Grinding Gear Games, the developers behind Path of Exile, have issued a heartfelt apology following a significant security breach that affected their community. The incident, which involved a compromised test Steam account with administrative privileges, has led to immediate action and promises of enhanced security measures. Dive deeper to understand the breach and the steps being taken to safeguard the future of Path of Exile.
Over 66 Accounts Compromised
In a detailed post on the official Path of Exile forums titled "Data Breach Notification," Grinding Gear Games outlined the unfortunate events that transpired earlier this month. A hacker gained access to a Steam account used for testing purposes, which unfortunately had admin rights. This breach allowed the attacker to manipulate 66 accounts across Path of Exile 1 and 2 by changing their passwords using tools typically reserved for customer support.
The compromised account, established long ago for testing, lacked any linked purchases, phone numbers, or addresses, making it easier for the hacker to deceive Steam's customer support. By providing basic information such as the email address and account name, and using a VPN to mimic the account's country of origin, the attacker successfully impersonated the account holder.
The hacker's actions didn't stop at password changes; they also deleted notifications of these changes, effectively covering their tracks. This allowed them to access sensitive personal data, including email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. Additionally, the transaction history and private messages of some accounts were viewed, raising concerns about potential misuse of this information for malicious purposes.
Grinding Gear Games responded swiftly, stating, "We have taken steps to ensure that there are more security measures around admin accounts so that this can not happen again. No 3rd party accounts are allowed to be linked to any staff accounts and we have added significantly more stringent IP restrictions. We are incredibly sorry for this lapse in security. The measures taken to secure the admin website really should have already been in place and in the future we will be taking even more steps to make sure that this kind of issue never occurs again."
The community's response on the forum thread was mixed, with some players praising the developers for their transparency and others calling for the implementation of two-factor authentication (2FA) to bolster account security. While Grinding Gear Games has not yet announced plans for 2FA, the community's feedback underscores the importance of such measures. In the meantime, Path of Exile players are advised to change their passwords and remain vigilant about their account information to protect themselves from potential future threats.
