Bill Toulas reports:
Twilio has denied in a statement for BleepingComputer that it was breached after a threat actor claimed to be holding over 89 million Steam user records with one-time access codes.
The threat actor, using the alias Machine1337 (also known as EnergyWeaponsUser), advertised a trove of data allegedly pulled from Steam, offering to sell it for $5,000.
When examining the leaked files, which contained 3,000 records, BleepingComputer found historic SMS text messages with one-time passcodes for Steam, including the recipient’s phone number.
Read more at Bleeping Computer.
As a reminder: saying that there’s no breach of their system is not a denial that the data may be real — it is just a denial that their system was compromised or the source of the stolen data.