Hacked Accounts

I might not quit. but trust me i dont want to play at all anymore for now.. seeing all the people having to deal with the same shit.. :/ I never had to deal with hackers in my life it's a terrible first time lemme say. im glad i did not pay money for stash tabs <.< Why is it impossible for them to delete what the hackers stole us? and just give it back ? that wouldnt be a problem for the economy in long run.. that would be fair atleast ugh.

it seems that the hackers are clearing out more than just the currencies now. Used to be people would say that their items were still there but not anymore, I wonder why.

Hacked this morning. Lost my entire stash. Seems they were not interested in the equipped stuff so much, as toon still had gear. My email had been hacked, as well as the Path of Exile account because my stupid a$$ had the same password on the email account and POE. They somehow hacked my email I know this because they used the unlock code to access the account a second time. That is when they managed to steal everything. The original email stating that my account had been locked, that had the unlock code disappeared, I did not delete it it was just gone. The hackers deleted it, but not till after I saw it once. So I tried to hurry up and log in, had to unlock it again because it was accessed from my home city... *smirk* anyway, by the time I got in and changed the password all the goodies in the stash were gone.

Do NOT use the same password for anything. Delete and shred/empty emails with password or username anything in them. The change password email from POE just has a link to click to reset the password, if it is clicked in Japan it works just as well as it works here, then they are in.

Again... they use the emails you are sent to protect your account to actually get into it. The unlock code, and the change password emails. I would rather have a 12-24 hour wait for an unlock code, or password reset email, than be ripped off so easily. Inconvenient, sure, but MUCH more secure. It would give people time to get stuff secured, i.e. the email account, before the account could be accessed again.

Threads like this are a good reminder that everyone should be using a Password Manager program such as the excellent popular cross-platform KeePass http://keepass.info/) to make themselves secure. If you google for "Password Manager" you will find excellent options such as LastPas, 1Password, KeePass, Roboform, SplashID, etc.

Note: You should prefer an open-source Password Manager so you can know 100% that it is safe and free from trojans since anyone can read the source. Using a closed-source offline/online one is better then not using any at all !


How they work:

Initial Setup: You create an master encrypted database file with a passphrase that encrypts it. A phrase such as "MaryHadALittleLamb" is

a) easy to remember
b) cryptographically strong


New website: For every website/business/entity/game you interact with you create a new entry that has your username and password that you wish to save/reuse at some point in the future. The better password manager also support generating a strong random password.



Daily Use: That's great but how do I remember ALL these strong random passwords? With a password manager you don't need to! You only need to remember your _one_ master passphrase which "unlocks" (unencrypts) the database so you can view/edit/copy account information. Then you copy your username/password and paste them into your website/application login screen.

Once you get used to the extra steps it is easy:

a) Start your pasword manager (you can keep it running if you want)

b) Enter passphrase to unlock database
c) Select entry
d) copy username (Ctrl-B)
e) paste into login screen (Ctrl-V)
f) copy password (Ctrl-C)
g) paste into login screen (Ctrl-V)

There are a couple of nice advantages to using a Password Manager.

* You can throw the encrypted password file on a thumb drive. All your passwords are stored encrypted so even if someone was to "hack" your master password database file they would have a heck of a time trying to "crack" (break) the encryption. i.e. They would be LONG dead before they ever figured out how to get access to the rest of your passwords.

* EVERY site you interact with can have a really STRONG and UNIQUE password making it EXTREMELY difficult for hackers to target you.

* You never have to "write-down" your passwords on those sticky notes anymore!

Even if you never use a password manager there is only ONE thing you need to remember which Chris correctly summarized:

--> Make sure EVERY website/game/account you use has a UNIQUE password.

Security is a trade-off between convenience and safety. Even one of the founding fathers recognized the tradeoffs involved. :-)

Hope this helps.

"

Andreus wrote:

I would rather have a 12-24 hour wait for an unlock code, or password reset email, than be ripped off so easily. Inconvenient, sure, but MUCH more secure. It would give people time to get stuff secured, i.e. the email account, before the account could be accessed again.

we're in the same boat. i thought the same earlier after i noticed i got hacked.. why not lock it up for hours without giving unlock code instantly ? like make it impossible for them to unlock the account right away if they have access on a totally different ip and location

edit: sadly the last time i changed my PoE password i fucked up changing it to the same as my email >.< i know its my fault but still if the unlock code wouldnt be given right away it should be really helpful in this situation..

Got this today:

Your Path of Exile account has been locked because someone attempted to log in from a location that you don't typically play from - "Fuzhou, Fujian, China"

Scanned computer and changed all pwds, let`s see how it goes

"

oO_ron_Oo wrote:

Got this today:

Your Path of Exile account has been locked because someone attempted to log in from a location that you don't typically play from - "Fuzhou, Fujian, China"

Scanned computer and changed all pwds, let`s see how it goes

I believe that is the exact same place I was hit from.

"

oO_ron_Oo wrote:

Scanned computer and changed all pwds, let`s see how it goes

They got your password from GGG so dont bother with scanning.

"

Michaelangel007 wrote:

--> Make sure EVERY website/game/account you use has a UNIQUE password.

Password re-use can be problem, I was also guilty to that. The average web user has 6 passwords and has 25 accounts.

KeePass is an excellent freeware password manager, it also can auto-type the username and passwords.

"

Jonhs wrote:

"

oO_ron_Oo wrote:

Scanned computer and changed all pwds, let`s see how it goes

They got your password from GGG so dont bother with scanning.

So even if the password hashes are stolen I couldn't care less because Keepass can generate really strong random passwords.

Some ppls say it`s our fault. But i cant agree with that. I login from two PC`s and never before I dont recive any emails with unlock passwords. Finally when I recive one yesterday i reveal my char is empty and whole items gone forever...

BTW stuff means not much but gems are hard to get and makes ppls like me unable to play zzzzz