Path of Exile 2 Apologizes for Major Data Breach

Path of Exile 2 Developer Addresses Significant Data Breach

Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a data breach affecting over 66 accounts. The breach stemmed from a compromised Steam test account possessing administrative privileges. This article details the incident and the steps taken to mitigate further risks.

Security Lapse and its Fallout

A hacker exploited a long-standing, unsecured test Steam account. Lacking purchase history, phone number, or address association, the attacker successfully deceived Steam support, gaining access using minimal identifying information (email, account name, and a VPN masking location).

The hacker then used internal support tools to reset passwords on numerous PoE 1 and PoE 2 accounts. Stealthily deleting password change notifications, the attacker accessed sensitive data including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. This compromised information poses a significant risk to affected users' other online accounts.

Grinding Gear Games' Response and Future Security Measures

Grinding Gear Games acknowledged the security lapse, stating that more robust measures should have been in place to protect admin accounts. They've implemented stricter security protocols, including eliminating third-party account linking for staff accounts and enhancing IP restrictions. The company expressed deep regret for the incident and committed to preventing future occurrences.

The community response has been mixed, with some praising the developer's transparency, while others advocate for the immediate implementation of two-factor authentication (2FA). While 2FA is not yet confirmed, players are urged to change their passwords and remain vigilant regarding account security.