Path of Exile 2 Developer, Grinding Gear Games, Announces Data Breach
Grinding Gear Games has confirmed a data breach affecting Path of Exile 2 accounts that occurred the week of January 6th, 2025. The breach stemmed from a compromised developer account linked to Steam.
Compromised Information: A significant number of player accounts were impacted. The compromised data includes email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. While passwords and password hashes were not directly accessible, the potential for attackers to utilize compromised email addresses and password lists from other sources to circumvent region locks exists. Some accounts also had transaction and private message history accessed.
Breach Details: The breach originated from a developer's compromised admin account, granting unauthorized access to customer support tools. The attacker exploited a now-patched bug to delete logs, hindering the investigation. The compromised Steam account, used for testing purposes, lacked personal financial information but provided access to the developer's Path of Exile account, enabling the attacker to access the developer portal. The attacker changed passwords on 66 accounts.
Grinding Gear Games' Response: The developer immediately locked the compromised account, implemented mandatory password resets for all admin accounts, and launched a thorough investigation. To enhance security, third-party account linking to staff accounts has been disabled, and IP restrictions have been significantly tightened.
Community Reaction: Player reactions have been varied. While some appreciate the developer's transparency, others are advocating for the implementation of two-factor authentication and further security improvements. Concerns regarding endgame difficulty and in-game content updates have also been voiced.
Image: [Image of Grinding Gear Games' official statement regarding the data breach] (This would be where an image would be placed if one were included in the original text. No image was provided in the input.)
The developer emphasizes its commitment to improving account security and preventing future breaches.
