Path of Exile Developer Addresses Major Data Breach

Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach impacting over 66 accounts. The breach stemmed from a compromised Steam test account with administrative privileges. This article details the incident and the subsequent security measures implemented by the developers.

The breach involved a compromised Steam account, long-standing and used for testing purposes, lacking crucial security features like linked phone numbers or addresses. This vulnerability allowed a hacker to deceive Steam support, gaining access using minimal information (email, account name, and a strategically used VPN).

The hacker exploited the compromised account to reset passwords on numerous PoE 1 and PoE 2 accounts, cleverly deleting password change notifications to avoid detection. Sensitive data accessed included email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. This compromised information poses a significant risk to affected users.

Grinding Gear Games has responded by enhancing security protocols for administrative accounts. Third-party account linking to staff accounts is now prohibited, and significantly stricter IP restrictions have been implemented. The developers expressed deep regret for the security lapse and pledged to take further steps to prevent future incidents.

The community reaction has been mixed, with praise for the developer's transparency alongside calls for the implementation of two-factor authentication (2FA) to bolster account security. While the future inclusion of 2FA remains uncertain, players are advised to change their passwords and remain vigilant about their account information.