Security Breach Compromises 66 Accounts in Path of Exile 2
Gaming/News

Security Breach Compromises 66 Accounts in Path of Exile 2

A recent security breach in Path of Exile 2 compromised approximately 66 accounts due to a combination of an outdated Steam account and a backend bug, prompting immediate action from the developers.

Path of Exile 2 has recently been facing challenges, particularly a security breach that led to the compromise of approximately 66 accounts.

According to a recent stream featuring streamers Darth Microtransaction and GhazzyTV, game director Jonathan Rogers addressed the data breach. He mentioned that it was a result of unauthorized access obtained through an old, inactive Steam account associated with an admin account.

“We now understand how that happened—we don’t fully understand the scope of everything that occurred here, but we’re sort of in the process of looking at logs, and so on … there were a few really ***** things that occurred here that I’m very unhappy about.”
(Translation: We’re currently reviewing logs to uncover the full scope of the unauthorized access, and there are several troubling aspects that concern me.)

The breach was triggered by social engineering techniques, which allowed the hacker access through the old Steam account. According to Rogers, the hacker likely possessed some personal information such as credit card details to facilitate the hacking.

Steam’s “proof of ownership” system potentially enabled this unauthorized access, as it allows the use of a credit card’s associated details for password resets.

The issue was compounded by a flaw in the studio’s software, which misclassified password resets as ’notes’ rather than ‘audit events,’ allowing someone with administrative permissions to delete them and cover their tracks.

Rogers noted:

“Since then we’ve added a bunch of extra security stuff that, honestly, should’ve already been in place around this to sort this out. We totally messed up with the security on this account.”
(Translation: We’ve implemented additional security measures that should have been established previously to prevent this incident. We recognize our oversight regarding account security.)

This breach underscores the importance of vigilance in cybersecurity, especially in an era where data breaches are becoming commonplace. The team at Grinding Gear Games is committed to addressing and repairing these vulnerabilities promptly.

Next article

AMD Ryzen/Radeon 7900-Series Gaming PC Available at a Reduced Price

Newsletter

Get the most talked about stories directly in your inbox

Every week we share the most relevant news in tech, culture, and entertainment. Join our community.

Your privacy is important to us. We promise not to send you spam!