PoE 2 Confirms Data Incident

Path of Exile 2 Developer Acknowledges Data Breach from Compromised Employee Account

Grinding Gear Games, the developer behind Path of Exile 2, has confirmed a data breach that occurred the week of January 6, 2025. The breach stemmed from a compromised developer account linked to Steam. This unauthorized access exposed sensitive player information, including email addresses, Steam IDs, IP addresses, and potentially other details.

The breach exploited a developer's admin account, granting the attacker access to tools typically used by Path of Exile 2's customer support team. Grinding Gear Games swiftly responded by locking the compromised account and initiating password resets for all other admin accounts. Investigation revealed the compromised account was linked to an old, inactive Steam account used for testing purposes. While this Steam account contained no personal or financial information, access to the linked Path of Exile 2 account allowed the attacker to access the developer portal.

A significant number of player accounts were affected, with compromised data including email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. While passwords themselves were not directly accessible, the potential for the attacker to cross-reference compromised email addresses with publicly available password lists to circumvent region locks remains a concern. In some instances, transaction and private message histories were also viewed.

Grinding Gear Games has implemented several security enhancements to prevent future breaches. Third-party account linking to staff accounts has been disabled, and IP restrictions have been significantly tightened. The company has also addressed a bug that allowed the attacker to delete logs.

Player reaction to the breach has been varied. While some commend the developer's transparency, others advocate for the implementation of two-factor authentication for Path of Exile 2 accounts. Many players also express a desire for broader security improvements and adjustments to in-game content and endgame difficulty. The company is actively working to address these concerns.

(Placeholder image - Replace with actual image if available)

(Placeholder image - Replace with actual image if available)

(Placeholder image - Replace with actual image if available)

(Note: Replace "https://images.dshu.nethttps://images.dshu.nethttps://images.dshu.netplaceholder_image.jpg" with the actual image URLs from the original input. I cannot directly display images.)