'%20x='0'%20y='0'%20height='100%25'%20width='100%25'%20%0A%20%20%20%20%20%20%20%20%20%20xlink%3Ahref='data:image/jpg;base64,/9j/2wBDAAYEBQYFBAYGBQYHBwYIChAKCgkJChQODwwQFxQYGBcUFhYaHSUfGhsjHBYWICwgIyYnKSopGR8tMC0oMCUoKSj/2wBDAQcHBwoIChMKChMoGhYaKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCj/wgARCAAGAAoDASIAAhEBAxEB/8QAFgABAQEAAAAAAAAAAAAAAAAAAAYH/8QAFQEBAQAAAAAAAAAAAAAAAAAAAQL/2gAMAwEAAhADEAAAAM3mCH//xAAiEAABAwMDBQAAAAAAAAAAAAADAQIEABEhBQYTFlFxcuH/2gAIAQEAAT8AlGfujQBglEMaTFK7jUpLNRuXeVW2K6e7ys+n2v/EABcRAAMBAAAAAAAAAAAAAAAAAAACEgT/2gAIAQIBAT8A2uyTJ//EABkRAAIDAQAAAAAAAAAAAAAAAAECAAMEEv/aAAgBAwEBPwDFWrdAz//Z'%3E%3C/image%3E%3C/svg%3E)
There was a hacker menace in Path of Exile 2 last month, with multiple reports of compromised accounts with swiped currencies and other issues. Now that the dust has settled on the threat, we have some newfound clarity regarding the source of the problem. In a long community interview that took place after the patch 0.1.1 preview, Path of Exile 2 director Jonathan Rogers explained what is currently known about the security breach scare in December.
To give players some reassurance in advance, there was no wider server-side data breach. Instead, a single customer support account was compromised through Steam Support, which led to multiple player accounts being accessed by a rogue third party, as per the game director.
Why the extent of damage done by the compromised Path of Exile 2 admin account is hard to assess
When the question about a potential data breach in GGG was posed during the Path of Exile 2 dev interview, the game director expressed his regret over not being able to publicly address the problem yet. The reason for this inability is that the nature of the situation makes it hard to carry out a full assessment.
Trending
The vector of the hack was an alt Steam account associated with an admin account, which the administrator in question was not mindful of at the time. As game director Jonathan Rogers elaborated in the interview:
"Effectively, what happened is: one of our administrator accounts had a Steam account associated with it, and this was a Steam account that the person who (...) had it attached didn't really kind of know... I mean obviously they could have checked but, like, they didn't really consider the fact that this was like this old Steam account they don't even use anymore was attached to their admin account."
This account was overtaken through a Steam Support exploit, whereafter the credentials of the Steam account were changed. Being an unused decrepit Steam account, this slipped by the account owner's notice.
What particularly hampers a post-mortem investigation of the breach is a secondary backed bug that occurred at the same time. Generally, an audit log is supposed to track all changes made to other accounts via a support/admin account in Path of Exile 2. In this case, the bug wrongly labeled them as editable notes, as the dev explained:
"There was actually a bug where the event for setting a new password on an account was, incorrectly, in the back end labeled as a note rather than an audit event."
Notes can be deleted after the fact, so the hacker in question could have simply expunged the data permanently in a way that audit logs would not have allowed. 66 such notes were deleted, which would imply at least 66 further compromised user accounts in Path of Exile 2. Commenting on this, Rogers said:
"The things were deleted from the freaking event stream... like we literally don't know what happened here (..) the only thing I've got to go by is the web server logs, which don't actually record all the data that's sent in a web request — it's just like the address of the page they went to."
Altogether, this hides the hacker's tracks quite effectively and also makes a complete assessment of the situation impossible. Thankfully, no lasting damage is done in terms of data vulnerability at Path of Exile 2 and GGG, as per Rogers:
"The moment that we realized that something had gone wrong, we just immediately reset all the passwords on all the admin accounts, and deleted all the sessions just to make sure... that everything was kosher."
You can get the full explanation from the game director in the VOD of the interview below (starting at 34:30):
While the developers carry out further log analysis to gather enough data for a public report on the matter, players can at least rest assured that their Path of Exile 2 account and Divine Orb stash are safe... for now.
Check out our other guides on the game:
- Path of Exile 2 Skill Gems and Gemcutting guide
- Path of Exile 2 Endgame systems guide
- Path of Exile 2 Item Crafting guide
- Path of Exile 2 Runes and Sockets guide
- Path of Exile 2 Defense guide
