Data Breach Confirmed for Path of Exile 2

Summary

• Path of Exile 2 developer Grinding Gear Games confirmed a data breach during the week of January 6, 2025, caused by a user gaining access to a developer's account linked to Steam.
• The breach compromised player email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes.
• Grinding Gear Games has taken immediate steps to secure their admin accounts and prevent future breaches.

Grinding Gear Games has acknowledged a significant data breach affecting Path of Exile 2, stemming from a compromised developer's admin account. This breach, discovered during the week of January 6, 2025, allowed unauthorized access to the developer's account, which was linked to an old Steam account used for testing purposes. The attacker gained access to tools typically used by the customer support team, compromising sensitive player data including email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes.

In response to the breach, the developers swiftly locked the compromised account and enforced password resets across all admin accounts. Their investigation revealed that the breach exploited a now-fixed bug that allowed the attacker to delete logs, which obscured the breach's footprint. Although no passwords or password hashes were directly accessible, the attacker could potentially use the compromised email addresses to bypass region locking on Steam-linked accounts.

Since its early access release in December 2024, Path of Exile 2 has maintained a robust player base, buoyed by consistent updates and developer communication. A recent update enhanced performance on PlayStation 5 and addressed issues with monsters, skills, and damage. The developers are preparing to release the next major patch soon, ensuring players are informed about the data breach before diving into new content.

To bolster security, Grinding Gear Games has implemented stringent measures, including the prohibition of linking third-party accounts to staff accounts and the introduction of more robust IP restrictions. The community has responded variably to the breach, with some commending the developers' transparency, while others demand the addition of two-factor authentication to Path of Exile 2 accounts. Many in the player base are also calling for enhancements in game security, content, and adjustments to endgame difficulty.

[ttpp]