Topic-icon Path of Exile: Potential User Data Breach

  • Kazara
  • Kazara's Avatar Topic Author
  • Offline
  • Community Manager
  • Community Manager
More
1 month 3 weeks ago #45358 by Kazara
Kazara created the topic: Path of Exile: Potential User Data Breach
www.pathofexile.com/forum/view-thread/1874476

Late on Thursday, March 23rd (NZT), we became aware that there was an external intruder illegally connected to our office network and that the attacker had compromised several machines. We immediately severed all internet connectivity and began the process of reformatting all computers and rebuilding a new clean network with increased security measures in place.

While we have no evidence that private user information was taken, we cannot rule this out. The personal information that we store can include:

An email address.
A salted and hashed password.
Recent IP addresses used to access the game and website.
For users who have had goods shipped to them, a name and physical address.


To reiterate, we have no evidence that the above data was accessed, but our investigation is still ongoing.

We believe that the time period that the attacker had access to this information was the ten days from March 13 to March 23 (NZT).

We do not store any payment information like credit card numbers. It is stored at the external payment processors we use. There is no way that credit card information could have been accessed.

Our passwords are salted and hashed, which means that if the password data were stolen, the passwords would need to be brute-forced before they could be used. Due to the salting, this would have to be done for each user individually. Such bruteforcing would take tens of years or longer for secure passwords, but may be a matter of days or weeks of computation (per user) for weak passwords. Weak passwords are ones like "password123" that are easy to guess. The longer and more complex the password, the better.

We have no evidence the password database was accessed and are not aware of any compromised Path of Exile accounts, so we are not forcing all users to change their passwords at this stage. However, we would recommend changing your Path of Exile password if it's weak. If you're sharing this password with other services then we recommend you change those also. We always suggest you use a unique password for Path of Exile (regardless of whether it's weak or not).

We are truly sorry about this potential breach of personal information. It should not have occurred and we are working to ensure it will not happen again.

If the Democrats didn't have double standards, they'd have none at all.

Please Log in or Create an account to join the conversation.

Time to create page: 0.141 seconds

Fringers Online

We have 79 guests and one member online

  • Kazara