Path of Exile developer, Grinding Gear Games, has issued a sincere apology for a recent security breach stemming from a compromised test Steam account with administrator privileges. This article details the events and the steps taken to prevent future occurrences.
Over 66 Accounts Compromised
Enhanced Security Measures Promised
Grinding Gear Games' official PoE forum post, "Data Breach Notification," explains that a hacker compromised a Steam account with admin access to the game. This allowed the attacker to reset passwords on 66 Path of Exile (PoE) accounts (both PoE 1 and PoE 2). The compromised admin account, created long ago for testing and lacking linked purchases, phone numbers, or addresses, was vulnerable. The attacker successfully impersonated the account owner to Steam support using minimal information (email address, account name) and a VPN to mask their location.
The hacker cleverly deleted password change notifications, concealing their actions from account holders. Access to sensitive data, including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages, was gained. This information poses a significant risk to affected users, potentially jeopardizing other online accounts.
Grinding Gear Games stated, "We have implemented enhanced security measures for admin accounts to prevent recurrence. Third-party account linking to staff accounts is prohibited, and significantly stricter IP restrictions are now in place. We sincerely apologize for this security lapse. The necessary admin website security measures should have been in place, and we will take further steps to prevent similar incidents."
Community responses on the forum thread range from appreciation for the developer's transparency to calls for implementing two-factor authentication (2FA) for enhanced security. While the timeline for 2FA implementation remains unclear, players are advised to change their passwords and remain vigilant about their account information.
![Taffy Tales [v1.07.3a]](https://imgs.xfsxw.com/uploads/32/1719554710667e529623764.jpg)
