Summary
- Grinding Gear Games, developers of Path of Exile 2, confirmed a data breach occurred during the week of January 6, 2025.
- An unauthorized user accessed a developer's account linked to Steam, leading to the breach.
- Compromised data includes player email addresses, Steam IDs, IP addresses, and other sensitive information.
Grinding Gear Games announced that Path of Exile 2 suffered a data breach after a developer's admin account was compromised. The developers detailed plans to enhance admin account security to prevent future breaches in Path of Exile 2 and its predecessor, both accessible via a shared account system.
Since its early access launch in December 2024, Path of Exile 2 has sustained a robust player base, driven by consistent updates and open communication from Grinding Gear Games. A recent update optimized performance on PlayStation 5 and resolved issues with monsters, skills, and damage. Ahead of an upcoming major patch, the developers addressed the data breach to reassure players before they engage with new content.
Grinding Gear Games updated the official Path of Exile 2 forum, confirming awareness of the data breach during the week of January 6, 2025. A developer's admin account, linked to an outdated Steam account used for testing, was compromised, granting the intruder access to customer support tools. The developers promptly locked the account and enforced password resets for all admin accounts. An investigation revealed the breach stemmed from the linked Steam account, allowing the intruder to manipulate other accounts via the developer portal.
Path of Exile 2 Developer Grinding Gear Games Confirms Data Breach Involving Compromised Staff Account
- The breach exposed sensitive data for a significant number of accounts.
- Compromised information includes email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes.
The intruder reset passwords on 66 accounts and exploited a bug to delete logs tracking changes. Grinding Gear Games confirmed the bug, which did not affect other support actions, has been resolved. However, the breach exposed account details for numerous accounts, including email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes.
While no passwords or password hashes were accessible via the customer service portal, the attacker may have cross-referenced email addresses with compromised password lists from other sites to bypass region locks for Steam-linked Path of Exile 2 accounts. The intruder also accessed transaction and private message histories for some accounts. To prevent future incidents, third-party account linking to staff accounts has been disabled, and stricter IP restrictions have been implemented.
Player reactions to the breach vary, with some commending Grinding Gear Games’ transparency, while others demand two-factor authentication for Path of Exile 2 accounts. A significant portion of the community seeks enhanced security measures, improved in-game content, and adjustments to endgame difficulty.
Latest Downloads
Downlaod
Top News
