Path of Exile 2 Apologizes for Major Data Breach
Grinding Gear Games, the developer behind the popular game Path of Exile, has issued an apology following a significant security breach. This incident, which compromised over 66 accounts, was triggered by a hacker gaining access to a test Steam account with admin rights. Let's delve into the details of what happened and the steps being taken to prevent future occurrences.
Over 66 Accounts Compromised
In a recent post on the official Path of Exile forums titled "Data Breach Notification," Grinding Gear Games outlined the breach's specifics. A hacker exploited a Steam account originally created for testing, which had admin access but lacked any linked personal information such as purchases, phone numbers, or addresses. By using minimal information like the email address, account name, and a VPN to mimic the same country location, the attacker successfully deceived Steam's customer support to gain control of the account.
Once inside, the hacker used the customer support tools to reset passwords on 66 different Path of Exile 1 and 2 accounts, subsequently deleting the notification emails to avoid detection. This breach allowed the hacker to access sensitive personal data including email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. They also viewed transaction histories and private messages, raising concerns about potential misuse of this information for malicious purposes.
Developers Promise Better Security Measures
In response to the breach, Grinding Gear Games has committed to enhancing security protocols. The statement on the forum reads, "We have taken steps to ensure that there are more security measures around admin accounts so that this cannot happen again. No 3rd party accounts are allowed to be linked to any staff accounts, and we have added significantly more stringent IP restrictions. We are incredibly sorry for this lapse in security. The measures taken to secure the admin website really should have already been in place, and in the future, we will be taking even more steps to make sure that this kind of issue never occurs again."
Community feedback on the forum has been mixed, with some players appreciating the transparency from the developers, while others are calling for the implementation of two-factor authentication (2FA) to bolster account security. Although Grinding Gear Games has not yet confirmed plans for 2FA, players are encouraged to change their passwords and remain vigilant about their account information until further security enhancements are implemented.
