“We are incredibly sorry”: the creators of Path of Exile 2 apologized for the leak of player data and revealed the scale of the tragedy

The developers of the fantasy role-playing action game Path of Exile 2 from the New Zealand studio Grinding Gear Games (GGG) have revealed the scale of a recent hacker attack, due to which at least 66 player accounts were hacked.

Image source: Grinding Gear Games

Let us remind you that the attacker managed to take over the administrator account of the Path of Exile website thanks to an abandoned Steam account associated with it, and a bug in the GGG system allowed the hacker to cover his tracks for some time.

In a recent interview, development manager Jonathan Rogers admitted that he does not know the scale of the tragedy, and in a new publication on the official Path of Exile forum they did not hide them.

As a result of the hack, the attacker gained the rights of a support employee

The hacker looked at the data of a “significant number” of users, including email, shipping and IP addresses, Steam ID and unlock codes, and in the case of some, transaction and private message history.

The attacker could also “break” the found email addresses through public databases of hacked passwords from other sites to find PoE accounts with the same password to bypass regional restrictions using unlock codes.

GGG services still do not support two-factor authentication

GGG assured that it has taken the necessary steps to ensure the situation does not happen again and will strengthen security measures in the future, but in the meantime: “We are incredibly sorry for this security gap.”

Path of Exile 2 paid early access started on December 6, 2024 on PC (Steam, EGS, separate client), PS5, Xbox Series X and S. By the end of the week, GGG plans to release patch 0.1.1 for the game.