Path of Exile 2 Apologizes for Major Data Breach

Path of Exile 2 Developer Addresses Major Data Breach

Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach earlier this month. The breach stemmed from a compromised Steam test account with administrative privileges. The compromised account allowed unauthorized access to over 66 player accounts.

Enhanced Security Measures Promised

The breach involved a long-standing test account lacking typical security measures like linked phone numbers or addresses. This vulnerability allowed a hacker to deceive Steam support, gaining access using minimal information (email address, account name, and a VPN to mask location).

The hacker exploited the account's administrative access to reset passwords on numerous PoE 1 and PoE 2 accounts. Furthermore, the attacker cleverly deleted password change notifications, concealing their actions from affected users. The compromised data included sensitive personal information such as email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. This information poses a substantial risk of misuse by the attacker.

Grinding Gear Games has committed to implementing stricter security protocols for administrative accounts. This includes prohibiting third-party account links to staff accounts and imposing more stringent IP restrictions. The developer acknowledged the security lapse and pledged to take additional steps to prevent future incidents.

The community response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA). While the future implementation of 2FA remains uncertain, players are urged to change their passwords and remain vigilant about their account security.