Valve Corp. has confirmed that a reported data leak involving 89 million Steam user records, offered for sale on the dark web by a hacker known as Machine1337 for $5,000, did not originate from a breach of Steam's systems. The company stated that the leaked data consisted of older text messages containing one-time codes for two-factor authentication, which were only valid for 15-minute intervals, along with the phone numbers they were sent to. The data did not include any association with Steam accounts, passwords, payment information, or other personal data. Valve emphasized that these old text messages cannot be used to compromise Steam accounts, and users do not need to change their passwords or phone numbers as a result of this incident. Cybersecurity firm Underdark.ai initially reported the leak, suggesting it might be linked to Twilio, a cloud communications company, though Twilio denied any breach on their end. Valve is continuing to investigate the source of the leak, noting that SMS messages are unencrypted in transit and routed through multiple providers. The company recommends that users set up the Steam Mobile Authenticator for enhanced account security. BleepingComputer analyzed a sample of the leaked data, confirming the presence of historic SMS text messages.