Path of Exile 2 Apologizes for Major Data Breach
Path of Exile developer Grinding Gear Games has issued a heartfelt apology following a significant security breach that affected their community. The incident, which involved a compromised test Steam account with admin rights, has led to a thorough review and enhancement of their security protocols. Let's delve into the details of what happened and the steps being taken to prevent future occurrences.
Over 66 Accounts Compromised
In a recent post on the official Path of Exile forums titled "Data Breach Notification," Grinding Gear Games outlined the breach's specifics. A hacker gained access to a Steam account used for testing purposes, which had admin privileges. This account, lacking any linked purchases, phone numbers, or addresses, was easily compromised by the attacker who used basic information and a VPN to deceive Steam's customer support.
The hacker then utilized the compromised account to change passwords on 66 different Path of Exile 1 and 2 accounts. These changes were made using tools typically employed by the company's customer support team. The attacker also managed to delete notifications of these changes, effectively covering their tracks and preventing the account owners from being immediately alerted.
The breach allowed the hacker to access sensitive personal information, including email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. Additionally, some transaction histories and private messages were viewed, raising concerns about potential misuse of this data for malicious purposes.
Developers Promise Better Security Measures
In response to the breach, Grinding Gear Games has taken decisive action to bolster their security measures. "We have implemented additional security protocols around admin accounts to prevent such incidents in the future," the developers stated. Key measures include prohibiting third-party account linkages to staff accounts and enforcing stricter IP restrictions.
The developers expressed deep regret for the security lapse and acknowledged that the measures should have been in place earlier. They committed to ongoing efforts to enhance security further.
Community response on the forum thread was mixed, with some players appreciating the transparency and others calling for the implementation of two-factor authentication (2FA) to add an extra layer of security. While Grinding Gear Games has not yet confirmed plans for 2FA, players are advised to change their passwords and remain vigilant about their account information in the meantime.
By addressing the breach openly and taking immediate steps to improve security, Grinding Gear Games aims to restore trust and ensure a safer gaming environment for their Path of Exile community.
