In late January 2025, Grinding Gear Games confirmed a data breach affecting *Path of Exile 2*, which occurred when an unauthorized user gained access to a developer's admin account linked to Steam. The breach exposed sensitive information such as player email addresses, Steam IDs, IP addresses, shipping addresses, and unlock codes. While no passwords or password hashes were directly visible through the compromised portal, the attacker managed to change passwords on 66 accounts and deleted logs showing activity details—a bug that has since been rectified.

The breach originated when the attacker exploited an old Steam account used for testing purposes, which was linked to the compromised developer account. Although no financial or direct personal data was stolen, the exposure of unlock codes posed potential risks, especially regarding region locks for Steam-linked accounts. Additionally, the attacker accessed transaction histories and private messages between players and Grinding Gear Games staff for certain accounts.

In response to the incident, Grinding Gear Games took immediate action by isolating the affected account, forcing password resets across all admin accounts, and implementing stricter measures to prevent future breaches. Key changes include disallowing third-party accounts from linking to staff accounts and enforcing significantly more rigorous IP restrictions. Despite these efforts, the community remains divided; while transparency about the breach has garnered praise, calls for two-factor authentication and further security enhancements persist.

As Path of Exile 2 continues to evolve post-early access, players eagerly anticipate upcoming updates addressing gameplay challenges and content improvements. Meanwhile, Grinding Gear Games remains committed to safeguarding its player base while delivering engaging experiences.