PoE2 Data Breach Response

Path of Exile 2 Developer Addresses Major Data Breach

Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach earlier this month. The breach stemmed from a compromised Steam test account possessing administrator privileges. This compromised account allowed unauthorized access to over 66 player accounts.

Enhanced Security Measures Promised

The breach involved a long-standing test account lacking crucial security features like linked phone numbers or addresses. This vulnerability allowed a hacker to successfully impersonate the account owner to Steam support, gaining access using minimal information (email address, account name, and a VPN masking their location).

The hacker exploited this access to reset passwords on numerous PoE 1 and PoE 2 accounts, cleverly deleting password change notifications to avoid detection. Sensitive data accessed included email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. This compromised information poses a significant risk to affected players.

Grinding Gear Games has acknowledged the security lapse and outlined implemented changes: stricter security protocols for admin accounts, prohibiting third-party account links to staff accounts, and significantly enhanced IP restrictions. The company expressed deep regret for the incident and committed to preventing future occurrences.

The community response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA). While 2FA remains pending, players are urged to change their passwords and remain vigilant regarding their account security. The incident serves as a stark reminder of the importance of robust security practices in online gaming.