Elon Musk recently played Grinding Gear Games’ Path of Exile 2 on a live broadcast, and to say the least, he wasn’t very knowledgeable.
We’ve covered this before. Since then, Musk’s character, Percy_Verence, died on January 10th at around 8am Eastern. His Invoker character, which had reached level 97, was ranked seventh, and anyone who makes it into the top 1,000 but dies (which is irreversible, as there is a permadeath in Hardcore!) will be notified by the game. Musk’s other Twitter account, @cyb3rgam3r420, first talked about the character on January 5. At the time, he was already at level 87, which puts him at the top of the ladder.
My new hardcore @PathofExile character, Percy_Verence, is on the leaderboard. Now at level 87.
— Gamer (@cyb3rgam3r420) January 5, 2025
Competition for the highest positions on the hardcore rankings is fierce. Three days after the character’s death, Percy_Verence’s experience dropped from 7th to 13th. And on Reddit, many people mocked Musk’s character’s demise. One of them wrote that Musk must have gotten angry after being laughed at in the live chat, and then maybe he really started playing on his own for a few minutes, and that might have been the result of his death, but the poster thinks he’ll probably buy another character…
About 66 (or maybe more) accounts were compromised by the Path of Exile 2 vulnerability. This was revealed in an interview with Jonathan Rogers, the game’s director. According to him, there was a situation where someone accessed an admin account, but the full implications of this are not yet known. Perhaps a bit of social engineering was used, i.e. secondary information was obtained through a bit of interaction to allow the hack to take place. The vulnerability was that an old Steam account was not used by the admin, but was also linked.
While Rogers does not know the exact details, he claims that the hacker certainly had some personal information, such as credit card details. On Steam’s proof of ownership page, for example, the name, billing address, and last four digits of a Visa credit card could be used to reset the account password, and this data could have been obtained. This was exacerbated by a mistake in the studio. When it came time to investigate, it turned out that the studio’s software had been registering password resets for Path of Exile 2 accounts as notes instead of audit events, meaning that someone with admin privileges could go in and delete them and cover their tracks. Rogers notes that due to privacy regulations, they only have audit logs going back 30 days. As a result, the investigation into the matter (and whether or not there was a data breach) took much longer than it otherwise would have. However, the studio is determined to fix the breach.
“We now understand how this happened – we don’t fully understand the scope of everything that happened here, but we’re in the process of looking at logs and so on … there were some really shitty things that happened here that I’m very unhappy about. [The person who attached it didn’t really consider the fact that this old Steam account that they no longer used was attached to their admin account … that was compromised through Steam support. It was really not obvious to us what was going on. I don’t have the full information on the extent of everything that happened, but what I can tell you is that 66 notes were deleted, so that would mean 66 accounts were compromised.
We had no idea at first, right, so we were like, ah shit, what the hell is going on here. Since then, we’ve added a bunch of extra security stuff that, honestly, should have already been in place around this to fix it, so, all of that is to say that we totally fucked up with the security stuff on this account. We’re certainly not going to have any Steam accounts associated with [admins], we’re going to make sure that there are no more Steam accounts associated with customer service accounts,” Rogers said.
Let’s hope things get cleared up quickly.
Source: PCGamer
