Path of Exile 2 Apologizes for Major Data Breach

Path of Exile 2 Developer Addresses Major Data Breach

Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach earlier this month. The breach stemmed from a compromised Steam test account possessing administrator privileges. The incident resulted in the unauthorized access and alteration of over 66 player accounts.

Security Lapse Detailed

The breach was facilitated by a hacker gaining control of an outdated test Steam account. This account, lacking typical security measures like linked phone numbers or addresses, was vulnerable to social engineering. The attacker successfully impersonated the account holder to Steam support, using minimal information to gain access.

Using internal support tools, the hacker changed passwords on numerous PoE 1 and PoE 2 accounts. Furthermore, they deleted password change notifications, concealing their actions from affected players. Sensitive data accessed included email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages.

Enhanced Security Measures Implemented

Grinding Gear Games has acknowledged the security lapse and outlined steps taken to prevent future incidents. These include enhanced security protocols for administrator accounts, eliminating the use of third-party account links for staff, and implementing stricter IP restrictions.

The developer's statement emphasized regret for the security failure and a commitment to preventing similar breaches. The community response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA). While 2FA remains pending, players are urged to change their passwords and remain vigilant about account security.