Hacked Accounts

"

AzraelX wrote:

Right, because posting a legitimate link (which you could hover over, right click, highlight and copy, or quote to verify) to a secure page, for people who can't be bothered to take five seconds to navigate to the page themselves, somehow contradicts anything that's been said.

The best part is, you actually quoted it and verified the link was legitimate, then warned "kids" not to use it anyways.

I think your talents would be better served in a less serious thread.

"

Selanmer wrote:

It seems to be that the main connection between hacked account is "short" password. People who hacked assure that they used a unique password and that their computer is clean. However no one mentioned that they used a long and complex password. Password needs to be unique, long and complex.

"

Thomas wrote:

Morgawr, AzraelX, as you both presented fairly compelling cases I decided to investigate your accounts to make sure there wasn't anything unusual going on (as I have done with other random accounts when I get the chance). I wanted to share my findings with you in the hopes that it helps explain the situation.

In both cases your accounts were compromised during a sweep of login attempts, and in both cases yours were the only logins that succeeded from the respective IPs performing the login attempts (out of the half-dozen or so accounts they tried in each attempt). In each case only 1 login attempt is made per account, suggesting they are using a list of email/password combinations and are not brute forcing the passwords. None of the other accounts they tried even have PoE accounts associated with them, suggesting this list did not come from us.

A quick google search of your registered email addresses shows that both are used elsewhere on the internet. I cannot guess as to how they got your passwords, especially if they were randomly generated specifically for PoE - however if they had somehow been obtained from us it wouldn't make any sense for them to try all the non-existent email addresses at the same time (tinfoil hat theorists please stay in off topic).

These findings are consistent with everything we've seen and reported so far, I make a point of investigating cases which sound suspicious and so far none have raised alarms.

Also, before people start saying "Why don't you just block them from trying all these accounts?", we *do* have limits in place for login attempts which is why they only tried half a dozen or so per IP. The problem is we need to allow enough slack in the system for legitimate users to get their email/password wrong a few times without being instantly blocked - and the hackers (or crackers if you prefer) have over 270,000 IPs to do these tests from. We are however coming up with other ways to combat them, and will continue to do so until they are no longer a problem.

"

steven_mcburn wrote:

I just logged on and in the last 8 hours apparently someone not only guessed my account, my password, but according to the email that told me I was locked out, they logged on from my home city.


Kind of disconcerning.


Yes, I do use the same junk email I use for all online games.
No, I don't use the same password.
No, I don't sign up for random stuff with this email, it's just for games and the purchasing of games.


It's pretty lame to spend the last month or so saving up to get a nice item or be ready to gear myself out @ 70 only to log on, see all my uniques/q-gems/currency stripped.


I honestly can't see how two things would happen here without some sort of breech on your end GGG;

1. How would they even know my email is associated with this game? How would they even know I'm playing, especially from this email? It's not like it's publicly flaunted.
2. How would they guess a password that I don't use for any other services, or better yet, how would they know where I live personally to set up a proxy so they could access my account through your services?


I welcome you to try to log on my email with the password that's associated with this account. It won't work, because this is the only account with that password. If you look up my youtube channel that shares the name of this character, it doesn't even use the same email, so it's not like they looked up my char names and found the email for this account. I don't download random things, as a matter of fact I run your game off a partition solely dedicated to games; there's only your game opened and used at any given point of time, no maphacks or any of that silly stuff.


I can't see myself continuing to play this game at this point. That's a huge setback to face when you're not doing anything wrong. If I want to spend a month to get no where I'll play something that I'll at least enjoy 100% of the time, not something that gives me desync deaths, crashes while zoning (beyond annoying, especially in places with LARGE maps like act3, tp to town and waste 45 minutes getting back to where I was), the lack of an ability to group because of particles spiking my fps. It's just not worth it right now.


And yes, you're right, they're not robbing devs/high profile players. But how would that make any sense to do? You're not going to get away with it, so why try? Good luck in your game, but I doubt you're being honest about this string of hacking going on. In my 15 years of online gaming I've never had any accounts stripped, I'm not careless, and I'm not going to read a thread that blames carelessness instead of manning up to an honest mistake.

"

anubite wrote:

They've bent over backwards to show over these past few weeks they have not been compromised. You have to accept that it's not simply a coicidence, the hackers are systematically using botnets to spam GGG with thousands upon thousands of random log-in requests. They've gotten your information from where else on the net and are randomly guessing you and 10,000+ others over the span of days. Once you've written a program toautomate all this stuff, it's pretty trivial to cover thousands of possible combinations every minute.

"

steven_mcburn wrote:

1. How would they even know my email is associated with this game? How would they even know I'm playing, especially from this email? It's not like it's publicly flaunted.
2. How would they guess a password that I don't use for any other services, or better yet, how would they know where I live personally to set up a proxy so they could access my account through your services?


I welcome you to try to log on my email with the password that's associated with this account. It won't work, because this is the only account with that password. If you look up my youtube channel that shares the name of this character, it doesn't even use the same email, so it's not like they looked up my char names and found the email for this account. I don't download random things, as a matter of fact I run your game off a partition solely dedicated to games; there's only your game opened and used at any given point of time, no maphacks or any of that silly stuff.

"

wonko33 wrote:

Had password and email? In the same city? Look to your "friends" and siblings is my guess.

"

lorlak wrote:

they dont log in from your home city, thats only because your provider changes your ip every day, happens to me each day that i have to unlock my acc