Path of Exile 2 Responds to Major Data Breach

Path of Exile 2 Developer Addresses Significant Data Breach

Grinding Gear Games, the studio behind Path of Exile, has issued a public apology following a data breach impacting over 66 accounts. The breach stemmed from a compromised Steam test account possessing administrator privileges. This article details the incident and the subsequent security measures implemented by the developers.

Security Lapse Detailed

A compromised Steam account, established for testing purposes and lacking linked personal information (phone number, address), was exploited. The attacker successfully impersonated the account holder to Steam support, gaining access using minimal information (email address, account name, and VPN-masked location).

Subsequently, the attacker leveraged internal support tools to reset passwords on 66 Path of Exile 1 and 2 accounts. The attacker cleverly deleted password change notifications, concealing their actions from account owners. Sensitive data accessed included email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. This compromised information poses a significant risk to affected users.

Enhanced Security Measures Implemented

Grinding Gear Games has responded by implementing enhanced security protocols for administrator accounts. These measures include stricter IP restrictions and a prohibition on linking third-party accounts to staff accounts. The developers acknowledge the security lapse and express regret for the incident. They commit to further strengthening security measures to prevent future occurrences.

Community Response and Recommendations

The community's response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA). While the addition of 2FA remains pending, players are urged to change their passwords and remain vigilant about their account security.