Path of Exile 2 Developer Addresses Major Data Breach
Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach. The breach stemmed from a compromised Steam test account with administrative privileges. This compromised account allowed unauthorized access to over 66 player accounts.
Security Lapse Detailed
The breach involved a long-standing test account lacking crucial security features like linked phone numbers or addresses. This vulnerability allowed a hacker to successfully impersonate the account holder to Steam support, gaining access using minimal information (email, account name, and a strategically used VPN).
The attacker exploited the compromised account to reset passwords on numerous PoE 1 and PoE 2 accounts. Furthermore, they deleted password change notifications, concealing their actions. Sensitive data accessed included email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. This data poses a significant risk of misuse.
Enhanced Security Measures Implemented
Grinding Gear Games has responded by implementing enhanced security protocols for administrative accounts. These measures include stricter IP restrictions and a prohibition on linking third-party accounts to staff accounts. The developers acknowledge the security lapse and express deep regret for the incident. They commit to further strengthening security measures to prevent future breaches.
The community response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA). While 2FA's future inclusion remains unconfirmed, players are urged to change their passwords and remain vigilant about their account security. The incident serves as a stark reminder of the importance of robust security practices in online gaming.
