Path of Exile 2 Developer, Grinding Gear Games, Addresses Data Breach
Grinding Gear Games has confirmed a data breach affecting Path of Exile 2 accounts, occurring during the week of January 6, 2025. The breach stemmed from a compromised developer account linked to Steam.
Compromised Information: A significant number of accounts were affected, with the attacker gaining access to email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. While passwords themselves were not directly accessible, the potential for attackers to use compromised email addresses to access accounts via password lists from other breaches remains a concern. In some cases, transaction and private message history were also viewed.
Breach Details: The breach originated from a developer's compromised admin account, granting access to tools used by the Path of Exile 2 customer support team. The attacker exploited a now-patched bug to delete logs, hindering the investigation. Sixty-six accounts had their passwords randomly changed.
Security Improvements: Grinding Gear Games has implemented several security measures to prevent future breaches. These include eliminating the ability to link third-party accounts to staff accounts and imposing significantly stricter IP restrictions.
Community Response: Player reactions have been varied, with some commending the developer's transparency while others advocate for the implementation of two-factor authentication. Many players are also expressing desires for enhanced security measures, improved in-game content, and adjustments to endgame difficulty.
In short: While Grinding Gear Games acted swiftly to contain the breach and implement security improvements, the incident highlights the ongoing need for robust security practices within online gaming. The compromised data necessitates vigilance from affected players.
