Path of Exile 2 Developer Addresses Major Data Breach
Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach earlier this month. The breach stemmed from a compromised Steam test account with administrative privileges. This compromised account allowed unauthorized access to over 66 player accounts.
Security Lapse and Fallout
The breach involved a long-standing test account lacking robust security measures such as phone number or address verification. Exploiting this vulnerability, the attacker successfully deceived Steam support, gaining access using minimal information (email address, account name). The attacker then leveraged internal support tools to reset passwords on numerous PoE 1 and PoE 2 accounts. Further, the attacker cleverly deleted password change notifications, concealing their actions from affected users.
Sensitive data accessed included email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. This compromised information poses a significant risk to affected players, potentially leading to further account compromises.
Response and Prevention
Grinding Gear Games has acknowledged the security lapse and outlined immediate steps to prevent future incidents. These include enhanced security protocols for administrative accounts, prohibiting third-party account linking, and implementing stricter IP restrictions. The developers expressed deep regret for the breach and committed to further strengthening security measures.
The community response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA). While the specifics of future security enhancements remain unclear, players are urged to change their passwords and remain vigilant about their account security.
