Path of Exile 2 Confirms Data Breach

Path of Exile 2 Developer, Grinding Gear Games, Addresses Data Breach

Grinding Gear Games recently disclosed a data breach affecting Path of Exile 2 players. The breach, discovered the week of January 6th, 2025, stemmed from a compromised developer account linked to Steam. This unauthorized access granted the perpetrator access to sensitive player data.

The compromised information included email addresses, Steam IDs, IP addresses, and for a significant number of accounts, shipping addresses and unlock codes. While passwords and password hashes were not directly accessible, the potential for the attacker to leverage compromised email addresses against known password lists to circumvent regional account restrictions remains a concern. In some cases, transaction and private message histories were also viewed.

Grinding Gear Games swiftly responded by locking the compromised account, initiating password resets for all admin accounts, and launching a thorough investigation. The investigation revealed a vulnerability allowing the attacker to delete logs, a bug since rectified. Further preventative measures now prohibit linking third-party accounts to staff accounts and implement significantly stricter IP restrictions.

The developer's transparency regarding the breach has garnered mixed reactions from the community. While some commend their open communication, others advocate for the implementation of two-factor authentication for enhanced account security. The incident highlights the ongoing need for robust security measures within online gaming platforms.