Path of Exile developer, Grinding Gear Games, has issued a sincere apology for a recent data breach stemming from a compromised test Steam account with administrator privileges. This article details the events and the steps taken to prevent future occurrences.
Over 66 Accounts Compromised
Enhanced Security Measures Promised
Grinding Gear Games' official PoE forum post, "Data Breach Notification," explains the breach. A hacker compromised a Steam account with admin access, subsequently altering passwords on 66 Path of Exile (PoE) 1 and PoE 2 accounts. This was achieved using tools normally employed by customer support. The compromised admin account, created long ago for testing, lacked linked purchases, phone numbers, or addresses, allowing the attacker to deceive Steam support using minimal information (email address, account name, and a VPN masking their location).
The hacker cleverly deleted password change notifications, concealing their actions. Access to sensitive data, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages, was gained. This information poses a significant risk to affected users.
The post concludes with Grinding Gear Games' commitment to enhanced security: "We have taken steps to ensure that there are more security measures around admin accounts so that this cannot happen again. No 3rd party accounts are allowed to be linked to any staff accounts and we have added significantly more stringent IP restrictions. We are incredibly sorry for this lapse in security. The measures taken to secure the admin website really should have already been in place and in the future we will be taking even more steps to make sure that this kind of issue never occurs again."
Community responses highlight both appreciation for the developer's transparency and calls for two-factor authentication (2FA) to bolster account security. While the implementation of 2FA remains pending, players are urged to change their passwords and remain vigilant.
