Carder.life

Carder.life (http://txgate.io:443/index.php)
-   Carding News (http://txgate.io:443/forumdisplay.php?f=38)
-   -   Twilio denies breach following leak of alleged Steam 2FA codes (http://txgate.io:443/showthread.php?t=51296622)

WWW 05-26-2025 12:05 PM
<div id="post_message_791322">

Twilio has denied in a statement for BleepingComputer that it was breached after a threat actor claimed to be holding over 89 million Steam user records with one-time access codes.<br/>
<br/>
The threat actor, using the alias Machine1337 (also known as EnergyWeaponsUser), advertised a trove of data allegedly pulled from Steam, offering to sell it for $5,000.<br/>
<br/>
When examining the leaked files, which contained 3,000 records, BleepingComputer found historic SMS text messages with one-time passcodes for Steam, including the recipient's phone number.<br/>
<br/>
<img alt="" border="0" class="bbCodeImage" src="https://www.bleepstatic.com/images/news/u/1220909/2025/May/forum-post(1).jpg"/><br/>
<div style="margin:20px; margin-top:5px; ">
<!-- <div class="smallfont" style="margin-bottom:2px">Quote:</div> -->
<table border="0" cellpadding="6" cellspacing="0" width="100%">
<tr>
<td class="alt2" style="background: rgb(37, 37, 37) none repeat scroll 0% 0%; border: 1px solid rgb(0, 0, 0); border-radius: 5px; font-size: 11px; text-shadow: none;">

Threat actor's post on XSS

</td>
</tr>
</table>
</div>Owned by Valve Corporation, Steam is the world's largest digital distribution platform for PC games, with over 120 million monthly active users.<br/>
<br/>
Valve did not respond to our requests for a comment on the threat actor's claims.<br/>
<br/>
Independent games journalist MellolwOnline1, who is also the creator of the SteamSentinels community group that monitors abuse and fraud in the Steam ecosystem, suggests that the incident is a supply-chain compromise involving Twilio.<br/>
<br/>
MellowOnline1 pointed to technical evidence in the leaked data that indicates real-time SMS log entries from Twilio's backend systems, hypothesizing a compromised admin account or abuse of API keys.<br/>
<br/>
<img alt="" border="0" class="bbCodeImage" src="https://www.bleepstatic.com/images/news/u/1220909/2025/May/steam.png"/><br/>
<div style="margin:20px; margin-top:5px; ">
<!-- <div class="smallfont" style="margin-bottom:2px">Quote:</div> -->
<table border="0" cellpadding="6" cellspacing="0" width="100%">
<tr>
<td class="alt2" style="background: rgb(37, 37, 37) none repeat scroll 0% 0%; border: 1px solid rgb(0, 0, 0); border-radius: 5px; font-size: 11px; text-shadow: none;">
<a href="https://www.bleepstatic.com/images/news/u/1220909/2025/May/steam.png" target="_blank">x.com</a>
</td>
</tr>
</table>
</div>Twilio is a cloud communications company that provides APIs for sending SMS, voice calls, and 2FA messages, widely used by apps like Steam for user authentication.<br/>
<br/>
When asked by BleepingComputer about their possible involvement in the alleged Steam breach, a Twilio spokesperson acknowledged the situation and confirmed they're investigating.<br/>
<br/>
Twilio takes these threats very seriously and is reviewing the alleged incident. We will provide more information as it becomes available," a company spokesperson told BleepingComputer.<br/>
<br/>
Twilio later followed up with a statement clarifying that the company's systems had not been breached.<br/>
<br/>
<div style="margin:20px; margin-top:5px; ">
<!-- <div class="smallfont" style="margin-bottom:2px">Quote:</div> -->
<table border="0" cellpadding="6" cellspacing="0" width="100%">
<tr>
<td class="alt2" style="background: rgb(37, 37, 37) none repeat scroll 0% 0%; border: 1px solid rgb(0, 0, 0); border-radius: 5px; font-size: 11px; text-shadow: none;">
<font size="3">"There is no evidence to suggest that Twilio was breached. We have reviewed a sampling of the data found online, and see no indication that this data was obtained from Twilio." - Twilio spokesperson</font>
</td>
</tr>
</table>
</div>Looking at the data, one possible explanation for its origin is a leak from an SMS provider that intermediates the communication of one-time access codes between Twilio and Steam users.<br/>
<br/>
Some of the messages delivered are clearly confirmation codes for accessing a Steam account or for associating a phone number with one.<br/>
<br/>
However, BleepingComputer could not determine if the data comes from an SMS provider or who it might be. Additionally, we could not verify the threat actor's claims.<br/>
<br/>
It is worth mentioning that some of the data is relatively new, as we found many of the delivery dates were from the beginning of March.<br/>
<br/>
Twilio provides a two-factor authentication (2FA) product called <a href="https://www.twilio.com/en-us/user-authentication-identity/verify" target="_blank">Verify API</a> that customers, game providers among them, can implement with various communication channels (SMS, WhatsApp, voice, email, passkeys, silent device approval, push, or time-based one-time passwords).<br/>
<br/>
Out of abundance of caution, Steam users are recommended to enable <a href="https://help.steampowered.com/en/faqs/view/7EFD-3CAE-64D3-1C31" target="_blank">Steam Guard Mobile</a> Authenticator for additional security and monitor account activity for unauthorized login attempts.<br/>
<br/>
<a href="https://www.bleepingcomputer.com/news/security/twilio-denies-breach-following-leak-of-alleged-steam-2fa-codes/" target="_blank">@ BleepingComputer</a>
</div>


All times are GMT. The time now is 12:16 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.