Path of Exile 2 Apologizes for Major Data Breach

Path of Exile 2 Developer Addresses Significant Data Breach

Grinding Gear Games, the studio behind Path of Exile, has issued a public apology following a data breach impacting over 66 accounts. The breach stemmed from a compromised Steam test account possessing administrator privileges. This allowed the attacker to reset passwords on numerous PoE 1 and PoE 2 accounts.

Enhanced Security Measures Promised

The compromised test account, created years ago for internal testing, lacked crucial security measures like linked phone numbers or addresses. This vulnerability allowed the attacker to deceive Steam support, gaining access using minimal information (email, account name, and a strategically used VPN).

The attacker cleverly deleted password change notifications, concealing their actions. Access to sensitive data, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages, was obtained. This raises serious concerns about potential misuse of the stolen information.

Grinding Gear Games has committed to implementing stronger security protocols for administrator accounts, including stricter IP restrictions and prohibiting third-party account linking. They acknowledged the security lapse and pledged to prevent future occurrences.

The community response has been mixed, with some praising the developer's transparency while others advocate for the urgent implementation of two-factor authentication (2FA). Players are advised to change their passwords and remain vigilant about their account security. While the addition of 2FA remains pending, proactive security measures from players are crucial.