"Path of Exile 2 Data Breach Confirmed"

Summary

Grinding Gear Games, the developer behind Path of Exile 2, has confirmed a data breach that occurred during the week of January 6, 2025. The breach was initiated when a user gained access to a developer's admin account, which was linked to an old Steam account used for testing. This unauthorized access compromised a significant number of player accounts, exposing email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes.

Following the discovery of the breach, Grinding Gear Games took immediate action by locking the compromised account and resetting passwords for all other admin accounts. The investigation revealed that the attacker exploited a bug to delete logs, which has since been fixed. Although no passwords or password hashes were directly accessible through the customer service portal, the attacker could potentially use the compromised email addresses to bypass region locking on Steam-linked accounts.

In response to the breach, Grinding Gear Games has implemented stricter security measures, including prohibiting the linking of third-party accounts to staff accounts and enforcing more stringent IP restrictions. The community has responded variably, with some appreciating the transparency, while others demand enhanced security features like two-factor authentication.

Since its early access release in December 2024, Path of Exile 2 has continued to engage its player base with regular updates, including recent performance enhancements for PlayStation 5 and fixes for in-game issues. The next major patch, set to introduce new content, is eagerly anticipated by players.

Grinding Gear Games remains committed to improving both the security and gameplay experience of Path of Exile 2, ensuring that such breaches do not recur and addressing community feedback regarding security and game content.