Potential User Data Breach

While we have no evidence that private user information was taken, we cannot rule this out. The personal information that we store can include:
  • An email address.
  • A salted and hashed password.
  • Recent IP addresses used to access the game and website.
  • For users who have had goods shipped to them, a name and physical address.

To reiterate, we have no evidence that the above data was accessed, but our investigation is still ongoing.

We believe that the time period that the attacker had access to this information was the ten days from March 13 to March 23 (NZT).

We do not store any payment information like credit card numbers. It is stored at the external payment processors we use. There is no way that credit card information could have been accessed.

Our passwords are salted and hashed, which means that if the password data were stolen, the passwords would need to be brute-forced before they could be used. Due to the salting, this would have to be done for each user individually. Such bruteforcing would take tens of years or longer for secure passwords, but may be a matter of days or weeks of computation (per user) for weak passwords. Weak passwords are ones like "password123" that are easy to guess. The longer and more complex the password, the better.

We have no evidence the password database was accessed and are not aware of any compromised Path of Exile accounts, so we are not forcing all users to change their passwords at this stage. However, we would recommend changing your Path of Exile password if it's weak. If you're sharing this password with other services then we recommend you change those also. We always suggest you use a unique password for Path of Exile (regardless of whether it's weak or not).

We are truly sorry about this potential breach of personal information. It should not have occurred and we are working to ensure it will not happen again.
Lead Developer. Follow us on: Twitter | YouTube | Facebook | Contact Support if you need help!
Last edited by Chris on Mar 28, 2017, 4:29:22 PM
Last bumped on Apr 21, 2017, 8:25:19 PM
Thank you.

-----------------------------------------------------
For those of you unsure of the implications of leaked/stolen password data (even encrypted), watch this video on the subject.

https://www.youtube.com/watch?v=7U-RbOKanYs

It goes over how passwords are stored in the tech industry, and how leaked/stolen data is potentially used.
-----------------------------------------------------

Courtesy of user DougieDoodles
Last edited by cutlerbeast on Mar 30, 2017, 8:02:19 PM
my info left me.
Thanks for letting us know quickly.

Can someone explain what "salted and hashed" means to non-computer people. Sounds like a delicious breakfast option to me.
Last edited by whitelytning on Mar 28, 2017, 4:35:48 PM
Thank you.
Permanent Hardcore only.
Well thats shitty :/
Don't forget to drink your milk 👌
So will 3.0 be delayed?
ZiggyD is the Labyrinth of streamers, some like it, some dont, but GGG will make sure to push it down ur throat to make you like it
Should we change your passwords now just to be safe even if it was strong?
IGN: Arlianth
Check out my LA build: 1782214
Last edited by Nephalim on Mar 28, 2017, 4:37:41 PM
Thanks for letting us know!
ign:Lars
My Shop: http://www.pathofexile.com/forum/view-thread/1288489/ (Standard)
What the fuck.
IGN: I_NO
Supreme Ruler of the Walrus Clan
CLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLANKCLA

Report Forum Post

Report Account:

Report Type

Additional Info