Hacked Accounts

I just got an email with an unlock code, with someone trying to log into my PoE account from 'Shaoxing, Zhejiang, China'. My email account activity does not show any log ins outside from where i'm located.

So I'm also guessing at a problem with the GGG servers. My stuff seems to still be there, the first time i'm actually happy that the 'annoying' email unlock code exists. I will never complain about that one again. :D

"

Feindfeuer wrote:

So I'm also guessing at a problem with the GGG servers.

Based off of what...... nothing? Good guess though.

Based on that my email has not been accessed by anyone outside of my country and my account beeing still untouched as the people trying to gain access could not get the unlock code.

So my guess is that they have not gotten my pass and mailadress from my email account and as I don't use this combination on any other gaming service that does not leave a lot of options.

So they are either brute forcing their way through all kinds of combinations to gain access to PoE accounts or they have already access to parts of the user database either by leak or through exploiting a security weakness. Anyway, the target seems to be the PoE servers themselves.

"

sintflut2012 wrote:

"

randrew wrote:

My account was hacked into aswell, all Orbs were taken.

- The email was not compromised
- All my passwords are different
- The unlock email (I am at a different location than usually) did not show anything out of the ordinary.
- All orbs are gone.

The GGG servers are compromised. I will not play this game any further until a thorough investigation is conducted with help of a security consultant, preferably someone who actually has a clue. The results of said investigation are to be posted online.

Sincerely,

I guess now you payed double for the tools you used. gj mate :D

I don't use any "tools". If you are just here to rile up other people I suggest you get out.

Hacked here to...

Loged in all shit gone email never acessed i even mailed google support they pulled up logges noone else acessed my email but me.

Something is fishy here.

"

lolish wrote:

Hacked here to...

Loged in all shit gone email never acessed i even mailed google support they pulled up logges noone else acessed my email but me.

Something is fishy here.

Looks like most of hacked accounts was hacked in same manner:
1. No bruteforce for mail password. Hackers knew password for mail and most likely it was same for both game and mail accounts;
2. Only POE account was compromised;
3. Quite safe web-serfing, protected pc, no hacks or cheats used (probably most of us was hacked first time as i am);
4. PC was checked with few antiviruses (checked mine with Malwarebytes too) and nothing suspicious was found;
5. Accounts from different countries was affected (so probably this is no "single leaked fun-site database" issue).

So, 99.99% we are dealing with leaked DB directly from GGG. They will never admit it, because if they do most likely it will be the end for this company. It could happen in closed beta, or some old backups could leak but this is happend. And this is huge problem and players deserve more then just "This is you fault. Deal with it!"

Even if it was "just" a leaked DB the hackers would still have to auth vs. the standard server, which would trigger the email block if the location of the hacker differs from that of the legitimate player.

The fact that this doesn't even happen means that either we have a globally organised hacker network with operatives in every country, that not just now each hacked player's email address/password combination but also their physical location, so they can drive to the player's location and circumvent the email lock

or

someone has rooted the GGG servers and simply puts some db queries into his shell.

What is more likely? Either way, GGG is fucked.

Screw the hackers ...

just got hacked today too from someone in toronto canada

at least the hacker was nice enough to create a character named

FUCKDETROITLOVETORONTO lol smh.

I made an account about a week ago. Within two days I got two message that somebody attempted to access my account. The second from my actual location. Luckily, as a new player, I lost nothing because I didn't really have anything. I then changed my password.

One of the Dev's posted here that the first time was the hacker attempting to log in from their location. The second message was from me logging in with my location.

I am a programmer, I use strong passwords, I don't download malware, and I understand security issues in java (as was recommended as a cause of leaked passwords), and I didn't even think about their being hackware for PoE until I read the Dev's post. There is almost no conceivable way they could have logged into my email without me knowing it because I use two-step verification though gmail--which means that even if they had my password they would have to enter a unique code that is generated and texted to my phone upon log in.... I also checked the log in details on my mail which saves all log-in locations as well as ip addresses and I am the only person listed.

Just putting forward my evidence that there may be some major security issue that is not caused by user stupidity.