Path of Exile 2 Developer Addresses Major Data Breach
Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach earlier this month. The breach stemmed from a compromised Steam test account with administrative privileges. This compromised account allowed unauthorized access to over 66 player accounts.
Security Lapse and its Consequences
The breach involved a long-standing test account lacking robust security measures like phone number or address verification. This vulnerability allowed a hacker to deceive Steam support, gaining access using minimal information (email, account name, and a VPN to mask location). The attacker exploited this access to reset passwords on numerous PoE 1 and PoE 2 accounts, leveraging internal customer support tools. Furthermore, the hacker deleted password change notifications, concealing their actions from affected users.
Sensitive data accessed included email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. Grinding Gear Games acknowledges the potential for malicious use of this stolen information.
Enhanced Security Measures and Player Response
In response, Grinding Gear Games has implemented enhanced security protocols for administrative accounts, including stricter IP restrictions and a prohibition on linking third-party accounts to staff accounts. The company expressed deep regret for the security lapse and pledged to prevent future incidents.
The community's reaction has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA) to bolster account security. While the addition of 2FA remains pending, players are urged to change their passwords and remain vigilant about their account information.
