Path of Exile 2 Developer Confirms Data Breach: Player Information Compromised
Grinding Gear Games, the developer behind Path of Exile 2, has confirmed a data breach affecting a significant number of player accounts. The breach, discovered the week of January 6th, 2025, stemmed from a compromised developer account linked to Steam.
The compromised account granted unauthorized access to the developer portal, exposing sensitive player data. This included email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes for a substantial number of accounts. While passwords and password hashes were not directly accessible, the attacker potentially used compromised email addresses to circumvent regional account restrictions. In some cases, transaction and private message history were also viewed.
The breach was facilitated by a now-patched vulnerability that allowed the deletion of activity logs. The attacker exploited this to mask their actions, changing passwords on 66 accounts.
Grinding Gear Games has taken immediate action, including locking the compromised account, implementing mandatory password resets for all admin accounts, and significantly tightening IP restrictions. Furthermore, the linking of third-party accounts to staff accounts has been disabled.
Player reaction has been varied, with some commending the developer's transparency, while others advocate for the implementation of two-factor authentication. Concerns regarding overall account security and game improvements, including endgame difficulty adjustments, have also been raised. The incident highlights the ongoing need for robust security measures in online gaming.
(Note: Replace "https://placeholder.com/image" with an appropriate image URL if one is available and relevant. The original image URLs were not provided in the prompt.)
