"Path of Exile 2 Announces Data Breach Incident"

Summary

Grinding Gear Games, the developers behind Path of Exile 2, have confirmed a data breach that occurred during the week of January 6, 2025. The breach was initiated when a user gained access to a developer's admin account, which was connected to Steam. This unauthorized access led to the compromise of player data, including email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes.

The breach was traced back to a developer's old Steam account used for testing, which inadvertently provided the attacker with enough information to compromise the Path of Exile account. The developers swiftly responded by locking the affected account and resetting passwords for all other admin accounts. They also discovered and fixed a bug that allowed the attacker to delete logs, which had facilitated the breach.

Grinding Gear Games confirmed that while passwords and their hashes were not accessible through the customer service portal, the attacker could potentially use the compromised email addresses to attempt bypassing region locks on Steam-linked accounts. Additionally, the attacker accessed transaction and private message histories for some accounts.

To prevent future incidents, Grinding Gear Games has implemented stricter security measures, including prohibiting the linking of third-party accounts to staff accounts and enforcing more stringent IP restrictions.

Following the early access release of Path of Exile 2 in December 2024, the game has retained a strong player base, supported by regular updates and developer communication. The most recent update enhanced performance on PlayStation 5 and addressed issues with monsters, skills, and damage. The next major patch is set to introduce new content, and the developers addressed the data breach situation prior to its release.

The community's response to the breach has been varied. While some players appreciate the transparency from Grinding Gear Games, others are advocating for the implementation of two-factor authentication. There is also a call for further security enhancements, as well as improvements to in-game content and adjustments to the endgame difficulty in Path of Exile 2.

Grinding Gear Games has updated their official Path of Exile 2 forum with details about the breach, emphasizing their commitment to improving security for both Path of Exile 2 and its predecessor, which share a single login system.