Path of Exile 2 Developer Addresses Significant Data Breach
Grinding Gear Games, the studio behind Path of Exile, has issued a public apology following a data breach affecting over 66 accounts. The breach stemmed from a compromised Steam test account possessing administrative privileges. This allowed the attacker to reset passwords on numerous PoE 1 and PoE 2 accounts.
The compromised test account, created for internal purposes, lacked crucial security measures like linked phone numbers or addresses. This vulnerability allowed the attacker to successfully impersonate the account holder with minimal information, deceiving Steam support.
The attacker further concealed their actions by deleting password change notifications. Access to sensitive data, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages, was gained. This raises significant concerns about potential misuse of the stolen information.
Grinding Gear Games has pledged to enhance security protocols for administrative accounts, including stricter IP restrictions and the prohibition of third-party account links. The company expressed deep regret for the security lapse and committed to preventing future incidents.
The community response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA). Players are urged to change their passwords and remain vigilant about their account security. The addition of 2FA remains a highly anticipated security enhancement.
