Data Breach Confirmed for Path of Exile 2

Summary

Grinding Gear Games, the developer behind Path of Exile 2, has confirmed a data breach that occurred during the week of January 6, 2025. The breach stemmed from a compromised developer's admin account, which was linked to an old Steam account used for testing. This incident exposed sensitive information including player email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes.

Following the breach, Grinding Gear Games took immediate action by locking the compromised account and resetting passwords for all other admin accounts. They also identified and fixed a bug that allowed the attacker to delete logs, preventing further unauthorized access. The breach affected a significant number of accounts, with the attacker changing passwords on 66 accounts and accessing transaction and private message histories.

In response to the breach, Grinding Gear Games has implemented stricter security measures, including prohibiting the linking of third-party accounts to staff accounts and enforcing more stringent IP restrictions. The community has shown a mixed response, appreciating the transparency but also calling for enhanced security features like two-factor authentication, as well as improvements in game content and endgame difficulty.

Since its early access release in December 2024, Path of Exile 2 has continued to engage players with regular updates, including recent enhancements for PlayStation 5 performance and fixes for in-game issues. The developers are preparing to release a major patch, ensuring players are informed about the breach before diving into the new content.

Grinding Gear Games remains committed to improving security to prevent future breaches and enhancing the gaming experience for their dedicated player base.