Path of Exile 2 Apologizes for Major Data Breach

Path of Exile 2 Developer Addresses Significant Data Breach

Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a data breach impacting over 66 accounts. The breach stemmed from a compromised Steam test account possessing administrator privileges. This article details the incident and the steps taken to mitigate further risks.

Security Lapse and Aftermath

A hacker exploited a long-standing, unsecured test account lacking crucial security features like phone number or address verification. Using only basic account information and a VPN to mask their location, the attacker successfully deceived Steam support, gaining access to the admin account.

The hacker then reset passwords on 66 accounts, cleverly deleting password change notifications to avoid detection. Compromised data included email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. This sensitive information poses a significant risk to affected users.

Enhanced Security Measures and Player Response

Grinding Gear Games has acknowledged the security failings and outlined implemented changes, including stricter access controls for admin accounts and enhanced IP restrictions. They emphasized their regret for the lapse and their commitment to preventing future incidents.

The community response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA) for enhanced account security. While the addition of 2FA remains pending, players are urged to change their passwords and remain vigilant about their account information. The initial breach image is shown below.