Twilio Denies Breach After Steam 2FA Leak Claim

Twilio Inc. denied reports of a security breach after a threat actor claimed to possess over 89 million Steam user records, including one-time access codes. In a statement to BleepingComputer, the communications platform said it had not been compromised, countering allegations that its systems were the source of the data leak.

The claims emerged online, suggesting that sensitive two-factor authentication (2FA) codes tied to Steam accounts had been compromised. Steam, a popular digital distribution platform for video games, uses one-time access codes as part of its security protocols.

Twilio, which provides communication APIs used by various companies for SMS and voice-based authentication, is often linked to 2FA delivery services. However, the company refuted any connection to the alleged breach.

The origin and authenticity of the leaked data remain unclear. Authorities and cybersecurity analysts have not verified the legitimacy of the threat actor’s claims, and Steam has not issued a public response.