldn't say "we don't use Twilio"... because they use Authy which is owned by Twilio?

what did you see from users?

Oh ♥♥♥♥ no maybe they MITM Valve and sent the 2FA codes through twilio themselves if they had breached Valve's systems.

and also I guess Authy is just an app? I thought it was like Cisco with their thing.

what did you see from users?

Originally posted by eram:

Originally posted by Realigo Actual:

Conflicting information. Valve says no Twilio, that page says the breach is at Steam (explains some of what we saw from users) Twilio is the thing. Surely Valve wouldn't say "we don't use Twilio"... because they use Authy which is owned by Twilio?

what did you see from users?

There are plenty of posts on the forums of people talking about how their account was hijacked but there have been some by knowledgeable users saying that they do no log in to third party sites or trade, making the usual vectors phishing less likely. In a few cases, it was looking like there was a telecom element. Breach at valve, or bad telecom would explain. Well the second thing is pretty bad anyway but I guess it was the first thing.

change your password on a regular basis