Heads up to Steam users - Elden Ring Beta Invites

[12345]

Something is currently going on with Steam in that people are getting friend invites through Steam messages to an Elden Ring Beta friend invite, urging people to click the link. There is also a legitimate Beta for the game going on now, but those invites are going to emails that people signed up for.

If a person does click the link it seems it will send the message to everyone on your friends list and then block those friends. No idea what else it might do to your Steam account.

The email says nothing about a friend invite, it just seems whoever is doing this set it up to capitalize on the beta.

I also found this article that says that beta invites are so in demand that scalpers are reselling them for hundreds of dollars.

TL;DR if you signed up for the Elden Ring beta, wait for the email.

 

[Breadbassket]

From the way its described this seems like a wide-scale phishing operation.

 

[The Luigi Player]

Good thing I can't run elden ringer

 

[Generic Anime Girl]

Elden ring would blow up my computer for sure

 

[David Brown]

Bloodborne on Shadps4 chads stay fucking winning

 

[LowlyPheasent]

After looking at it, it pops up a fake steam page asking for creds to log in. There's been similar scams with CSGO shit in the past too. It's a phishing scam.

 

[Patrick Bait-man]

If you're not retarded and know anything about Internet safety, it's to not click on unknown links from unknown people. It's pretty obvious this is a phishing scam.

 

[Mr. Racewar1488]

Saar, this is Russel from Fromsoft technical support, if you want to access the beta of Elden Ring please go to your nearest Target and buy three $500 Google Play cards.

No, do not redeem! DO NOT REDEEM!

 

[rel=alternate]

Saar, this is Russel from Fromsoft technical support, if you want to access the beta of Elden Ring please go to your nearest Target and buy three $500 Google Play cards.

No, do not redeem! DO NOT REDEEM!

Can I send you a check?

I have a check for a thousand dollars ready to go. I'll let you keep $700 if you can Western Union $300 to my brother once you cash it in.

It's all legit, it's just I can't cash it in at this moment, my assistant was in an accident, and my brother is stuck in Nigeria because of the war (he is a soldier).

This may lead to a full time position.

 

[The Mass Shooter Ron Soye]

Elden ring would blow up my computer for sure

Doesn't that game run on the Steam Deck at 720p30?

 

[BradeRunna]

I don't own Elden Ring....yet.

 

[LifeAlert]

Is this related to the Gmail AI phishing attacks that were scheduled to happen today?

https://www.forbes.com/sites/daveywinder/2024/12/21/notorious-ransomware-gang-warns-new-attacks-incoming-on-feb-3-2025/

https://archive.ph/0etBR

https://www.forbes.com/sites/daveywinder/2025/02/03/shocking-ai-email-attack-warning-hackers-create-critical-threat-for-5/

https://archive.ph/CrDHq

 

[GeorgeFloydFentanylStash]

Doesn't that game run on the Steam Deck at 720p30?

Yes it does. Bought it on sale after getting my Steamdeck. Stopped playing it 20 hours in to the game. Figured there were other games worth my time over dying and learning how to beat a boss.

 

[ZMOT]

 

[anti SJW]

Major Steam Leak

Hopefully you have 2FA

 

[CreamyHerman’s]

Major Steam Leak

Hopefully you have 2FA

Actually the 2FA is the source of the leak. 2FA niggers get fucked

 

[seri0us]

the 2FA is the source of the leak

[citation needed]

 

[Hellwalker]

Actually the 2FA is the source of the leak. 2FA niggers get fucked

Don't 2FA codes...expire? Nobody should be worried that a shit ton of 2FA codes are out there in someone elses hands, since they're fucking useless by now.

 

[CreamyHerman’s]

[citation needed]

It's in the article, Twilio is the source

https://x.com/MellowOnline1/status/1921682082025115818

 

[seri0us]

It's in the article, Twilio is the source

https://x.com/MellowOnline1/status/1921682082025115818

The first port of call was Valve itself, but that didn't seem to be the source. Fingers then pointed at Twilio, stating that it handled Steam's 2FA systems and that the leak occurred from within its systems, but Valve then got in touch with MellowOnline1 and claimed that it had never used Twilio.

The article now has a new update, fwiw:

UPDATE: 2025/05/14 19:52 EST BY SIMON BATT

Twilio denies leaking data as more details emerge

Now that the news has had time to go around, we have a statement from Twilio that matches the Valve spokesperson's claim made below. In a message to Bleeping Computer, a Twilio spokesperson said the following:

"There is no evidence to suggest that Twilio was breached. We have reviewed a sampling of the data found online, and see no indication that this data was obtained from Twilio."

We've looked at the leaked data, and we can see why Twilio was mentioned in the first place. The file specifically names Twilio in the spreadsheet as one of the vendors, but given that both Valve and Twilio have denied the leak, it raises more questions than answers. Bleeping Computer suspects that the data came from an SMS provider that handled messages between Twilio and Steam, as the leaked messages show one-time access codes and tie phone numbers to accounts.

While we're still unsure as to where this data came from, it's worth erring on the side of caution and using 2FA to secure your Steam account.