Path of Exile 2 Confirms Data Breach

Path of Exile 2 Developer, Grinding Gear Games, Addresses Data Breach

Grinding Gear Games recently disclosed a data breach affecting Path of Exile 2 players. The breach, discovered the week of January 6th, 2025, stemmed from a compromised developer account linked to Steam. This unauthorized access granted the perpetrator tools typically used by Path of Exile 2's customer support team.

The compromised data included a significant amount of player information, encompassing email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. While passwords and password hashes remained inaccessible via the customer support portal, the risk of password reuse across platforms remains a concern. The attacker also accessed transaction and private message histories for some accounts. Furthermore, a temporary bug allowed the deletion of logs tracking account modifications; however, this vulnerability has since been rectified.

In response, Grinding Gear Games immediately secured the compromised account, implemented mandatory password resets for all admin accounts, and enhanced security protocols. These improvements include eliminating the linking of third-party accounts to staff accounts and implementing stricter IP restrictions.

Player reaction has been varied, with some commending the developer's transparency while others advocate for the implementation of two-factor authentication. The incident highlights the ongoing need for robust security measures in online gaming. Grinding Gear Games is committed to preventing future breaches and improving overall account security for both Path of Exile 2 and its predecessor.