

An email address.

A salted and hashed password.

Recent IP addresses used to access the game and website.

For users who have had goods shipped to them, a name and physical address.

To reiterate, we have no evidence that the above data was accessed, but our investigation is still ongoing.



We believe that the time period that the attacker had access to this information was the ten days from March 13 to March 23 (NZT).



We do not store any payment information like credit card numbers. It is stored at the external payment processors we use. There is no way that credit card information could have been accessed.



Our passwords are salted and hashed, which means that if the password data were stolen, the passwords would need to be brute-forced before they could be used. Due to the salting, this would have to be done for each user individually. Such bruteforcing would take tens of years or longer for secure passwords, but may be a matter of days or weeks of computation (per user) for weak passwords. Weak passwords are ones like "password123" that are easy to guess. The longer and more complex the password, the better.



We have no evidence the password database was accessed and are not aware of any compromised Path of Exile accounts, so we are not forcing all users to change their passwords at this stage. However, we would recommend



We are truly sorry about this potential breach of personal information. It should not have occurred and we are working to ensure it will not happen again. While we have no evidence that private user information was taken, we cannot rule this out. The personal information that we store can include:To reiterate, we have no evidence that the above data was accessed, but our investigation is still ongoing.We believe that the time period that the attacker had access to this information was the ten days from March 13 to March 23 (NZT).We do not store any payment information like credit card numbers. It is stored at the external payment processors we use. There is no way that credit card information could have been accessed.Our passwords are salted and hashed, which means that if the password data were stolen, the passwords would need to be brute-forced before they could be used. Due to the salting, this would have to be done for each user individually. Such bruteforcing would take tens of years or longer for secure passwords, but may be a matter of days or weeks of computation (per user) for weak passwords. Weak passwords are ones like "password123" that are easy to guess. The longer and more complex the password, the better.We have no evidence the password database was accessed and are not aware of any compromised Path of Exile accounts, so we are not forcing all users to change their passwords at this stage. However, we would recommend changing your Path of Exile password if it's weak. If you're sharing this password with other services then we recommend you change those also. We always suggest you use a unique password for Path of Exile (regardless of whether it's weak or not).We are truly sorry about this potential breach of personal information. It should not have occurred and we are working to ensure it will not happen again. YouTube |

Lead Developer. Follow us on: Twitter Facebook | Contact Support if you need help! Last edited by Chris on Mar 28, 2017, 3:29:22 PM Last bumped on Apr 21, 2017, 7:25:19 PM

Posted by

Chris

on Grinding Gear Games on