Valve literally told the guy who spread the news on Twitter that they do not use Twillo as a SMS 2FA provider at all: https://twitter.com/MellowOnline1/status/1922458687316074640

Good on TechRadar for actually bothering to mention BleepingComputer’s article about it, but they still didn’t mention where the news originated from.

It all began in this LinkedIn post, which wrongfully claimed that the “leak” was coming from Twillo (Also funny is that this is an AI company): https://www.linkedin.com/posts/underdark-ai_cybersecurity-databreach-steam-activity-7327022917370703872-JqN3/

Then the Twitter guy got involved in it, then the “news” sites ran off with what the guy on Twitter said.

Lemme just quote this insightful comment in Steam subreddit as well: https://www.reddit.com/r/Steam/comments/1kmeoqo/steam_doesnt_use_twillo_no_need_to_change/ms9n1xx/

To clarify why changing your passwords is basically pointless

1. Steam does not use Twillo for its MFA implementation. Twillo doesnt store the keys for the MFA implementation.
2. Twillo doesn’t store passwords, meaning even if you assume Twillo was breached, it has no passwords to leak.
3. Twillo only has a centralized MFA app similar to Google Authenticator. Again this does NOT STORE PASSWORDS
4. If Twillo was compromised, the only possible vector would be an SMS hijacking attack, and that’s IF Steam uses Twillo as its SMS intermediary
5. If we assume #4 then, which is a stretch, CHANGING YOUR PASSWORD IS POINTLESS. Its attacking the SMS network. You can change your password every other minute. The attacker can simply generate and SMS code and take over your account that way. Your password is pointless in this scenario
6. If you are ‘paranoid’ and want to do something ‘actually useful’ remove your phone number from your account, which still again makes a LOT of assumptions above everything tl;dr changing your password is pointless, remove your phone number if you are ‘paranoid’

Change your passwords if you want to, but there is no need to panic.

Btw, selling 89 MILLION Steam accounts’ data for just 5000$? Really???

The absolute disregard of having any moderation is what does that. If there was any, there wouldn’t be the cases like having someone be there by their third account, after the first two got banned.

Not to mention that controversy = angry people and trolls = more clicks = more ad revenue. I don’t think Michael wants to miss out on it.

This looks promising. I always yearned for Foobar2000 to be on Linux natively.

However layout editor part is quite confusing (adding widgets seem to add them not where I want them at), and I couldn’t get it to play any music, as both drag and drop to a playlist and open file option in the menu causes the program to crash. Plugins didn’t load at all until I manually copied them to the places fooyin was looking for, though I wonder if this is an AUR package issue or not.

I’ll keep using DeaDBeeF despite some complaints I have with it for the time being, and will keep a close eye on this one.

The reason it is so shit is that because there is NO moderation whatsoever (nor there is any care for having it, as there wouldn’t be cases like someone that had done ban evasion twice still being active on the forums otherwise). And I think I can safely say that it is just like the same as other social media:

More heated and stupid arguments = more page clicks and views = more ad revenue (Michael definitely inserts some ads into the forums, like come on now)

I have absolutely no regrets using adblockers on there (or internet-wide), and Michael has the GALL to call his subscription service “Premium”… unbeknownst to him that a golden coated excrement is in the end… still a piece of excrement. :V