"Path of Exile 2 Issues Apology for Data Breach"

Grinding Gear Games, the developer behind Path of Exile (PoE), has issued a heartfelt apology following a significant security breach affecting their community. The incident, which was detailed in a post titled "Data Breach Notification" on the official PoE forums, shed light on the vulnerabilities exploited and the immediate actions taken to address the issue.

Over 66 Accounts Compromised

The breach stemmed from a compromised test Steam account with administrative privileges. The hacker, using minimal information such as an email address and account name, alongside a VPN to mimic the account's country of origin, managed to deceive Steam's customer support and gain access. This allowed the attacker to reset passwords for 66 accounts across PoE 1 and PoE 2, utilizing tools typically reserved for customer support.

The hacker's actions didn't stop at password changes; they also deleted notifications of these changes, effectively covering their tracks. This breach enabled access to sensitive user data, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. Such information could potentially be used for malicious purposes, putting the affected users at risk.

In response, Grinding Gear Games has taken decisive steps to bolster security. "We have implemented additional security measures around admin accounts to prevent future incidents," the developers stated. These measures include prohibiting third-party account linkages to staff accounts and enforcing stricter IP restrictions. The team expressed deep regret for the security lapse and committed to further enhancing their security protocols.

The community's response on the forum was mixed, with some players appreciating the transparency of Grinding Gear Games, while others called for the implementation of two-factor authentication (2FA) to add an extra layer of security. As the developers work on these improvements, PoE players are advised to change their passwords and remain vigilant about their account security.

Grinding Gear Games' swift acknowledgment and action plan demonstrate their commitment to safeguarding their players' data. As the gaming community awaits further security enhancements, including the potential addition of 2FA, the incident serves as a reminder of the importance of robust security measures in protecting online gaming environments.