Path of Exile 2 developer Grinding Gear Games has apologized for a “lapse in security” that helped an attacker gain access to and view the information of a “significant number of [player] accounts.” The attacker apparently set random passwords for some players, viewed private information, and even looked at some message history. GGG says it is now taking on more security measures to make sure the issue doesn’t happen again.
With new players jumping into Path of Exile 2 at the start of early access, it’s more important than ever that you check your account for the RPG now. This data breach has impacted quite a few accounts, which extend across both Path of Exile games, so it’s worth brushing up on what information you have tied to playing PoE.
“Last week we became aware that a PoE account with admin access to the website owned by one of our developers had been compromised,” Grinding Gear Games writes. “This gave them access to the tools that our customer support agents use.
“The PoE account in question was linked to an old Steam account that was created by a developer for testing a long time ago, and didn’t have any purchases on it. The compromise occurred when the attacker was able to supply enough information to Steam support to steal the account.”
“We immediately locked the account, and forced password resets on all other admin accounts. We then began an investigation into what had occurred.”
Grinding Gear Games then says that the attacker set random passwords for 66 different accounts. “Unfortunately there was a bug in the event log for this particular support action that allowed the attacker to delete the event showing that the change had occurred,” GGG continues. “This bug doesn’t exist for other support actions and has been fixed now.”
The attacker could then view the email address, Steam ID, shipping address, and current unlock code if the account has one associated, for “a significant number of accounts” through Grinding Gear Games’ portal.
“We have taken steps to ensure that there are more security measures around admin accounts so that this can not happen again. No third-party accounts are allowed to be linked to any staff accounts and we have added significantly more stringent IP restrictions,” Grinding Gear Games adds.
“We are incredibly sorry for this lapse in security. The measures taken to secure the admin website really should have already been in place and in the future we will be taking even more steps to make sure that this kind of issue never occurs again.”
We’ve also got all the best Path of Exile 2 builds and a breakdown of every single Path of Exile 2 quest so far, if you want help.
You can also follow us on Google News for daily PC games news, reviews, and guides, or join our community Discord to stay in the know.