Path of Exile 2 Issues Apology for Data Breach

Grinding Gear Games, the developer behind Path of Exile (PoE), has issued a heartfelt apology following a significant security breach. The incident, which affected the eagerly anticipated Path of Exile 2, stemmed from a compromised test Steam account with administrative privileges. Here's a detailed look at the breach and the subsequent steps taken by the developers.

Over 66 Accounts Compromised

In a post titled "Data Breach Notification" on the official PoE forums, Grinding Gear Games explained the nature and extent of the breach. A hacker gained access to a Steam account used for testing purposes, which had admin rights but no personal information linked to it. Using this account, the attacker was able to change the passwords of 66 different PoE 1 and PoE 2 accounts. The hacker cleverly impersonated the account owner by providing basic information like the email address and account name, coupled with a VPN to mimic the same country's location.

The breach extended beyond mere password changes. The hacker managed to delete notifications about these changes, effectively covering their tracks. This allowed them to access sensitive personal data, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. Such information could potentially be used for malicious purposes, endangering the affected users' other online accounts.

Developers Promise Better Security Measures

Grinding Gear Games has taken immediate action to bolster security. "We have taken steps to ensure that there are more security measures around admin accounts so that this cannot happen again," the developers stated. They have implemented stricter IP restrictions and prohibited the linking of any third-party accounts to staff accounts. The company expressed deep regret for the security lapse and committed to further enhancing security protocols to prevent future incidents.

The community's response on the forum was mixed. Some players praised the developers for their transparency and quick response, while others suggested implementing two-factor authentication (2FA) to enhance account security. Grinding Gear Games has not yet announced plans for 2FA, but players are encouraged to change their passwords and remain vigilant about their account information in the meantime.

This breach serves as a stark reminder of the importance of robust security measures in the gaming industry. Grinding Gear Games' commitment to improving security is a step in the right direction, but ongoing vigilance and updates will be crucial to maintaining player trust and safeguarding their data.