Path of Exile 2 Developer, Grinding Gear Games, Addresses Data Breach
Grinding Gear Games recently disclosed a data breach affecting Path of Exile 2 players. The breach, discovered the week of January 6th, 2025, stemmed from a compromised developer account linked to Steam. This unauthorized access exposed sensitive player information.
Compromised Data:
A significant number of accounts were affected, with the compromised data including email addresses, Steam IDs, IP addresses, and in some cases, shipping addresses and unlock codes. While passwords and password hashes were not directly accessible, the potential for the attacker to use compromised email addresses to bypass security measures existed. Some accounts also had their transaction and private message histories viewed.
The Breach:
The breach originated from a developer's compromised admin account, granting the attacker access to customer support tools. The attacker exploited a now-patched bug to delete logs, hindering the investigation. The compromised developer account was linked to an old, inactive Steam account used for testing purposes.
Grinding Gear Games' Response:
Following the discovery, Grinding Gear Games immediately took action, including locking the compromised account, resetting all admin passwords, and implementing enhanced security measures. These measures include eliminating the ability to link third-party accounts to staff accounts and significantly tightening IP restrictions.
Community Reaction:
Player reactions have been varied. While some commend the developers' transparency, others advocate for the implementation of two-factor authentication and further security improvements. Concerns regarding endgame difficulty and in-game content updates have also been raised.
Moving Forward:
Grinding Gear Games is committed to improving account security to prevent future breaches. The company is actively working to address player concerns and enhance the overall security of both Path of Exile 2 and its predecessor.
