Path of Exile 2 Apologizes for Major Data Breach

Grinding Gear Games, the developer behind Path of Exile (PoE), has issued a heartfelt apology following a significant security breach that affected the game earlier this month. The breach, detailed in a post titled "Data Breach Notification" on the official PoE forums, involved a compromised test Steam account with admin rights, which was exploited by a hacker.

Over 66 Accounts Compromised

The hacker managed to access this admin account, which was originally created for testing purposes and lacked any linked personal information such as purchases, phone numbers, or addresses. By impersonating the account holder with minimal information—like the email address, account name, and using a VPN to match the country of origin—the attacker convinced Steam's customer support to grant them access. Once in, the hacker used the company's customer support tools to reset passwords on 66 different PoE 1 and PoE 2 accounts, cleverly deleting the notifications of these changes to avoid detection.

The breach extended beyond mere password changes; the hacker accessed sensitive personal data including email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. They also viewed transaction histories and private messages of some accounts. This information could potentially be used maliciously against the affected users' other online accounts.

Developers Promise Better Security Measures

In response to the incident, Grinding Gear Games has promised to enhance security protocols. They've implemented stricter IP restrictions and prohibited the linking of any third-party accounts to staff accounts. The developers expressed deep regret over the lapse in security and acknowledged that better measures should have been in place earlier. They committed to further strengthening security to prevent future breaches.

Community response on the forum was mixed, with some players appreciating the transparency of the developers despite the security lapse, while others pushed for the implementation of two-factor authentication (2FA) to bolster account security. As the community awaits potential 2FA implementation, players are advised to change their passwords and remain vigilant about their account information.