Path of Exile 2 Developer Addresses Major Data Breach
Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach earlier this month. The breach stemmed from a compromised test Steam account possessing administrative privileges. The incident resulted in unauthorized password resets for over 66 Path of Exile accounts.
Enhanced Security Measures Implemented
The compromised Steam account, used for internal testing and lacking linked personal information like phone numbers or addresses, was successfully targeted by a hacker. Exploiting vulnerabilities in Steam's customer support system, the attacker provided minimal account details (email, username) and used a VPN to mask their location, gaining access.
The hacker then leveraged customer support tools to reset passwords on numerous accounts, cleverly deleting password change notifications to avoid detection. Access to sensitive data, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages, was gained. Grinding Gear Games acknowledges the potential for misuse of this information.
In response, the developers have implemented stricter security protocols for administrative accounts, including enhanced IP restrictions and the prohibition of linking third-party accounts to staff accounts. They expressed deep regret for the security lapse and pledged to take further steps to prevent future incidents.
The community response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA). While the addition of 2FA remains pending, players are urged to change their passwords and remain vigilant regarding account security.
