"Path of Exile 2 Data Breach Confirmed"

Summary

• Path of Exile 2 developer Grinding Gear Games has confirmed a data breach that occurred during the week of January 6, 2025, due to a compromised developer's account linked to Steam.
• The breach exposed player email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes.
• Grinding Gear Games has taken immediate action to secure their systems and prevent future breaches.

Grinding Gear Games has announced a significant data breach affecting Path of Exile 2, stemming from a compromised developer's admin account. This account, which was linked to an old Steam test account, allowed unauthorized access to sensitive tools typically used by the customer support team. Upon discovering the breach, the developers swiftly locked the compromised account and enforced password resets across all admin accounts. Their investigation revealed that the attacker exploited this access to view and alter data for a "significant number" of player accounts, affecting email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes.

The breach also led to the attacker setting random passwords on 66 accounts and deleting logs due to a bug, which has since been fixed. Importantly, no passwords or password hashes were accessible through the portal, but the attacker could potentially use the compromised email addresses to bypass region locking on Steam-linked accounts. In response, Grinding Gear Games has implemented stricter security measures, including prohibiting third-party account linking to staff accounts and enhancing IP restrictions.

Following the early access release of Path of Exile 2 in December 2024, the game has continued to engage a robust player base, supported by regular updates and developer communication. Recent updates have enhanced performance on PlayStation 5 and addressed issues with monsters, skills, and damage. The next major patch, set to introduce new content, is eagerly anticipated by the community.

The developers have been transparent about the breach on the official Path of Exile 2 forum, which has elicited a mixed response from the community. While some players appreciate the openness, others are advocating for enhanced security measures, such as two-factor authentication, alongside requests for improvements in in-game content and endgame difficulty adjustments.

Grinding Gear Games remains committed to safeguarding player data and enhancing the gaming experience in Path of Exile 2, as they continue to address both the immediate aftermath of the breach and long-term security enhancements.