Path of Exile 2 Developer Addresses Major Data Breach
Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach earlier this month. The breach stemmed from a compromised Steam test account possessing administrator privileges. The compromised account allowed unauthorized access to over 66 player accounts.
Enhanced Security Measures Promised
The breach involved a long-standing test account lacking crucial security features like linked phone numbers or addresses. This vulnerability allowed a hacker to deceive Steam support, gaining access using minimal information (email address, account name, and a strategically used VPN).
The hacker's actions included resetting passwords on multiple PoE 1 and PoE 2 accounts, deleting password change notifications, and accessing sensitive data. This compromised information included email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. The potential for misuse of this data is a serious concern.
Grinding Gear Games has responded by implementing stricter security protocols for administrator accounts. These measures include eliminating third-party account linking and significantly tightening IP restrictions. The developer acknowledges the security lapse and commits to preventing future occurrences.
The community response has been mixed, with praise for the developer's transparency alongside calls for the implementation of two-factor authentication (2FA). While 2FA remains a future consideration, players are advised to change their passwords and remain vigilant about their account security.
