A Troubling Security Lapse
In a recent development that has caught the attention of many gamers, Grinding Gear Games has issued an apology for a significant data breach impacting approximately 66 accounts from both Path of Exile 1 and Path of Exile 2. The breach was a result of social engineering, which exploited an outdated, unsecured Steam profile linked to an admin account.
The Hacker’s Tactics
According to Game Director Jonathan Rogers, the hacker cleverly utilized a bug in the studio’s audit log system to conduct this attack. Instead of treating password resets as critical actions, they were merely documented as “notes.” This allowed the attacker to manipulate account security by deleting their tracks while they set random passwords on the compromised accounts.
A Serious Apology and Future Precautions
Grinding Gear Games has acknowledged the potential exposure of personal information, with the risk extending to email addresses, Steam IDs, IP addresses, shipping addresses, and even transaction histories. In light of this unfortunate event, the company has promised to heighten security measures for admin accounts, ensuring that no third-party accounts are linked to staff accounts. As they admit, “We are incredibly sorry for this lapse in security,” it’s clear that players will need to remain vigilant about their personal data while the developers work on tightening security protocols.