Path of Exile 2 Confirms Data Breach

Path of Exile 2 Developer, Grinding Gear Games, Addresses Data Breach

Grinding Gear Games publicly acknowledged a data breach affecting Path of Exile 2 that occurred during the week of January 6th, 2025. The breach stemmed from a compromised developer account linked to Steam.

Breach Details:

A developer's administrative account was compromised, granting unauthorized access to tools used by Path of Exile 2's customer support team. This resulted in the exposure of sensitive player data for a substantial number of accounts. Compromised information includes email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. While passwords and password hashes were not directly accessible, the potential for exploiting compromised email addresses from other sources to circumvent region locks existed. In some cases, transaction and private message histories were also viewed.

Grinding Gear Games' Response:

The developer swiftly responded by locking the compromised account, initiating password resets for all admin accounts, and launching a thorough investigation. A bug allowing the deletion of relevant logs was identified and patched. To enhance security, third-party account linking to staff accounts has been disabled, and IP restrictions have been significantly tightened.

Community Reaction and Future Steps:

Community reaction has been varied, with some players commending the developer's transparency while others advocate for the implementation of two-factor authentication. Many players also expressed a desire for enhanced security measures and improvements to in-game content and endgame difficulty.

Summary of Compromised Information:

• Email addresses
• Steam IDs
• IP addresses
• Shipping addresses
• Unlock codes
• (Potentially) Transaction histories for some accounts
• (Potentially) Private message histories with Grinding Gear Games staff

Grinding Gear Games is committed to improving security protocols to prevent future incidents. The company's proactive disclosure and outlined steps to address the breach demonstrate a commitment to player security.