Grinding Gear Games potential data breach (Path of Exile)

That Norwegian Guy · March 29, 2017

The bigger the fish the likelier the target. The recently over-performing (in Steam charts) Path of Exile and its developer Grinding Gear Games may have been the target of an on-site data access by an uninvited party spanning a whopping 10 days. It is unknown what, if anything, the would-be infiltrator made away with.

Hopefully cracking these passwords will be at least as difficult as creating a worthwhile character build in the notoriously deep ARPG.

GGG assures us that its passwords are stored both salted (the process of adding a unique string to each password) then hashed, and it would take years or even decades to brute force strong passwords - and rather worryingly - days or weeks to crack a weak one. If you're the type of person to make your passwords "QWERTY12345" or similarly anemic strings, it would be wise to change it. It wouldn't be unwise for anyone to change it however, strong or not.

Other things that could have been breached are things like IP addresses of recently active players, and physical addresses of people who had physical products shipped to them.

Another juicy target at GGG; although this is my own input and not that of GGG's announcement, would be any inside scoops about its upcoming giga-update, promising a 2.5X multiplication of the games content. The game will by the end of the year be expanded to 10 acts compared to the current 4, which has a lot of people interested (as recent Steam charts will attest to)

Source: https://www.pathofexile.com/forum/view-thread/1874476