Path of Exile 2 Apologizes for Major Data Breach

Path of Exile 2 Developer Addresses Major Data Breach

Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach earlier this month. The breach stemmed from a compromised test Steam account possessing administrator-level access. This resulted in the unauthorized alteration of passwords for over 66 Path of Exile accounts (across PoE 1 and PoE 2).

Enhanced Security Measures Promised

The breach exploited a long-standing, unsecured test account lacking crucial security features like linked phone numbers or addresses. This allowed the attacker to successfully impersonate the account holder to Steam support, gaining access using minimal information (email address, account name, and a VPN masking their location).

The attacker's actions included deleting password change notifications, preventing affected users from being alerted. Access to sensitive data, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages, was gained. Grinding Gear Games acknowledges the potential misuse of this stolen information.

In response, the developers have implemented stricter security protocols for administrator accounts, including eliminating third-party account linking and significantly tightening IP restrictions. They expressed deep regret for the security lapse and pledged further improvements to prevent future occurrences.

The community response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA). While the addition of 2FA remains pending, players are urged to change their passwords and remain vigilant regarding their account security.