Summary
- Path of Exile 2 developer Grinding Gear Games has confirmed a data breach that occurred during the week of January 6, 2025, resulting from unauthorized access to a developer's account linked to Steam.
- The breach compromised player email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes.
- Grinding Gear Games has taken immediate steps to secure their systems and is planning further security enhancements to prevent future incidents.
Grinding Gear Games has confirmed that a data breach affected Path of Exile 2 after a developer's admin account was compromised. The breach occurred because the compromised account was linked to an old Steam testing account, allowing unauthorized access to sensitive tools typically used by the customer support team. Upon discovering the breach, Grinding Gear Games swiftly locked the affected account and enforced password resets across all admin accounts.
The breach exposed a "significant number" of Path of Exile 2 accounts, compromising email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. The attacker exploited a bug to delete logs, which has since been fixed, but not before changing passwords on 66 accounts. While no passwords or password hashes were directly accessible through the portal, there was a risk of the attacker using compromised email addresses to bypass region locks on Steam accounts linked to Path of Exile 2.
To address the breach and enhance security, Grinding Gear Games has implemented stricter measures, including prohibiting third-party account linking to staff accounts and enforcing "significantly more stringent" IP restrictions. The developers have been transparent about the incident, communicating the details through an update on the official Path of Exile 2 forum.
Following its early access release in December 2024, Path of Exile 2 has maintained a robust player base, supported by regular updates and developer communication. A recent update enhanced the game's performance on PlayStation 5 and resolved issues related to monsters, skills, and damage. The next major patch is anticipated soon, and the developers are keen to ensure players are informed about the data breach before diving into new content.
The community's reaction to the breach has been varied. While some players appreciate the transparency and swift action taken by Grinding Gear Games, others are advocating for additional security measures, such as two-factor authentication for Path of Exile 2 accounts. There is also a call for improvements in in-game content and adjustments to the endgame difficulty to enhance the overall gaming experience.
