"Path of Exile 2 Issues Apology for Massive Data Breach"

Grinding Gear Games, the developers behind the popular game Path of Exile (PoE), have issued a heartfelt apology following a significant data breach that occurred earlier this month. The incident, which has affected the security of over 66 accounts, was detailed in a post on the official PoE forums titled "Data Breach Notification."

Over 66 Accounts Compromised

The breach originated from a compromised Steam account with administrative access, which was initially created for testing purposes. The hacker exploited this vulnerability by successfully impersonating the account owner to Steam customer support, using only basic information like the email address and account name, along with a VPN to mimic the account's country of origin. This allowed them to reset the passwords of 66 different PoE 1 and PoE 2 accounts, using tools typically reserved for customer support agents.

The hacker went further by deleting the password change notifications, effectively covering their tracks and preventing the account owners from being alerted to the breach. This malicious actor was also able to access sensitive personal information including email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. They viewed transaction histories and private messages, potentially using this data for nefarious purposes that could impact the victims' other online accounts.

Developers Promise Better Security Measures

In response to this security lapse, Grinding Gear Games has taken immediate action to bolster their security protocols. They stated, "We have taken steps to ensure that there are more security measures around admin accounts so that this cannot happen again. No third-party accounts are allowed to be linked to any staff accounts, and we have added significantly more stringent IP restrictions. We are incredibly sorry for this lapse in security. The measures taken to secure the admin website really should have already been in place, and in the future, we will be taking even more steps to make sure that this kind of issue never occurs again."

The community's response on the forum thread has been mixed, with some players commending the developers for their transparency and others calling for the implementation of two-factor authentication (2FA) to enhance account security. While Grinding Gear Games has not yet confirmed the addition of 2FA, players are encouraged to change their passwords and remain vigilant about their account information in the interim.