Path of Exile 2 Developer Addresses Major Data Breach
Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach earlier this month. The breach stemmed from a compromised Steam test account possessing administrator privileges. This compromised account allowed unauthorized access to over 66 player accounts.
Enhanced Security Measures Promised
The breach involved a long-standing Steam account used for internal testing. Lacking linked phone numbers, addresses, or purchase history, this account proved vulnerable. The attacker successfully impersonated the account owner to Steam support, providing minimal information like the email address and account name, and using a VPN to mask their location.
This malicious actor exploited the compromised account to reset passwords on numerous PoE 1 and PoE 2 accounts. Furthermore, they deleted password change notifications, concealing their actions from affected players. The breach resulted in the exposure of sensitive data, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages.
Grinding Gear Games acknowledged the security lapse and outlined steps taken to prevent future incidents. These include enhanced security protocols for administrator accounts, prohibiting third-party account linking to staff accounts, and implementing stricter IP restrictions.
The community response has been mixed, with some praising the developer's transparency while others advocate for the implementation of two-factor authentication (2FA) for improved account security. While the immediate response focuses on enhanced security measures, the future addition of 2FA is highly anticipated. Players are advised to change their passwords and remain vigilant regarding their account information.
