Path of Exile 2 Developer Addresses Major Data Breach
Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach earlier this month. The breach stemmed from a compromised Steam test account possessing administrator privileges. This compromised account allowed unauthorized access to over 66 player accounts.
Enhanced Security Measures Promised
The breach involved a long-standing test account lacking crucial security measures like linked phone numbers or addresses. This vulnerability allowed the attacker to successfully impersonate the account holder to Steam support, gaining access using minimal information (email address, account name, and VPN-masked location).
The attacker exploited this access to reset passwords on numerous PoE 1 and PoE 2 accounts, cleverly deleting password change notifications to remain undetected. Sensitive data accessed included email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. Grinding Gear Games acknowledges the potential for malicious use of this stolen information.
In response, Grinding Gear Games has implemented several security enhancements, including stricter restrictions on administrator accounts and a prohibition on linking third-party accounts to staff accounts. They've also significantly tightened IP restrictions. While acknowledging the security lapse, the developers have pledged to take further steps to prevent future incidents.
The community response has been mixed, with some praising the developer's transparency, while others advocate for the immediate implementation of two-factor authentication (2FA) for enhanced account security. While the timeline for 2FA implementation remains unclear, players are urged to change their passwords and remain vigilant about their account information.
