Path of Exile 2 Data Breach Acknowledged

Path of Exile 2 Developer Addresses Major Data Breach

Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach. The breach stemmed from a compromised Steam test account possessing administrative privileges. This resulted in the unauthorized alteration of passwords for over 66 Path of Exile accounts (both PoE 1 and PoE 2).

Enhanced Security Measures Promised

The breach involved a long-standing test account lacking crucial security features like linked phone numbers or addresses. Exploiting this vulnerability, the attacker successfully deceived Steam support, gaining access using minimal information (email, account name, and VPN masking location). Further complicating matters, the attacker deleted password change notifications, effectively concealing their actions.

The compromised account granted access to sensitive user data, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. Grinding Gear Games acknowledges the potential misuse of this information and the resulting risk to affected players.

In response, the developer has implemented enhanced security protocols for administrative accounts. These include stricter IP restrictions and the prohibition of third-party account linking to staff accounts. While acknowledging the security lapse, Grinding Gear Games emphasizes its commitment to preventing future incidents.

The community response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA). While the future inclusion of 2FA remains unconfirmed, players are urged to change their passwords and remain vigilant regarding account security.