Compromised PoE Accounts: Stolen Items and Hacked Accounts - Discussion and Leads

"

nfb04#2789 wrote:

"

Atikiro#5371 wrote:

The process of stealing gear seems mostly automated, as the hacker left behind valuable items like exalts or took only a specific amount, which doesn't make sense if it were a manual process.

Pretty sure it is not automated. I had two chars in maps, they only stole the amulet, shield and one ring from my titan, while completely stripping my expensive (1+mirror) gemling (only leaving some of the jewels). They even took the 6L (5 socket) skills out and left the support gems in my inventory.

My Hacker doesnt list any item below 5 divines (by the way, he has currently 662 items listed and the list keeps growing, hope GGG has a nice vacation =) ), so I believe thats the threshold that they care about. I dont think exalts are worth stealing, they cost time, trading space and are worth almost nothing if you can just hop to the next account to get another big item.

I should have noted that there is most likely not one hacker? I would like to reverse the client myself to see how easy it is to write a script for the login check but this is against the terms of use and I dont want to get my account/ip banned. If you have a macro sending and storing exalts is way faster than checking gear also you dont need to go through the trade selling process. I assume the hacker sells the currency for real money because I am sure the account gets banned once ggg is back from vacation? So there is no reason to sell the gear and then hold the currency. I dont even know if ggg completely stopped operating and just answering support tickets or if they are already working currently on this issue.

Also I checked with a friend you dont need to have an poe account to play early access but yeah I didnt see any proper proof that someone was not linked but its hard to go through dozens of forum and reddit post just to find someone who linked a screenshot which shows that he was hacked and had no poe account only steam login.

Out of curiosity how many of you that have been affected linked multiple accounts to your account i.e. Linking PS/Microsoft to your account? Specifically Microsoft.

Both Microsoft and PlayStation have had several data breeches within the past years.

Can't check due to not having a VPN.

But does logging in into poe on the browser before logging into the game still trigger the "new location" email? As there will probably be a successful login from this new IP?

"

waitingforunlock#4272 wrote:

Can you prove that it's on our end? If yes, show me. If no, you're doing a wild guess. Since GGG did NOT say it's not on their end. If they would just add that information ANYWHERE. We could come back to this claim.

Hahaha, can you prove its on GGG end instead acting like a sore loser blaming others on your failure? You are making a baseless claim without any evidence and now I have now to disprove it (how I can even disprove something that happened to you?), otherwise its automatically true. Wow, you are special.

"

Krz3mien#0868 wrote:

"

waitingforunlock#4272 wrote:

Can you prove that it's on our end? If yes, show me. If no, you're doing a wild guess. Since GGG did NOT say it's not on their end. If they would just add that information ANYWHERE. We could come back to this claim.

Hahaha, can you prove its on GGG end instead acting like a sore loser blaming others on your failure? You are making a baseless claim without any evidence and now I have now to disprove it (how I can even disprove something that happened to you?), otherwise its automatically true. Wow, you are special.

No, I can't. I gladly repeat myself. GGG does NOT say ANYTHING, regarding this matter, aside from contacting support copy-paste.

I'm making a baseless claim, which GGG can deny, if they want to. They did not. Yet.
So I don't understand what the problem is? Claims can be made and denied. I say, nothing on my side was wrong. It's my claim. I say it might be on GGGs side. It's my claim. Deny it if you want to.

Judging based on what I have read, the best one can do is make sure you got a really secure password, don't use third party apps but even better would be:

1) Dont party up with people.
2) Dont put items up for sale.
3) Just dont login until the matter is resolved if there is a leak at GGG side.

"

Krz3mien#0868 wrote:

"

waitingforunlock#4272 wrote:

Can you prove that it's on our end? If yes, show me. If no, you're doing a wild guess. Since GGG did NOT say it's not on their end. If they would just add that information ANYWHERE. We could come back to this claim.

Hahaha, can you prove its on GGG end instead acting like a sore loser blaming others on your failure? You are making a baseless claim without any evidence and now I have now to disprove it (how I can even disprove something that happened to you?), otherwise its automatically true. Wow, you are special.

Hey, there's no need to be rude. Most of us are not children and have been playing PoE for quite some time—11 years in my case. I really doubt it’s something as simple as "password123" "click random link and input info" etc etc ...

As updated in the main post, there's no confirmed link between the hack and PoE2 third-party software so far. Some people who weren’t using any third-party tools or were using completely different apps were also hacked.

In my case, the only trade website I use is the one linked directly from the PoE2 official site, and I doubt most of us would make such a basic mistake.

While a data breach or not updating passwords might make sense, in my case, I log in through Steam. Yes, my Steam account was accessed, but the strange part is that it didn’t trigger my 2FA, and my email wasn’t compromised.

Let’s stay civil and keep reporting what we can so that GGG can address this issue properly.

Because that's the current state. They copy- paste a generic response and lock you out for an unknown duration.

Seems to me that the only connection is the RMT involved in these accounts