Path of Exile 2 Data Breach Confirmed

Summary

• Path of Exile 2 developer Grinding Gear Games confirmed a data breach occurring the week of January 6, 2025, resulting from a compromised developer's account linked to Steam.
• The breach compromised player email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes.

Grinding Gear Games, the developer behind Path of Exile 2, has acknowledged a significant data breach affecting the game. The breach was traced back to an unauthorized access to a developer's admin account, which was connected to an old Steam account used for testing purposes. This breach allowed the intruder to access sensitive tools usually reserved for the customer support team. Upon discovering the breach, Grinding Gear Games swiftly locked the compromised account and enforced password resets across all admin accounts.

Following the early access launch of Path of Exile 2 in December 2024, the game has enjoyed a robust player base, bolstered by continuous updates and open communication from the developers. A recent update enhanced the game's performance on PlayStation 5, addressing issues related to monsters, skills, and damage. With a major patch on the horizon, the developers have prioritized addressing the data breach before players dive into the new content.

The official Path of Exile 2 forum was updated with a detailed notice from Grinding Gear Games, outlining the breach's specifics. The compromised account allowed the attacker to manipulate other accounts through the developer portal, affecting a significant number of users. The attacker managed to set random passwords for 66 accounts and exploit a bug to delete logs, which has since been fixed. The breach exposed email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. While passwords and password hashes were not directly accessible, the attacker could potentially use the compromised email addresses to bypass region locking on Steam accounts linked to Path of Exile 2.

In response to the breach, Grinding Gear Games has implemented stricter security measures, including prohibiting third-party account linkages to staff accounts and enforcing more rigorous IP restrictions. The community's reaction has been varied, with some appreciating the transparency of the developers, while others demand the addition of two-factor authentication to bolster account security. Players are also calling for enhancements in in-game content and adjustments to the endgame difficulty to ensure a more engaging experience in Path of Exile 2.