Data Breach Apology from Path of Exile 2

Path of Exile 2 Developer Addresses Major Data Breach

Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach. The breach stemmed from a compromised test Steam account possessing administrator privileges. Over 66 accounts were affected.

Enhanced Security Measures Promised

The breach involved a compromised Steam account with administrative access to the game's systems. The attacker exploited vulnerabilities in Steam's support system, leveraging minimal account information (email, username, and VPN-masked location) to gain control. The age and lack of linked personal information on the test account facilitated this deception.

The attacker used internal tools to reset passwords on 66 Path of Exile accounts (across versions 1 and 2), cleverly deleting password change notifications to remain undetected. Sensitive data accessed included email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. This compromised information poses a substantial risk to affected users.

Grinding Gear Games has pledged to implement stricter security protocols for administrator accounts, including eliminating third-party account links and enhancing IP restrictions. The company expressed deep regret for the security lapse and committed to preventing future occurrences.

Player responses to the announcement ranged from appreciation for the developer's transparency to calls for the immediate implementation of two-factor authentication (2FA). While 2FA remains a future goal, players are advised to change their passwords and remain vigilant regarding their account security.