Grinding Gear Games, developer of Path of Exile 2 reports data breach
Learn More
Grinding Gear Games (GGG), the developer of Path of Exile 2, is reporting a significant data breach that occurred during the week of January 6, 2025.
An attacker gained unauthorized access to a developer's admin account through its connection to an old Steam testing account. This compromised account provided access to customer support tools and the developer portal.
Exposed data includes:
- Email addresses
- Steam IDs
- IP addresses
- Shipping addresses
- Unlock codes
- Transaction histories (for some accounts)
- Private message history with GGG staff (for some accounts)
The total number of affected accounts is not clear, but the attacker set random passwords on 66 accounts.
The incident was complicated by a bug that allowed the attacker to delete logs of their actions, making it more difficult to track the full extent of the compromise.
Although no password hashes were directly exposed during the breach, there is concern that the attacker could potentially match the exposed email addresses against known compromised passwords from other breaches to attempt unauthorized access.
Grinding Gear Games locked down the compromised account, forced password resets for all admin accounts, removed the ability to link third-party accounts to staff accounts, and implemented stricter IP restrictions. The bug that allowed log deletion has also been fixed.
