Path of Exile 2 Developer, Grinding Gear Games, Addresses Data Breach
Grinding Gear Games has confirmed a data breach affecting Path of Exile 2 accounts, occurring during the week of January 6, 2025. The breach stemmed from a compromised developer account linked to Steam.
Compromised Information: A significant number of accounts were impacted, with compromised data including email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. While passwords and password hashes were not directly accessible, the potential for the attacker to use compromised email addresses to bypass region locks remains a concern. In some cases, transaction and private message histories were also viewed.
The Breach: The breach involved a developer's admin account, granting the attacker access to customer support tools. The attacker exploited a now-patched bug to delete logs, hindering the investigation. Sixty-six accounts had their passwords changed by the attacker.
Security Enhancements: Grinding Gear Games has implemented several security measures to prevent future breaches. These include eliminating the linking of third-party accounts to staff accounts and imposing significantly stricter IP restrictions.
Community Response: Player reactions have been varied, with some commending the developer's transparency while others advocate for the implementation of two-factor authentication. Calls for improved account security and adjustments to in-game content and endgame difficulty have also surfaced.
Timeline: The breach was discovered and addressed swiftly, with immediate account lockdowns and password resets implemented for all admin accounts. This proactive response aimed to mitigate further damage and ensure player data security before the release of the next major patch. The game, released in early access in December 2024, continues to maintain a strong player base.
Latest Downloads
Downlaod
Top News
