It appears it’s that time again guys. Just to be cautious, you might want to change your Path of Exile passwords. Grinding Gear Games revealed the discovery of a data breach on their servers on the PoE forums this week, noting that they have no evidence that user info was taken but they can’t rule it out either.
Late on Thursday, March 23rd (NZT), we became aware that there was an external intruder illegally connected to our office network and that the attacker had compromised several machines. We immediately severed all internet connectivity and began the process of reformatting all computers and rebuilding a new clean network with increased security measures in place.
If player data was taken, GGG notes that it could include email addresses, salted and hashed passwords, recent IP addresses, and the names and physical address of any players who have had goods shipped to them. Supposedly the attacker had about ten days with access to this information — a good amount of time to save this information should they want to.
Grinding Gear Games does emphasize that their passwords are salted and hashed, so if they were stolen the attacker would have to spend time brute-forcing each one before they could use it. The implication here is that you’re probably pretty safe. But you might just want to take that extra security step and change it anyway.