Compromised PoE Accounts: Stolen Items and Hacked Accounts - Discussion and Leads

to me its pretty obvious

a new game came out ,

people tested several price checking overlays this or that

they installed a bad one that key logged account info


either that or


their password and email is leaked in a combo list , im pretty sure there were big news arround the internet recently that a new big breach has been dumped with stolen email and passwords


so yeah


also you dont need steam to login into ur poe account

u can just use the normal client


im pretty sure ggg removed the " you have logged in from ad ifferent location please verifiy ur blabla " a long time ago.

so yeah screwed

Many people, including streamers, with Alt Arts have been hacked throughout the years without any email notification. This is not a new thing. GGG refuses to do anything and they keep quiet about it. They don't even help accounts that have 1000's of euro's/dollars in MTX! So, if you think this topic will help, you are wrong.

Nevertheless, I wish you the best in your endeavor.

"

ibase#1590 wrote:

to me its pretty obvious

a new game came out ,

people tested several price checking overlays this or that

they installed a bad one that key logged account info


either that or


their password and email is leaked in a combo list , im pretty sure there were big news arround the internet recently that a new big breach has been dumped with stolen email and passwords

in my case i only installed overwolfs overlay after 1.5 weeks of the game being out, couple of friends were using it long before me, and my PoE account has no email linked to it, only my steam.

"

Hydra1975#4696 wrote:

Many people, including streamers, with Alt Arts have been hacked throughout the years without any email notification. This is not a new thing. GGG refuses to do anything and they keep quiet about it. They don't even help accounts that have 1000's of euro's/dollars in MTX! So, if you think this topic will help, you are wrong.

Nevertheless, I wish you the best in your endeavor.

Yeah, I’ve heard of similar cases before, but in my 11 years of playing PoE, I’ve never seen anything this widespread.

This isn’t just about one person anymore. The fact that someone could access my Steam account without triggering 2FA, and then my PoE account without any notification, highlights a serious security issue.

GGG needs to investigate and address how this is happening to prevent future incidents.

There’s usually a reason they don’t intervene—most cases are isolated, and stolen items or currency get redistributed into the economy. But this isn’t an isolated case, and it needs attention.

If this leads to improvements like 2FA for PoE or fixes to these vulnerabilities, it’ll be a step forward.

"

waitingforunlock#4272 wrote:

Since a support answered to this in another thread, I take back my claim, that it might be on GGG's side.

Well, that means for me, that I have no idea how this happened. :)

The thread "Question Regarding Account Security Layers":
https://www.pathofexile.com/forum/view-thread/3673854

I just wanted to add a small note regarding the linked thread:
The support team kindly confirmed that their security systems are functioning normally, which is reassuring. However, it’s worth noting that they did not explicitly confirm whether a review of the systems has been conducted.

actually nvm, was a starred email holy moly

tbh them saying "we have no security issue" in the other thread just leaves a very sour taste in the mouth.

clearly the thousands of accs thats been comprimised U HAVE a security issue as its affect all different people.
Standalone/steam/used 3d party pricechecking tool/had no 3d party apps.

This is a huge problem as they quite clearly found a weakness to circumvent the code sent by logging in froma new place and in some cases the 2fa system in place.

So as I see it GGG HAVE a security issue be it there code or even worse, they have actually hired someone that do not work for them but the hackers.

And also seeing new posts from TODAY......the breach is STILL ongoing.

"

Ryddenn#0943 wrote:

tbh them saying "we have no security issue" in the other thread just leaves a very sour taste in the mouth.

clearly the thousands of accs thats been comprimised U HAVE a security issue as its affect all different people.
Standalone/steam/used 3d party pricechecking tool/had no 3d party apps.

This is a huge problem as they quite clearly found a weakness to circumvent the code sent by logging in froma new place and in some cases the 2fa system in place.

So as I see it GGG HAVE a security issue be it there code or even worse, they have actually hired someone that do not work for them but the hackers.

And also seeing new posts from TODAY......the breach is STILL ongoing.

i get what your saying, but without the full team back from holiday / support working properly neither of us can take any conclusions, but i do agree and think it's a security issue

"

ibase#1590 wrote:

to me its pretty obvious

a new game came out ,

people tested several price checking overlays this or that

they installed a bad one that key logged account info


either that or


their password and email is leaked in a combo list , im pretty sure there were big news arround the internet recently that a new big breach has been dumped with stolen email and passwords


so yeah


also you dont need steam to login into ur poe account

u can just use the normal client


im pretty sure ggg removed the " you have logged in from ad ifferent location please verifiy ur blabla " a long time ago.

so yeah screwed

The problem is steam shows no other login then my own exact same ip and not even on the website, my question is how are the doing that.. How is it every time I log in I have to use my auth but they didnt.. I have 2fa on everything for safety and it didnt register a log in anywhere.

had my entire steam wallet stolen they by passed all my auth and everything only new variable is Poe 2