Path of Exile 2 Admin Account Hack Exposes Security Flaws

A compromised admin account led to the theft of in-game items from at least 66 player accounts, with developers admitting to critical security lapses.

A hacker gained access to a Path of Exile 2 admin account through a compromised Steam account, exploiting outdated account links and social engineering tactics.
At least 66 player accounts were affected, with hackers stealing valuable in-game items such as Divine Orbs and end-game gear accumulated over hundreds of hours of gameplay.
A backend bug allowed password changes to be logged as editable notes instead of permanent audit events, enabling the hacker to delete evidence of their actions.
Grinding Gear Games acknowledged their security failures, implemented new measures like removing Steam links from admin accounts, and promised two-factor authentication for support accounts.
The developers stated that stolen items cannot be restored and have not announced compensation for affected players, leaving the losses irreversible.