Path of Exile 2 Data Breach Revealed

Path of Exile 2 Developer Confirms Data Breach: Player Information Compromised

Grinding Gear Games, the developer behind Path of Exile 2, has confirmed a data breach affecting a significant number of player accounts. The breach, discovered the week of January 6th, 2025, stemmed from a compromised developer account linked to Steam.

The Breach: A developer's admin account was compromised, granting unauthorized access to tools used by Path of Exile 2's customer support team. This allowed the attacker to access sensitive player data, including email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. While passwords themselves were not directly accessible, the potential for the attacker to use compromised email addresses to guess passwords from other data breaches exists. In some cases, transaction and private message histories were also viewed.

Impact and Response: The developers immediately locked the compromised account and implemented mandatory password resets for all admin accounts. A subsequent investigation revealed the breach originated from an old, test-only Steam account linked to the developer's Path of Exile account. Grinding Gear Games has since implemented stricter security measures, including removing the ability to link third-party accounts to staff accounts and significantly tightening IP restrictions. A bug that allowed the deletion of logs related to account changes has also been fixed. The attacker also randomly changed passwords on 66 accounts.

Community Reaction: Player responses have been varied, with some commending the developer's transparency while others advocate for the implementation of two-factor authentication for enhanced security. Many players also expressed concerns about overall account security and requested further improvements.

Key Takeaways: This incident underscores the importance of robust security measures for online game developers. The breach highlights the potential vulnerabilities associated with linked accounts and the need for continuous security updates and improvements. Grinding Gear Games' proactive response and commitment to enhanced security measures are crucial steps in regaining player trust.