PoE 2 Experiencing Rampant Hacking and Security Crisis
Path of Exile 2 has seen an increase in hacking cases as multiple players have flocked to the game’s Reddit page to voice their complaints. Many users reported that their essential PoE 2 items and currencies have gone missing after logging back in. With so many cases disclosed, many wonder if Path of Exile is experiencing a massive data breach.
Table of Contents
Players Report Accounts Being Hacked
Many players have reported that their accounts have been hacked, and several notable items are missing from the stashes and premium tabs. Hackers have been targeting Divine Orbs and rare items such as Headhunter and Mageblood, leaving the rest intact. Players can still access their accounts, and the culprits are only after valuable PoE 2 items. While this might be the case for now, gamers are understandably worried about their accounts’ security and what hackers might do next.
Initially, the hacks were only reported among those using the Path of Exile 2 native launcher. However, others using Steam also announced they’ve experienced similar issues. Similarly, those hacked on this platform were also only robbed of their valuable items and currencies.
How Hackers are Accessing PoE 2 Accounts
Strangely, the hackers are not triggering any login notifications or 2FA prompts. This situation sparked great concern in the community since these systems were in place to notify users about suspicious login attempts or whether someone was attempting to breach their accounts. If these fail-safes weren’t triggered, then it’s likely that the hackers were using stolen sessionIDs or cookies to access account instances.
If this were the case, then security measures might not be practical, as hackers bypass these steps. It’s still unclear how the culprits are accessing or manipulating game session IDs. Despite the severity of this situation, Grinding Gear Games has yet to address the issue, so it’s unknown how devs will remedy the problem.
In the meantime, we recommend players remove third-party apps from their PCs. Any Chrome or browser extensions that record data or keys that you type might also cause vulnerability. These steps should be taken until GGG fully addresses the situation.
