Path of Exile 2 Developer Addresses Data Breach Affecting Player Accounts
Grinding Gear Games, the developer behind Path of Exile 2, recently disclosed a data breach that occurred the week of January 6, 2025. The breach stemmed from a compromised developer account linked to Steam. A significant number of player accounts were affected, resulting in the exposure of sensitive information.
The compromised data included email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. While passwords and password hashes were not directly accessible via the compromised portal, the risk of password reuse across platforms remains a concern. The attacker also managed to alter passwords on 66 accounts and exploit a bug to delete activity logs, hindering the investigation. This bug, specific to log deletion, has since been patched. In some instances, the attacker accessed transaction and private message histories.
Grinding Gear Games has taken immediate action, including locking the compromised account, initiating password resets for all admin accounts, and implementing stricter security measures. These measures include eliminating the linking of third-party accounts to staff accounts and significantly tightening IP restrictions.
The developer's transparency regarding the breach has been met with a mixed response from the community. While some players commend their open communication, others advocate for the implementation of two-factor authentication to enhance account security. Concerns regarding overall account security and game balance adjustments, particularly endgame difficulty, have also been raised. The company is actively working to improve security protocols to prevent future incidents.
![Image: Illustrative image related to the Path of Exile 2 data breach. (Replace with actual image if available)]
