Path of Exile 2 Developer, Grinding Gear Games, Addresses Data Breach
Grinding Gear Games has confirmed a data breach affecting Path of Exile 2 players. The breach, discovered the week of January 6, 2025, stemmed from a compromised developer account linked to Steam. This compromised account granted unauthorized access to tools used by the customer support team.
Compromised Information:
A significant number of accounts were affected, with the attacker gaining access to email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. While passwords and password hashes were not directly accessible, the risk of credential stuffing remains due to the exposure of email addresses. In some cases, transaction and private message histories were also viewed.
Developer Response:
Grinding Gear Games immediately took action, locking the compromised account and initiating password resets for all admin accounts. A subsequent investigation revealed the breach originated from an old, test Steam account linked to the developer's Path of Exile account. The developers have implemented enhanced security measures, including stricter IP restrictions and the prohibition of linking third-party accounts to staff accounts. A bug allowing the deletion of relevant logs has also been patched.
Community Reaction:
Player response has been varied, with some commending the developer's transparency while others advocate for the implementation of two-factor authentication. Concerns regarding account security, endgame difficulty adjustments, and further content updates have also been raised.
Summary of Key Points:
- Data Breach Confirmed: A data breach occurred the week of January 6, 2025, due to a compromised developer account.
- Information Compromised: Email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes were accessed. Some accounts also had transaction and private message history viewed.
- Developer Actions: The compromised account was locked, password resets were enforced, security measures were significantly strengthened, and a log deletion bug was fixed.
- Community Response: Mixed reactions, with calls for improved security features like two-factor authentication and requests for game balance adjustments.
