In Path of Exile 2, unknown hackers managed to access players’ data. Now the developers have released a statement.
What kind of hack was this? As was recently reported, hackers managed to gain access to a “Path of Exile 2” account that was equipped with admin rights. The account belongs to a developer at Grinding Gear Games.
The PoE2 account was linked to a Steam account that had been created a long time ago for testing purposes. This Steam account had no purchases and was virtually blank. However, the attackers managed to present sufficient information to Steam Support to gain access to the account by posing as the actual owner.
According to reports from the developers, all they needed was the account’s email, the account name, and a VPN that masked the IP address so that it appeared to come from the same country as the one from which the account was created.
With access to the admin account, the hackers could do a lot, as the developers mentioned in their statement.
Do you already know about this useful NPC?
Statement clarifies, this data is affected
What data did the hackers have access to? With the captured admin account, the hackers had the ability to access a lot of user data, as the developers explained in a statement on pathofexile.com.
According to the developers, the hackers were able to change the passwords of 66 accounts to randomly generated passwords. This didn’t raise immediate suspicion because the actions were incorrectly stored in the developers’ tool and could therefore be deleted by the hackers.
In their statement, the developers explained that the hackers gained access to data from a significant number of users through the admin account. They were able to view the following data from their victims:
- Email address: If an email address is associated with the account.
- Steam ID: If a Steam ID is associated with the account.
- IP addresses: A list of IP addresses that were previously used with the account.
- Shipping address: If physical goods were delivered to the account, the associated shipping address.
- Current unblock code: The code needed to unlock an account that has been locked due to logins from a different region.
The developers do not specify which accounts were actually viewed by the hackers. It is therefore quite possible that the addresses of content creators or the developers themselves may have fallen into the hackers’ hands. But you personally could also be affected.
According to the developers, the hackers did not have access to your password or the password hashes, which are the encrypted codes in which your password was stored. Instead, the hackers looked into the transaction history of some accounts and examined past purchases.
The hackers also had access to private messages, the developers explain. Especially, but not exclusively, the private messages of the developers seemed to be the target of the hackers.
Are accounts at risk? Yes, in fact, the risk of a hack on your PoE2 account is now increased. If you use the same password and email address across multiple websites, which the hackers now know, they could take over your PoE2 account.
Your passwords could already be circulating in hacker databases due to hacks from other sites and combined with your email could lead to the loss of your account. Also, the additional protection provided by the unblock code that you would need to enter should you log in from a new region is nullified by the hack.
What measures are the developers taking now? In their statement, the developers explained what the next steps will be. In the future, it will be prohibited for developers to connect their PoE2 accounts with third-party sites. Additionally, stricter IP restrictions are to be implemented.
In conclusion, the developers write: ‘We sincerely apologize for this security breach’ (via pathofexile.com) and promise to take measures to better protect the admin site from attacks in the future.
A tip on what affected players should do now or whether legal action has been taken against the hackers is missing from the statement. Furthermore, it remains unclear which accounts are actually affected.
Consequently, the community is calling on Reddit for the developers to send an email to all affected accounts detailing which data the hackers had access to. Just the thought that unauthorized individuals could now know where one lives is something gamers do not find good.
Especially for content creators, the publication of their address could mean a lot of trouble. One particular content creator advocates for the community by conducting experiments in video games. Recently, he focused on a stat value in Path of Exile 2: YouTuber was afraid of disappointing his audience: Now explains why he took out monsters in Path of Exile 2 for 16 days
