Path of Exile 2 Apologizes for Major Data Breach
- By Ellie
- Feb 18,2025
Path of Exile 2 Developer Addresses Major Data Breach
Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach earlier this month. The breach stemmed from a compromised Steam test account possessing administrator-level access. This allowed the attacker to reset passwords on over 66 Path of Exile accounts (both PoE 1 and PoE 2).
The Breach: How it Happened
The compromised account, an old test account lacking associated purchase history, phone number, or address, was vulnerable due to insufficient security measures. The attacker successfully impersonated the account owner to Steam support, providing minimal information (email address, account name, and a VPN masking their location) to gain control. This allowed them to leverage internal customer support tools to reset passwords on numerous accounts. Further, the attacker deleted password change notifications, concealing their actions from affected users.
The attacker gained access to sensitive user data, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. This compromised information poses a significant risk of further exploitation.
Grinding Gear Games' Response and Future Security Measures
Grinding Gear Games acknowledges the security lapse and has committed to implementing enhanced security protocols. These include stricter restrictions on administrator accounts, prohibiting third-party account links to staff accounts, and significantly tightening IP restrictions. The developers expressed deep regret for the incident and pledged to prevent future occurrences.
Player Response and Recommendations
The community response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA). Players are urged to change their passwords and remain vigilant regarding their account security. The addition of 2FA is highly recommended as a preventative measure against future breaches.
