“We totally screwed up”: Path of Exile 2 developers allowed at least 66 player accounts to be hacked

Path of Exile 2 development director Jonathan Rogers spoke about a hacker attack on Grinding Gear Games (GGG) in a recent interview with streamers Darth Microtransaction and GhazzyTV.

Image Source: Grinding Gear Games

According to Rogers, an unknown hacker recently gained access to the administrator account of the official Path of Exile website through an abandoned Steam account associated with it.

The attacker managed to convince Steam support (by providing credit card information) that he was the owner of the account in question, and a bug on the Grinding Gear Games side made the situation worse.

Steam allows you to verify ownership by providing payment information or activated keys (image source: Steam)

As it turned out, the studio’s software logged password resets for Path of Exile 2 accounts as not audit events, but notes that the hacker could safely delete, covering his tracks.

«“I don’t have all the information on the extent of what happened, but I can say that 66 notes were deleted, so 66 accounts were potentially compromised,” Rogers said, noting that the audit trail only records activity for the last 30 days.

66 notes have been deleted in the last 30 days, meaning there could potentially be more (Image source: Grinding Gear Games)

GGG is committed to fixing the vulnerability: “We have since implemented additional security measures that should have properly been in place to address the issue. All this suggests is that we are completely screwed.”

Path of Exile 2 paid early access started on December 6, 2024 on PC (Steam, EGS, separate client), PS5, Xbox Series X and S. By the end of the week, GGG plans to release patch 0.1.1 for the game (see video below).