Path of Exile 2 Confirms Data Breach

Posted by By our-little-miss-is-home January 16, 2025 10 Views 6 Min Read
Path of Exile 2 Confirms Data Breach



Summary

  • Path of Exile 2 developer Grinding Gear Games confirms there was a data breach on the week of January 6, 2025.
  • The breach was caused by a user that gained access to a developer’s account, which was linked to Steam.
  • Player email addresses, Steam IDs, IP addresses, and other information were compromised in the breach.

Grinding Gear Games confirmed that Path of Exile 2 experienced a data breach after one of the developer’s admin accounts was compromised. The Path of Exile 2 developers also outlined its next steps to improve the security of their admin accounts and ensure breaches won’t happen again in Path of Exile 2 and its predecessor, which players can both log into with one shared account.

Following its early access release in December 2024, Path of Exile 2 has maintained a healthy player base thanks to a steady flow of updates and communication from the developers at Grinding Gear Games. One of the most recent updates improved the game’s performance on PlayStation 5 and fixed issues involving monsters, skills, and damage. Path of Exile 2’s next major patch is going to release soon, and Grinding Gear Games addressed the situation involving the data breach before players log back into the game and play the patch’s new content.

path-of-exile-2-poe2-diablo-4-d4-comparison-templar-paladin-crusader-class-archetype-missing-first-last-timing-good-bad-why

Related


Path of Exile 2 Can’t Beat Diablo 4 to the Punch with One Class

Comparisons between Path of Exile 2 and Diablo 4 are made quite often, and the former may end up adding one class before the latter.

Grinding Gear Games’ official Path of Exile 2 forum was updated with a new notice from the developers, confirming that they became aware of the data breach on the week of January 6, 2025. An account with admin access to the website owned by one of the developers was compromised, giving the user access to tools that Path of Exile 2’s customer support team typically use. Shortly after this discovery, the Path of Exile 2 developers immediately locked the account and forced password resets for all other admin accounts. A subsequent investigation discovered that the Path of Exile account that was compromised was linked to an old Steam account that was used for testing, which gave the user enough information to steal the account. Although the Steam account didn’t have any purchases or personal information tied to the developer, access to the developer’s Path of Exile account meant that the user could affect other accounts through the developer portal.

Path of Exile 2 Developer Grinding Gear Games Confirms Data Breach Involving Compromised Staff Account

  • The data breach compromised the following information for a “significant number” of accounts.
  • Compromised data includes email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes.

The attacker set random passwords on 66 accounts, and a bug allowed them to delete logs that showed where changes had occurred. Grinding Gear Games confirmed that the bug doesn’t exist for other support actions and has been fixed, but the breach allowed the attacker to view account information for a “significant number” of accounts on the developer portal. As a result, email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes were compromised.

Although no passwords or password hashes were viewable through the customer service portal, Grinding Gear Games said it was possible that the attacker could have compared email addresses against lists of compromised passwords from other websites to bypass region locking for accounts linked to Path of Exile 2 on Steam. For some accounts in the breach, the attacker was able to look at transaction history, along with private message history from Grinding Gear Games staff. To prevent this breach from happening again, third party accounts can no longer be linked to staff accounts, and there are “significantly more stringent” IP restrictions.

The community’s response to the breach has been mixed, with some players praising the developers for being transparent about the data breach, while others are calling for two-factor authentication to be added to Path of Exile 2 accounts. It’s clear that a notable portion of the player base would like to see some improvements to security and in-game content, along with adjustments to endgame difficulty in Path of Exile 2.

Source link