"Path of Exile 2 Issues Apology Over Data Breach"

Grinding Gear Games, the developers behind Path of Exile, have issued a heartfelt apology following a significant data breach. The incident, which occurred due to a compromised test Steam account with administrative privileges, has raised concerns about the security of player accounts. Here's a detailed look at what happened and the steps being taken to prevent future breaches.

Over 66 Accounts Compromised

Developers Promise Better Security Measures

Earlier this month, Grinding Gear Games disclosed a data breach on the official Path of Exile forums. The breach stemmed from a hacker gaining access to a Steam account used for testing purposes, which had admin rights but no linked personal information. This allowed the hacker to deceive Steam customer support and gain control of the account.

Using tools typically reserved for customer support, the hacker altered the passwords of 66 accounts across Path of Exile 1 and 2. They also managed to delete notifications about these password changes, effectively covering their tracks. This breach enabled access to sensitive user data, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. Such information could potentially be used maliciously, impacting other accounts linked to the compromised ones.

In response, Grinding Gear Games has pledged to enhance security measures around admin accounts. They've implemented stricter IP restrictions and prohibited third-party account linking to staff accounts. The developers expressed deep regret for the security lapse and promised ongoing efforts to fortify their systems.

"We have taken steps to ensure that there are more security measures around admin accounts so that this cannot happen again. No third-party accounts are allowed to be linked to any staff accounts, and we have added significantly more stringent IP restrictions. We are incredibly sorry for this lapse in security. The measures taken to secure the admin website really should have already been in place, and in the future, we will be taking even more steps to make sure that this kind of issue never occurs again," the developers stated in their forum post.

The community's response on the forums has been mixed, with some players praising the transparency of Grinding Gear Games, while others have called for the implementation of two-factor authentication (2FA) to bolster account security. In light of these events, players are encouraged to change their passwords and remain vigilant about their account information. The addition of 2FA could further safeguard Path of Exile accounts, and it remains to be seen whether Grinding Gear Games will implement this measure in the near future.