Data Protection

Data Breach: What Happened with Steam Accounts?

By Write a Comment on Data Breach: What Happened with Steam Accounts?

Hey there, let’s talk about…

Hey gamers, wake up to some shocking news! The personal data of 89 million Steam accounts has been exposed in a data breach. Don’t worry, it wasn’t Steam itself, but a third-party vendor in their supply chain. And get this, the data is being sold on the dark web for just $5,000!

This breach highlights a serious threat that companies need to take seriously: third-party vendor risk. Many times, it’s not the main company that gets hacked, but a supplier or service provider with access to personal data.

So, what’s the deal with…

Threat actors love targeting third-party vendors because they’re seen as the weak link. These suppliers might not have the best security practices or up-to-date systems, making them easy targets. Once in, cybercriminals can snatch up loads of personal data without even touching the main platform.

In Steam’s case, a vendor’s slip-up put millions of loyal users at risk. Remember, your data protection is only as strong as the weakest link in your vendor network.

How can we stay on top of this?

Just checking vendors at the start isn’t enough. It’s an ongoing job. Data protection laws like GDPR demand that companies ensure their processors meet legal and security standards.

A solid third-party management plan should include: initial checks before signing, yearly assessments, security certifications review, updated vendor questionnaires, and detailed risk-based decisions.

  • Got to do those initial checks before signing on the dotted line.

  • Don’t forget those yearly assessments of processors and sub-processors.

  • Make sure to review those security certifications and data handling practices.

  • Keep those vendor questionnaires updated annually.

  • Document those risk-based decisions in detail.

If the risk is high, demand a Data Protection Impact Assessment (DPIA) or do an onsite audit.

But wait, there’s more…

Contracts with vendors are your first line of defense in a breach. Are your current agreements up to snuff?

Make sure contracts have all the necessary clauses under data privacy laws. Define roles, responsibilities, access controls, breach notifications, and indemnification terms clearly.

In today’s world, include AI-specific clauses in agreements. If vendors use AI for data processing, cover algorithmic decision-making, bias mitigation, and transparency.

Let’s talk about…

While checking vendors is crucial, another issue from this breach is the lack of two-factor authentication (2FA) in gaming platforms.

Some publishers hesitate to add 2FA, fearing it might annoy users. But what’s worse: a bit of inconvenience or losing accounts, identities, and in-game stuff to cybercriminals?

Gamers build up their accounts and virtual worlds for years. Without 2FA, these become easy prey once credentials leak. The damage to trust, retention, and costs can be huge.

Even with 2FA, the method matters. SMS-based 2FA is risky to SIM swapping and phishing. App-based authenticators or hardware tokens are safer choices for serious security.

Game publishers should see strong authentication as a must, not a hassle. It’s key to shield loyal users from credential attacks.

There’s no magic fix, but…

There’s no one solution to stop vendor breaches. But with multi-layered due diligence, legal protections in contracts, compliance reviews, 2FA for all accounts, and clear AI rules, companies can cut their risk.

  • Set up multi-layered vendor checks to stay safe.

  • Make sure contracts have all the needed legal safeguards.

  • Do yearly compliance reviews and audits to stay on track.

  • Enforce 2FA for all users to add a strong layer of security.

  • Make sure AI use follows clear rules in contracts and operations.

Getting it wrong isn’t just a theory anymore. It’s happening, and it’s hitting companies where it hurts—their customers and reputation.

In the end, remember…

The Steam breach is a wake-up call. Whether you’re in gaming, fintech, or healthcare, your brand and customer data are only as safe as your weakest vendor.

Formiti is here to help you stay ahead of these risks. Our Outsourced Data Protection Officer (DPO) Service gives expert guidance across your data network. And our RapidRedline Contract Review Service ensures your vendor agreements are top-notch in data protection compliance.

With Formiti, you get more than just compliance. You get peace of mind, knowing your data protection plan is ready for whatever comes next.

Tagged In

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *