GGG’s Chris Wilson tells forumgoers that on March 23rd, his team realized an “external intruder” was illegally accessing the company network and “several” of its machines.
“While we have no evidence that private user information was taken, we cannot rule this out,” he writes. Among the user information the company stores are email addresses, salted and hashed passwords, IP addresses, and in some cases, names and addresses.
“We believe that the time period that the attacker had access to this information was the ten days from March 13 to March 23 (NZT). We do not store any payment information like credit card numbers. It is stored at the external payment processors we use. There is no way that credit card information could have been accessed.”
The company says its investigation is ongoing and is not currently forcing players to change their passwords, as the level of encryption employed means that even if passwords were yoinked, hackers would have a difficult time actually brute-forcing them. Unless you’re using a crappy password. Don’t use crappy passwords. If you insist on using crappy passwords, or you use your Path of Exile password for other services, a password change is probably a good idea all around.
In happier news, the studio has also released a new dev blog on the creation of sound effects in the game. I warn you, there are goatmen involved, but hey, maybe that’ll take your mind off the whole hacking thing.
