Path of Exile 2 Issues Apology for Data Breach

Grinding Gear Games, the developer behind Path of Exile, has issued a heartfelt apology following a significant security breach. The incident, which involved a compromised test Steam account with admin rights, has affected numerous players. Let's delve into the details of what transpired and the steps being taken to safeguard the community's data.

Over 66 Accounts Compromised

In an official post titled "Data Breach Notification" on the Path of Exile forums, Grinding Gear Games outlined the breach that took place earlier this month. A hacker gained access to a Steam account designated for testing purposes, which had administrative privileges. This account, devoid of personal information such as purchases, phone numbers, or addresses, was exploited by the attacker who successfully convinced Steam's customer support to grant them access using minimal information, including an email address, account name, and a VPN to mimic the account's country of origin.

The hacker then used the tools typically available to customer support agents to reset passwords on 66 different accounts for both Path of Exile and Path of Exile 2. They also managed to delete the password change notifications, effectively concealing their actions from the account holders. This breach allowed the hacker to access sensitive personal information, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. Such data could be used maliciously, potentially compromising other accounts linked to these users.

Grinding Gear Games has responded swiftly to enhance security measures. "We have taken steps to ensure that there are more security measures around admin accounts so that this cannot happen again," the developers stated. They have implemented stringent IP restrictions and prohibited the linking of any third-party accounts to staff accounts. Acknowledging the lapse, the team expressed deep regret and committed to further reinforcing security protocols to prevent future incidents.

The community's response on the forum thread has been mixed, with some players appreciating the transparency of Grinding Gear Games despite the breach, while others have called for the implementation of two-factor authentication (2FA) to enhance account security. While the developers have not yet announced plans to implement 2FA, it's a critical step that could significantly bolster user protection.

In the meantime, Path of Exile players are encouraged to change their passwords and remain vigilant about their account information. Grinding Gear Games continues to prioritize the security of its player base, promising ongoing improvements to their security infrastructure to ensure a safer gaming environment.