Path of Exile 2 Developer Addresses Major Data Breach

Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach earlier this month. The breach stemmed from a compromised Steam test account possessing administrator privileges. This compromised account allowed unauthorized access to over 66 player accounts.

Security Lapse Detailed

The breach involved a long-standing test account lacking crucial security features like linked phone numbers or addresses. Exploiting this vulnerability, the attacker successfully convinced Steam support to grant access using minimal information, including the email address and account name, aided by a VPN to mask their location.

Further complicating matters, the attacker cleverly deleted password change notifications, preventing affected users from immediately noticing the compromise. The breach resulted in the exposure of sensitive data, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, and partial transaction and private message histories. This information poses a considerable risk to affected players.

Enhanced Security Measures Implemented

Grinding Gear Games has acknowledged the security lapse and outlined steps to prevent future incidents. These include stricter security protocols for administrator accounts, prohibiting the linking of third-party accounts to staff accounts, and implementing more robust IP restrictions. The developer expressed sincere regret for the breach and emphasized its commitment to enhanced security measures.

The community response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA). While the addition of 2FA remains pending, players are urged to change their passwords and remain vigilant about their account security.