Path of Exile 2 Apologizes for Major Data Breach

Path of Exile 2 Developer Addresses Major Data Breach

Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach earlier this month. The breach stemmed from a compromised test Steam account possessing administrator privileges. This compromised account allowed unauthorized access to over 66 player accounts.

Security Lapse Detailed

The breach occurred when a hacker gained control of an outdated Steam account used for internal testing. This account lacked crucial security measures like linked phone numbers or addresses, making it vulnerable to social engineering tactics. The hacker successfully impersonated the account holder to Steam support, using minimal information to gain access.

The hacker exploited the compromised account to reset passwords on 66 Path of Exile 1 and 2 accounts, cleverly deleting password change notifications to avoid detection. Sensitive data accessed included email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. This information poses a significant risk to affected players.

Grinding Gear Games acknowledged the security lapse and outlined steps taken to prevent future incidents. These include enhanced security protocols for administrator accounts, prohibiting third-party account links to staff accounts, and implementing stricter IP restrictions.

The community response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA) for enhanced account security. While the developer's response has been positive, players are urged to change their passwords and remain vigilant about their account information. The addition of 2FA remains a highly requested security feature.