BleepingComputer reports that U.S. cloud communications firm Twilio has refuted having been compromised following an alleged major data breach at leading game digital distribution platform Steam, which was claimed by threat actor EnergyWeaponsUser, also known as Machine1337, to have resulted in the theft of more than 89 million user records with one-time access codes.
While the inclusion of Twilio backend systems' real-time SMS log entries in the leaked Steam data was noted by independent gaming journalist MellolwOnline1 to indicate a Twilio supply chain compromise, Twilio emphasized that it has not found evidence suggesting any data compromise. "We have reviewed a sampling of the data found online, and see no indication that this data was obtained from Twilio," said a Twilio spokesperson. Despite uncertainties surrounding the source of the exposed data and the veracity of EnergyWeaponsUser's assertions, users of Steam have been urged to activate Steam Guard Mobile Authenticator and track unauthorized login activity.
While the inclusion of Twilio backend systems' real-time SMS log entries in the leaked Steam data was noted by independent gaming journalist MellolwOnline1 to indicate a Twilio supply chain compromise, Twilio emphasized that it has not found evidence suggesting any data compromise. "We have reviewed a sampling of the data found online, and see no indication that this data was obtained from Twilio," said a Twilio spokesperson. Despite uncertainties surrounding the source of the exposed data and the veracity of EnergyWeaponsUser's assertions, users of Steam have been urged to activate Steam Guard Mobile Authenticator and track unauthorized login activity.
