Path of Exile 2 Responds to Major Data Leak

Path of Exile 2 Developer Addresses Major Data Breach

Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach earlier this month. The breach resulted from a compromised test Steam account possessing administrator-level access. Over 66 accounts were affected.

Enhanced Security Measures Promised

The breach stemmed from a compromised Steam account, long-standing and used for testing purposes, lacking crucial security features like linked phone numbers or addresses. This allowed the attacker to successfully impersonate the account holder to Steam support, gaining access using minimal information (email address, account name, and a VPN masking their location).

The attacker exploited the account's admin privileges to reset passwords on 66 PoE 1 and PoE 2 accounts, cleverly deleting password change notifications to avoid detection. Access to sensitive data, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages, was gained. Grinding Gear Games acknowledges the potential misuse of this information.

In response, the developers have implemented enhanced security protocols for admin accounts, including stricter IP restrictions and a ban on linking third-party accounts to staff accounts. They expressed deep regret for the security lapse and pledged to take further steps to prevent future incidents.

The community response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA) for enhanced security. While 2FA's future implementation remains unclear, players are urged to change their passwords and remain vigilant about their account information.