Path of Exile 2 Apologizes for Major Data Breach

Path of Exile 2 Developer Addresses Significant Data Breach

Grinding Gear Games, the studio behind Path of Exile, has issued a public apology following a data breach impacting over 66 player accounts. The breach stemmed from a compromised Steam test account with administrative privileges. This allowed the attacker to reset passwords on numerous PoE 1 and PoE 2 accounts.

The compromised account, utilized for internal testing, lacked crucial security measures such as linked phone numbers or addresses. This vulnerability allowed the attacker to successfully impersonate the account holder to Steam support, gaining access with minimal information.

Further exacerbating the situation, the attacker cleverly deleted password change notifications, concealing their actions from affected players. The breach exposed sensitive data, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. Grinding Gear Games acknowledges the potential for misuse of this information.

In response, Grinding Gear Games has implemented enhanced security protocols for administrative accounts. These measures include stricter IP restrictions and a prohibition on linking third-party accounts to staff accounts. The developers express deep regret for the security lapse and assure players of their commitment to preventing future incidents.

The community response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA). While the addition of 2FA remains pending, players are urged to change their passwords and remain vigilant about their account security.