Path of Exile 2 Apologizes for Major Data Breach
Grinding Gear Games, the developer behind Path of Exile, has issued a heartfelt apology following a significant security breach. The incident involved a compromised test Steam account with administrative privileges, which led to unauthorized access to multiple user accounts. Learn more about the breach and the steps being taken to enhance security.
Over 66 Accounts Compromised
Earlier this month, a data breach shook the Path of Exile community. In an official post titled "Data Breach Notification" on the Path of Exile forums, Grinding Gear Games outlined the details of the incident. A hacker gained access to a Steam account used for testing, which had admin rights but no linked personal information such as purchases, phone numbers, or addresses. Exploiting this, the attacker tricked Steam's customer support into granting access by using minimal information like the email address and account name, along with a VPN to mimic the account's country of origin.
The hacker used the compromised account to reset passwords on 66 different Path of Exile 1 and 2 accounts, utilizing tools typically employed by customer support. They further concealed their actions by deleting password change notifications, preventing account owners from being alerted. The breach allowed access to sensitive data, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. This information could be used maliciously to target users' other accounts.
Developers Promise Better Security Measures
In response to the breach, Grinding Gear Games has taken immediate action to bolster security. "We have taken steps to ensure that there are more security measures around admin accounts so that this cannot happen again. No third-party accounts are allowed to be linked to any staff accounts, and we have added significantly more stringent IP restrictions," the developers stated. They expressed deep regret for the security lapse and committed to further enhancing security protocols to prevent future incidents.
The community's response on the forum thread was mixed, with some players praising the developers for their transparency and others calling for the implementation of two-factor authentication (2FA) to strengthen account security. While Grinding Gear Games has not yet announced plans for 2FA, players are advised to change their passwords and remain vigilant about their account information to protect themselves in the interim.
