Path of Exile 2 Developer Addresses Significant Data Breach
Grinding Gear Games, the studio behind Path of Exile, has issued a public apology following a serious data breach earlier this month. The breach stemmed from a compromised Steam test account possessing administrative privileges. This compromised account allowed unauthorized access to over 66 player accounts.
Enhanced Security Measures Promised
The breach involved a long-standing test account lacking typical security measures like linked phone numbers or addresses. This vulnerability allowed a hacker to successfully impersonate the account holder with minimal information, deceiving Steam support and gaining access. Using internal support tools, the attacker reset passwords on numerous PoE 1 and PoE 2 accounts. Further, the hacker cleverly deleted password change notifications, concealing their actions from affected users.
Sensitive data accessed included email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. Grinding Gear Games acknowledges the potential for misuse of this information and the resulting risk to players.
In response, the developers have implemented stricter security protocols for administrative accounts, including eliminating third-party account linking and imposing more rigorous IP restrictions. They expressed deep regret for the security lapse and pledged to take further preventative measures to avoid future incidents.
The community reaction has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA). While the addition of 2FA remains pending, players are urged to proactively change their passwords and remain vigilant about their account security.
