Path of Exile 2 Addresses Security Breach

Path of Exile 2 Developer Addresses Major Data Breach

Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach earlier this month. The breach stemmed from a compromised Steam test account with administrative privileges. This compromised account allowed unauthorized access to over 66 player accounts.

Enhanced Security Measures Implemented

The breach involved a long-standing test account lacking crucial security measures like phone number and address verification. Exploiting this vulnerability, the attacker successfully convinced Steam support to grant access using minimal information. This allowed the attacker to reset passwords on multiple PoE 1 and PoE 2 accounts, leveraging internal customer support tools. Furthermore, the attacker deleted password change notifications, concealing their actions from affected users.

Sensitive data accessed included email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. Grinding Gear Games acknowledges the potential misuse of this information and the risk to players' other online accounts.

In response, the developers have implemented stricter security protocols for administrative accounts, including the prohibition of third-party account linking and enhanced IP restrictions. They expressed deep regret for the security lapse and pledged to take further preventative measures to avoid future incidents.

Community response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA) for enhanced security. While the addition of 2FA remains pending, players are urged to change their passwords and remain vigilant regarding their account information.