[AStonesThrow]

Hmm, so the leak did include valid mobile phone numbers of that many Steam subscribers. I suppose that could be valuable intel to someone, down the line.

One of my friends was known to quip that Steam had better security than most banks, even in the early days. And it's true that Steam accounts host data and purchases that are quite valuable to the customers, as well as highly attractive to thieves, so customers do well to protect their accounts to the fullest extent.

A long time ago I was the holder of a Steam account, and I was once notified in email that someone had successfully entered both my username and password, since the password was trivial and/or reused from some other account I had. Since the account was still protected by MFA, I chose to take no action at all. But I believe that the perpetrator had some sort of Russian connection, IPv4 geolocation or something. But it was clearly an instance of: https://m.xkcd.com/2176/