Steam 2FA codes allegedly got leaked. If you use 2FA with your phone number, turn it off NOW and secure your account.
Confirmed false. See comment.
Steam 2FA codes allegedly got leaked. If you use 2FA with your phone number, turn it off NOW and secure your account.
Confirmed false. See comment.
So what are the details of the risk here? Can texted 2FA use old codes to math out new ones? Is it just that they know which phone number goes to an account they can do another kind of attack on to get new codes?
From what I read these are old texted one time codes. Good one time, generally only for a few minutes. Useless now.
Or is this bad only because there’s a breach somewhere, they don’t know where, and who knows what else they have?
I guess if the affected users are keeping their phone and TFA method you could target their phone numbers to try to intercept new codes, although that’s not doable at scale.
Having phone numbers associated to accounts out in public is pretty bad in general, though.