Path of Exile 2 confirms data breach

Summary

Path of Exile 2 developer Grinding Gear Games confirms that a data breach occurred during the week of January 6, 2025.
The breach was caused by a user gaining access to a developer account, which was linked to Steam.
Player email addresses, Steam IDs, IP addresses and other information were compromised in the breach.

Grinding Gear Games confirmed it Path of Exile 2 experienced a data breach after one of the developer's admin accounts was compromised. The Path of Exile 2 developers also outlined their next steps to improve the security of their admin accounts and ensure breaches won't happen again in Path of Exile 2 and its predecessor, which players can both log into with a shared account.

After the Early Access release in December 2024, Path of Exile 2 has maintained a healthy player base thanks to a steady flow of updates and communication from the developers at Grinding Gear Games. One of the latest updates improved the game's performance on PlayStation 5 and fixed issues involving monsters, skills, and damage. Path of Exile 2's the next major patch will be released soon, and Grinding Gear Games addressed the situation involving the data breach before players log back into the game and play the patch's new content.

path-of-exile-2-poe2-diablo-4-d4-comparison-templar-paladin-crusader-class-archetype-missing-first-last-time-good-bad-why

Family

Path of Exile 2 Can't Beat Diablo 4 to the Punch with One Class

Comparisons between Path of Exile 2 and Diablo 4 are made quite often, and the former may end up adding a class before the latter.

Grinding Gear Games official Path of Exile 2 the forum was updated with a new message from the developers, confirming that they became aware of the data breach the week of January 6, 2025. An account with administrator access to the site owned by one of the developers has been compromised, giving the user access to tools that Path of Exile 2's customer support teams usually use. Shortly after this discovery, the Path of Exile 2 developers immediately locked the account and forced password resets for all other admin accounts. A subsequent investigation discovered that The path of exile account that was compromised was linked to an old Steam account used for testing, giving the user enough information to steal the account. Even if the Steam account had no purchases or personal information associated with the developer, access to the developer's The path of exile account meant that the user could affect other accounts through the developer portal.

Path of Exile 2 developer Grinding Gear Games confirms data breach involving compromised staff account

The data breach compromised the following information for a “significant number” of accounts.
Compromised data includes email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes.

The attacker set random passwords on 66 accounts, and a bug allowed them to delete logs that showed where changes had taken place. Grinding Gear Games confirmed that the bug does not exist for other support actions and has been fixed, but the breach allowed the attacker to view account information for a “significant number” of accounts on the developer portal. As a result, email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes were compromised.

Although no passwords or password hashes were visible through the customer service portal, Grinding Gear Games said it was possible the attacker could have compared email addresses with lists of compromised passwords from other websites to bypass region locking for accounts linked to Path of Exile 2 on Steam. For some accounts in the breach, the attacker was able to view transaction history, along with private message history from Grinding Gear Games staff. To prevent this breach from happening again, third-party accounts can no longer be linked to staff accounts, and there are “significantly stricter” IP restrictions.

Community response to the breach has been mixed, with some players praising the developers for being transparent about the data breach, while others are calling for two-factor authentication to be added. Path of Exile 2 accounts. It's clear that a notable portion of the player base would like to see some improvements to security and content in the game, along with tweaks to endgame difficulty Path of Exile 2.

Path of Exile 2 is a next-generation free-to-play action RPG created by Grinding Gear Games. Travel across the deadly continent of Wraeclast, encountering multiple immersive cultures while facing off against evil in many forms. Path of Exile 2 features twelve character classes, 240 skill gems, hundreds of equipment base types, a six-act campaign, more than a hundred unique boss fights, a deep endgame system, and so much more. Play with your friends without losing any progress with co-op, cross-play and cross-progression.

System