Path of Exile 2 Apologizes for Major Data Breach

Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant security breach affecting their game. This breach, which compromised over 66 accounts, was caused by a hacker gaining access to a test Steam account with admin rights. Read further to understand the incident and the steps taken by the developers to mitigate future risks.

Over 66 Accounts Compromised

In a detailed post on the official Path of Exile forums titled "Data Breach Notification," Grinding Gear Games explained the sequence of events leading to the breach. A hacker managed to compromise a Steam account used for testing purposes, which had admin access. This account, lacking any linked purchases, phone numbers, or addresses, was easily overtaken by the attacker who used basic information and a VPN to deceive Steam's customer support into granting access.

The hacker then utilized customer support tools to reset passwords on 66 different accounts across Path of Exile 1 and 2. They further deleted notifications of these changes, effectively covering their tracks. This breach allowed the hacker to access sensitive personal data including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. Such information could potentially be used maliciously against the affected users.

Developers Promise Better Security Measures

In response to the breach, Grinding Gear Games has taken immediate action to bolster security. "We have implemented additional security measures around admin accounts to prevent future incidents," the developers stated. These measures include prohibiting third-party account linkages to staff accounts and enforcing stricter IP restrictions. The developers expressed deep regret for the security lapse and committed to further enhancing security protocols to prevent similar issues in the future.

The community's response on the forum was mixed, with some players appreciating the transparency of Grinding Gear Games, while others called for the implementation of two-factor authentication (2FA) to enhance account security. As the developers consider these suggestions, players are advised to change their passwords and remain vigilant about their account information to safeguard against potential future threats.