Path of Exile 2 Apologizes for Privacy Attack

Path of Exile 2 Developer Addresses Major Data Breach

Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach. The breach stemmed from a compromised Steam test account with administrative privileges. Over 66 accounts were affected.

Enhanced Security Measures Promised

The breach involved a long-standing test account lacking typical security measures like linked phone numbers or addresses. This vulnerability allowed a hacker, using minimal information (email address, account name), to deceive Steam support and gain access. The hacker exploited this access to reset passwords on 66 PoE 1 and PoE 2 accounts, cleverly deleting password change notifications to avoid detection.

Sensitive data compromised included email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. Grinding Gear Games acknowledges the potential for malicious use of this information.

The developer's response includes implementing stricter security protocols for admin accounts, prohibiting third-party account linking to staff accounts, and imposing more rigorous IP restrictions. They expressed deep regret for the security lapse and committed to preventing future occurrences.

The community responded with a mix of understanding and concern. While some praised the developer's transparency, others urged the immediate implementation of two-factor authentication (2FA) for enhanced security. Grinding Gear Games hasn't explicitly confirmed 2FA implementation, but players are advised to change their passwords and remain vigilant about account security.