Path of Exile 2 Apologizes for Major Data Breach

Path of Exile 2 Developer Addresses Major Data Breach

Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach earlier this month. The breach stemmed from a compromised Steam test account possessing administrator privileges. This allowed unauthorized access to over 66 player accounts.

Enhanced Security Measures Promised

The breach involved a long-standing test account lacking crucial security features like linked phone numbers or addresses. This vulnerability allowed a hacker to successfully impersonate the account holder to Steam support, gaining access using minimal information (email, account name, and a VPN masking location).

The hacker exploited this access to reset passwords on numerous PoE 1 and PoE 2 accounts, cleverly deleting password change notifications to avoid detection. Sensitive data accessed included email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. Grinding Gear Games acknowledges the potential for misuse of this stolen information.

In response, the developers have implemented stricter security protocols for administrator accounts, including enhanced IP restrictions and a ban on linking third-party accounts to staff accounts. They expressed deep regret for the security lapse and pledged to take further steps to prevent future incidents.

The community response has been mixed, with praise for the developer's transparency alongside calls for the immediate implementation of two-factor authentication (2FA). While the addition of 2FA remains pending, players are urged to change their passwords and remain vigilant about their account security.