Path of Exile 2 Developer Addresses Major Data Breach
Grinding Gear Games, the studio behind Path of Exile, has issued a public apology following a significant data breach impacting over 66 player accounts. The breach stemmed from a compromised Steam test account with administrative privileges. This article details the events and the steps taken to prevent future occurrences.
Compromised Admin Account Led to Data Breach
A hacker gained unauthorized access to a long-standing Steam account used for internal testing purposes. This account, lacking security measures like linked phone numbers or addresses, was exploited. Using only basic account information and a VPN to mask location, the hacker successfully deceived Steam support, gaining control.
The attacker then used internal support tools to reset passwords on 66 accounts across Path of Exile 1 and 2. Further, they cleverly deleted password change notifications, concealing their actions from affected players. The breach exposed sensitive data, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. This compromised information poses a significant risk to players' other online accounts.
Grinding Gear Games Responds with Enhanced Security
Grinding Gear Games has pledged to implement stronger security protocols to prevent future breaches. These measures include enhanced restrictions on administrative accounts, prohibiting third-party account linking, and significantly tightening IP address restrictions. The company expressed deep regret for the security lapse and committed to ongoing improvements.
The community response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA). While the addition of 2FA remains pending, players are urged to change their passwords and remain vigilant regarding their account security.
