Path of Exile 2’s lead developers have revealed that a hacker was able to compromise 66 player accounts recently.
As spotted by 404Media, Path of Exile 2’s lead developers, Jonathan and Mark, recently appeared on a podcast with Ghazzy TV and Darth Microtransaction. During this interview, the duo was asked whether there had been a data breach at the studio. Mark responded that there had been a situation where a Steam account got hacked, which gave the hacker access to an admin account on Path of Exile 2’s website.
The developers revealed that they are now aware of how the hacker took over the admin account, but they do not understand the “full scope” of what occurred then. Mark explained that one of their admin accounts was linked to a Steam account, and the user of this account wasn’t aware of that. The Path of Exile 2 hacker compromised this account through Steam support, and as the user was not using the account, the malicious activity wasn’t noticed.
Another reason the Path of Exile 2 hacker went unnoticed was a bug in the system. Mark elaborated that whenever an admin account makes changes, the events are logged into an audit log, which can be checked later. However, due to a bug in the system, the password changes were not recorded as events but as notes instead. The hacker was able to delete these notes, which is why the team at GGG could not tell what was wrong when they looked through the accounts.
Mark confirmed that 66 notes were deleted, which means that the Path of Exile 2 hacker was able to compromise 66 accounts. However, their log history only extends for 30 days, and the hack began 5 days before that, so the full extent is unknown.
Mark stated they would release a report with all the information they could gather in a day or two. They feared GGG’s data would be breached, and the hacker might gain access to the servers, but that wasn’t the case. The development team also added a bunch of more “security stuff,” which Mark admits should have already been in place.
Mark also confirmed that the moment the team realised what was going on, they immediately reset the passwords for all admin accounts and deleted all sessions to ensure their safety. Since then, the Path of Exile 2 hacker has not compromised any other accounts.
In other news, check out the Path of Exile 2 Class Tier List for Early Access. Also, here’s when the game becomes free-to-play. What are your thoughts on the Path of Exile 2 hacker? Let us know in the comments below or on our community forum!
For more from Insider Gaming, read about Nintendo Switch 2 being reportedly revealed this week, and don’t forget to sign up for our weekly newsletter.
Comments