Path of Exile 2 Confirms Data Breach

Summary

• Path of Exile 2 developer Grinding Gear Games has confirmed a data breach that occurred during the week of January 6, 2025, due to a compromised developer's account linked to Steam.
• The breach resulted in the compromise of player data including email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes.

Grinding Gear Games recently disclosed that Path of Exile 2 suffered a data breach after a developer's admin account was hacked. The breach occurred because the compromised account was linked to an old Steam account used for testing purposes, which allowed unauthorized access to the developer's tools. In response, Grinding Gear Games swiftly locked the affected account and enforced password resets across all admin accounts to bolster security.

Following its early access launch in December 2024, Path of Exile 2 has seen a robust player base, sustained by regular updates and developer communication. The latest update enhanced performance on PlayStation 5, addressing issues with monsters, skills, and damage. With the next major patch on the horizon, Grinding Gear Games addressed the data breach to keep players informed before diving into new content.

The breach came to light through a notice on the official Path of Exile 2 forum, revealing that an admin account was compromised, granting access to customer support tools. The investigation showed that the attacker exploited a now-fixed bug to delete logs and change passwords on 66 accounts. While no passwords or password hashes were directly accessible, the attacker could potentially use the compromised email addresses to bypass region locks on Steam-linked accounts. Additionally, some account transaction and private message histories were viewed.

To prevent future breaches, Grinding Gear Games has implemented stricter measures, including prohibiting third-party account linking to staff accounts and enforcing more stringent IP restrictions.

The community's reaction to the breach has been varied. While some commend the developers for their transparency, others advocate for the addition of two-factor authentication to enhance account security. There's also a call for improvements in game content and adjustments to endgame difficulty in Path of Exile 2.