Grinding Gear Games, the developers behind Path of Exile (PoE), have issued a heartfelt apology following a significant security breach that affected their community. The incident, which was detailed in a post on the official PoE forums titled "Data Breach Notification," sheds light on the vulnerabilities exploited and the steps being taken to prevent future occurrences.
Over 66 Accounts Compromised
Developers Promise Better Security Measures
The breach stemmed from a compromised Steam account with administrative privileges, originally created for testing purposes. This account, lacking any linked purchases, phone numbers, or addresses, was easily overtaken by a hacker who used basic information and a VPN to deceive Steam's customer support into granting access. The hacker then utilized the account's admin tools to reset passwords on 66 different PoE 1 and PoE 2 accounts.
The attacker's actions didn't stop at password changes; they also deleted notifications of these changes, effectively covering their tracks. This allowed them to access sensitive personal data including email addresses, Steam IDs, IP addresses, shipping addresses, unlock codes, transaction histories, and private messages. Such information could potentially be used maliciously, posing a risk to the affected users' other online accounts.
In response, Grinding Gear Games has taken decisive action to bolster security. "We have taken steps to ensure that there are more security measures around admin accounts so that this can not happen again. No 3rd party accounts are allowed to be linked to any staff accounts and we have added significantly more stringent IP restrictions. We are incredibly sorry for this lapse in security. The measures taken to secure the admin website really should have already been in place and in the future we will be taking even more steps to make sure that this kind of issue never occurs again," the developers stated in their apology.
The community's response on the forum was mixed, with some players appreciating the transparency of Grinding Gear Games, while others called for the implementation of two-factor authentication (2FA) to enhance account security. As the developers work on these improvements, PoE players are advised to change their passwords and remain vigilant about their account information to safeguard against potential future threats.
