Summary
Grinding Gear Games, the developers behind Path of Exile 2, have confirmed a data breach that occurred during the week of January 6, 2025. The breach stemmed from a compromised developer's admin account linked to Steam, which led to the exposure of player email addresses, Steam IDs, IP addresses, and other sensitive information.
In response to the breach, Grinding Gear Games has taken immediate action to enhance the security of their admin accounts and prevent future incidents. This includes locking the compromised account, enforcing password resets across all admin accounts, and implementing stricter security measures such as disallowing third-party account linkages and applying more stringent IP restrictions.
Since its early access launch in December 2024, Path of Exile 2 has enjoyed a robust player base, fueled by continuous updates and developer engagement. A recent update improved performance on the PlayStation 5 and addressed issues related to monsters, skills, and damage. The next major patch, which introduces new content, is expected soon.
The breach was facilitated through a compromised developer's Path of Exile account, which was linked to an old Steam testing account. This allowed the attacker to access the developer portal and affect other accounts. The attacker exploited a bug to delete logs and set random passwords on 66 accounts, compromising data such as email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes.
Despite the breach, no passwords or password hashes were accessible through the customer service portal. However, there was a risk that the attacker could use the compromised email addresses to bypass region locking on Steam-linked accounts. The attacker also accessed transaction and private message histories for some accounts.
The community has responded variably to the breach, with some appreciating the transparency from Grinding Gear Games, while others demand additional security measures like two-factor authentication. Players also express interest in further security improvements, alongside enhancements to in-game content and adjustments to the game's endgame difficulty.
