Path of Exile 2 Developer Addresses Major Data Breach
Grinding Gear Games, the developer behind Path of Exile, has issued a public apology following a significant data breach earlier this month. The breach stemmed from a compromised Steam test account with administrative privileges. This compromised account allowed unauthorized access to over 66 player accounts.
Security Lapse Detailed
The breach involved a long-standing test account lacking crucial security measures like linked phone numbers or addresses. Exploiting this vulnerability, the attacker successfully deceived Steam support, gaining access using minimal information (email address, account name, and a VPN to mask location).
Further compromising security, the attacker deleted password change notifications, preventing affected users from being alerted. The breach resulted in the exposure of sensitive data, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. This compromised information poses a significant risk to affected players.
Enhanced Security Measures Implemented
Grinding Gear Games has responded by implementing enhanced security protocols for administrative accounts. These measures include stricter IP restrictions and the prohibition of third-party account links to staff accounts. The developers acknowledge the security lapse and express deep regret for the incident. They assure players that further steps will be taken to prevent future occurrences.
The community response has been mixed, with some praising the developer's transparency while others advocate for the immediate implementation of two-factor authentication (2FA). While the addition of 2FA remains pending, players are urged to change their passwords and remain vigilant about their account security. The incident serves as a stark reminder of the importance of robust security practices in online gaming.
