Path of Exile 2 Data Breach Announcement

Path of Exile 2 Developer Acknowledges Data Breach Following Staff Account Compromise

Grinding Gear Games, the developer behind Path of Exile 2, has confirmed a data breach impacting a significant number of player accounts. The breach, discovered the week of January 6th, 2025, stemmed from a compromised developer account linked to Steam.

Breach Details: The unauthorized access allowed the attacker to view sensitive player data through the developer portal, including email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. While passwords themselves were not directly accessible, the potential for password reuse across platforms remains a concern. In some cases, transaction and private message histories were also viewed. The attacker also managed to alter passwords on 66 accounts and exploit a bug to delete relevant logs. This bug, affecting only log deletion, has since been patched.

Developer Response: Grinding Gear Games immediately responded by securing the compromised account, initiating password resets for all admin accounts, and conducting a thorough investigation. To prevent future incidents, the company has implemented stricter IP restrictions and prohibited linking third-party accounts to staff accounts.

Community Reaction: Player reactions have been varied, with some commending the developer's transparency while others advocate for the implementation of two-factor authentication. Calls for enhanced security measures and adjustments to in-game content and endgame difficulty are also prominent.

Key Takeaways: This incident highlights the vulnerability of even established game developers to sophisticated attacks. The swift response and transparency from Grinding Gear Games are positive, but the incident underscores the ongoing need for robust security practices within the gaming industry and the importance of user vigilance regarding password security.