Path of Exile 2 has been carving out a lovely little niche for itself, based on how many hours of monster-smashing my colleagues here at PC Gamer have been pumping into it.
But it hasn't come without its roadbumps—like, for example, a recent security breach that saw an estimated 66 (potentially more) accounts compromised.
That's as per a recent interview with streamers Darth Microtransaction and GhazzyTV. When asked whether there was data breach at Grinding Gear Games, game director Jonathan Rogers states that «there has been a situation where someone got access to an admin account,» but that the full extent is yet to be seen. «We now understand how that happened—we don't fully understand the scope of everything that occurred here, but we're sort of in the process of looking at logs, and so on … there were a few really shitty things that occurred here that I'm very unhappy about.» As Rogers puts it, the hacker in question managed to pry open access to the admin account through a bit of social engineering—which, when referring to cyber security, means the practice of sneakily getting secondary information via human interaction to achieve a hack, rather than hacking directly.
The weak point in GGG's armour here was an old Steam account that the admin was no longer using, but that was nonetheless linked. "[The person who] had it attached didn't really consider the fact that this old Steam account they weren't using anymore was attached to their admin account … that got compromised through Steam support." While Rogers doesn't know the exact details, he states that the hacker must've had some personal details such as credit card information.
Steam's «proof of ownership» page, for instance, will let you use a Visa credit card's name, billing address, and last four digits to reset a password to an account—all things a malicious actor could obtain via social engineering.