Path of Exile 2 Developer Addresses Significant Data Breach
Grinding Gear Games, the studio behind Path of Exile, has issued a public apology following a data breach impacting over 66 player accounts. The breach stemmed from a compromised Steam test account possessing administrative privileges. This allowed the attacker to reset passwords on numerous PoE 1 and PoE 2 accounts.
Enhanced Security Measures Promised
The compromised test account, created years ago, lacked crucial security measures like linked phone numbers or addresses. This vulnerability allowed the attacker to deceive Steam support, gaining access using minimal account information. The attacker further concealed their actions by deleting password change notifications.
The breach resulted in the exposure of sensitive data, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. Grinding Gear Games acknowledges the potential misuse of this information and the resulting risk to players.
In response, the developers have implemented enhanced security protocols for administrative accounts, including stricter IP restrictions and a prohibition on linking third-party accounts to staff accounts. They expressed deep regret for the security lapse and pledged to take further steps to prevent future incidents.
The community response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA). While the addition of 2FA remains pending, players are urged to change their passwords and remain vigilant about their account security.
