Grinding Gear Games, the developer behind Path of Exile, has issued a heartfelt apology following a significant data breach. This incident, caused by a compromised test Steam account with admin rights, has affected numerous players. Let's dive into the details of the breach and the steps being taken to fortify security.
Over 66 Accounts Compromised
Developers Promise Better Security Measures
Path of Exile (PoE) developer Grinding Gear Games has publicly acknowledged a data breach that took place earlier this month. The details were shared in a post on the official PoE forums titled "Data Breach Notification," where the developers outlined the sequence of events.
The breach occurred when a hacker gained access to a Steam account used by PoE for testing purposes, which unfortunately had admin privileges. This account, created long ago, lacked any linked purchases, phone numbers, or addresses, making it vulnerable. The attacker, using minimal information like the email address and account name, along with a VPN to mimic the user's location, tricked Steam's customer support into granting access. Once inside, the hacker utilized customer support tools to change the passwords of 66 PoE 1 and PoE 2 accounts to random strings, effectively locking out the legitimate owners.
The hacker went further by deleting notifications of these password changes, thereby concealing their actions. This allowed them to access sensitive data including email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. They also viewed transaction histories and private messages of some accounts, raising concerns about potential misuse of this information for malicious purposes.
In response, Grinding Gear Games has taken decisive action to enhance security. "We have implemented additional security measures for admin accounts to prevent future breaches," the developers stated. "No third-party accounts are now allowed to be linked to staff accounts, and we've introduced stricter IP restrictions. We deeply regret this security lapse and acknowledge that these measures should have been in place earlier. We are committed to further strengthening our security protocols."
The community's response on the forum has been mixed, with some players appreciating the transparency of Grinding Gear Games, while others are pushing for the implementation of two-factor authentication (2FA) to bolster account security. Although 2FA has not yet been added, players are encouraged to change their passwords and remain vigilant about their account information.
In conclusion, Grinding Gear Games is taking significant steps to rectify this security breach and prevent future incidents. Players are advised to stay informed and proactive in protecting their accounts.
