"Path of Exile 2 Confirms Data Breach Incident"

Summary

• Path of Exile 2 developer Grinding Gear Games confirmed a data breach occurred during the week of January 6, 2025, caused by a user gaining access to a developer's account linked to Steam.
• Compromised data included player email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes.
• Grinding Gear Games has outlined plans to enhance security measures to prevent future breaches.

Grinding Gear Games recently confirmed that Path of Exile 2 suffered a data breach after a developer's admin account was compromised. The breach occurred because the compromised account was linked to an old Steam account used for testing purposes. This allowed the attacker to access the developer portal and affect other accounts. The developers took immediate action by locking the compromised account and resetting passwords for all other admin accounts.

Since its early access release in December 2024, Path of Exile 2 has maintained a strong player base, thanks to ongoing updates and clear communication from Grinding Gear Games. A recent update improved performance on the PlayStation 5 and addressed issues with monsters, skills, and damage. With a major patch on the horizon, the developers addressed the data breach to keep players informed before they dive back into the game.

The official Path of Exile 2 forum was updated to inform the community about the breach discovered on the week of January 6, 2025. The compromised account belonged to a developer and provided access to customer support tools. The investigation revealed that the attacker could manipulate 66 accounts, setting random passwords and deleting logs due to a now-fixed bug. This breach compromised email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes for a "significant number" of accounts.

Although no passwords or password hashes were accessible through the customer service portal, Grinding Gear Games noted the potential for attackers to use compromised email addresses to bypass region locking on Steam accounts. Some affected accounts had their transaction and private message histories viewed by the attacker. To prevent future breaches, Grinding Gear Games has implemented stricter security measures, including prohibiting third-party account linking for staff accounts and enforcing more stringent IP restrictions.

The community's response to the breach has been varied. While some players appreciate the transparency, others are advocating for the addition of two-factor authentication to enhance account security. There's also a call for improvements in in-game content and adjustments to the endgame difficulty in Path of Exile 2.