Path of Exile 2 Apologizes for Data Breach Incident

Grinding Gear Games, the developers behind Path of Exile, have issued a heartfelt apology following a significant security breach that affected their community. The incident, which involved a compromised test Steam account with administrative privileges, has led to immediate action and promises of enhanced security measures. Here's a detailed look at what happened and the steps being taken to prevent future occurrences.

Over 66 Accounts Compromised

In a recent post on the official Path of Exile forums titled "Data Breach Notification," Grinding Gear Games outlined the breach's specifics. A hacker gained access to a Steam account used for testing purposes, which had administrative rights but no linked personal information such as purchases, phone numbers, or addresses. The attacker exploited this vulnerability by convincing Steam customer support to grant access using minimal information, including the email address, account name, and a VPN to mimic the account's country of origin.

Once inside, the hacker used customer support tools to change passwords on 66 different Path of Exile 1 and 2 accounts. They also managed to delete notifications of these changes, effectively covering their tracks. This breach allowed access to sensitive data such as email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. The potential misuse of this information poses a significant risk to the affected users' other online accounts.

"We have taken steps to ensure that there are more security measures around admin accounts so that this cannot happen again. No third-party accounts are allowed to be linked to any staff accounts, and we have added significantly more stringent IP restrictions. We are incredibly sorry for this lapse in security. The measures taken to secure the admin website really should have already been in place, and in the future, we will be taking even more steps to ensure that this kind of issue never occurs again," the developers stated in their apology.

The community's response on the forum thread was mixed, with some players appreciating the transparency of Grinding Gear Games despite the security lapse. Others called for the implementation of two-factor authentication (2FA) to bolster account security. While the developers have not yet announced plans for 2FA, they are committed to enhancing security protocols.

In light of this breach, Path of Exile players are advised to change their passwords and remain vigilant about their account information. As Grinding Gear Games continues to fortify their security measures, the community hopes for a safer gaming environment in the future.