Path of Exile 2 Developer, Grinding Gear Games, Announces Data Breach
Grinding Gear Games has confirmed a data breach affecting Path of Exile 2 accounts that occurred during the week of January 6th, 2025. The breach stemmed from a compromised developer account linked to Steam.
Compromised Information: A substantial number of accounts were affected, with the breach exposing email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. While passwords and password hashes were inaccessible via the compromised portal, the risk of credential stuffing remains. In some cases, transaction and private message histories were also viewed.
Breach Details: An attacker gained access to a developer's admin account, granting them access to tools used by Path of Exile 2's customer support team. The attacker exploited a now-patched bug to delete logs, hindering the investigation. The compromised Steam account, used for testing purposes, lacked personal financial information but provided access to the developer's Path of Exile account, enabling the attacker to manipulate other accounts through the developer portal. The attacker also randomly changed passwords on 66 accounts.
Grinding Gear Games' Response: The developer immediately locked the compromised account, initiated password resets for all admin accounts, and launched a thorough investigation. To prevent future breaches, third-party account linking to staff accounts has been disabled, and IP restrictions have been significantly tightened.
Community Reaction: Player responses have been varied. While some commend Grinding Gear Games' transparency, others demand the implementation of two-factor authentication for enhanced security. Concerns regarding overall account security, endgame difficulty adjustments, and future content updates have also been raised.
(Note: Replace https://images.lgjyh.complaceholder_image_url.jpg with the actual URL of an appropriate image if one is available.)
