Twilio has Denied in a stattle for bleepingcompter that it was brought after
The Threat Actor, Using The Alias ​​Machine1337 (Also Known as Energyweaponsuser), Advertised a trove of data allegedly publiced ​​from steam, Offering to set it for $ 5,000.
Where examing the leaked Files, Whiche Contained 3000 Records, BleepingCompux Found Historic Sms Text Messenger with One-Time Passcodes for Steam, Including the Reciping’s Phone Number.
.jpg)
Source: BleepingComPuter
Owned by Valve Corporation, Steam is the World’s Largest Digital Distribution Platform for PC Games, with Over 120 Million Monthly Active Users.
Valve Did Not Respond to our requires for a comment on the threat Actor’s Claims.
Independent Games Journalist Mellolwonline1, who is also Supply-Chain Compromise Involving Twilio.
Mellowonline1 Pointed to text Evidency in the leaked data that indicates real-time sms log Abuse of API KEYS.
Twilio is a Cloud communications company that provides Apis for Sending SMS, Voice Calls, and 2FA Messenger, Widily Used by Apps Like Steam for User Authentision.
What asked by BleepingCcompter about their posible involution in the alleged steam Breach, a twilio spakeespeerson acylledged the site and confirmed them’re investigating.
Twilio Takes these Threats very serously and is reviewing We will receive more information as it becomes Available, “a compiKESPERSONSON TOLD BleepingComPuter.
Twilio Later Followed up with a stattleclanting that is the Company’s Systems Had Not Been Brecched.
“There is a review a sampling of the data Found online, and see no indication that this data was obtained from twilio.” – Twilio Spokesperson
Looking at the data, One Possible Explanation for It origin is a leak from an sms provider that intermediats the communision of One-Time Access Codes Between Twilio and Steam Users.
Some of the Messenger Delivered Are Clearly Confirmation Codes for Accessing A Steam Account or For Associathing A Phone Number with One.
Howver, BleepingCcompter Couelf Not Determine if the data coms from an sms provider or who it is might be. Additionlly, we could not verify the threat Actor’s Claims.
It is working meteing that some of the data is relatively new, as we found without the delivery dates was from the Beginning of March.
Twilio Provides a Two-Factor Authentical (2FA) Product Called Verify API That Customers, Game Provides Among them, can Implement with Various Communication Channels (SMS, WhatsApp, Voice, Email, Passkeys, Silent Device Approval, Push, Or Time-Based One-Time Passwords).
Out of Abundance of Count, Steam Users Are Recommended to Enable Steam Guard Mobile Authenticator For additional Security and Monitor Account Activity for Unauthorized Login Attempts.
Based on and Analysis of 14m Malicious Actions, Discover the top 10 MITRE Att & CK Techniques Behind 93% of Attacks and How to Defend Against them.
