Compromised PoE Accounts: Stolen Items and Hacked Accounts - Discussion and Leads
" How can you say this so confidently? There does seem to be some correlation between suspicious activity related to trade and being hacked. Additionally, the fact that these people are not getting a notification about login from a new location makes it less likely that this is happening due to more common account vulnerabilities; something letting the hackers get ahold of the session token seems plausible. I hope GGG does their due diligence on this quickly--I've not been hacked myself but the number of reports of people being hacked has me very nervous. |
|
" when you have game redeemed on steam only and thats what you use with 2fa, no third party software, not visiting shitty websites, how much more security conscious do you need to be to play a game safely? do i need to sandbox and build an iron cage around my gaming rig? besides, hackers stole alot sure, but GGG locked our accounts for 20days+ through all of holidays (when not asked to, punished us for reporting the issue), guess who did more harm Last edited by JakeySpokesman#5951 on Jan 2, 2025, 2:37:12 AM
|
|
" The thing is that your password might be 1000 characters long, but as soon as you gave up you sessionID via trade site and/or hideout you're cooked. Last edited by Falcon_x#2576 on Jan 2, 2025, 3:06:23 AM
|
|
" Are you planning to address the wider community sometime soon? .
|
|
" It really feels like GGG doesn’t want to get involved beyond telling us to email support. The lack of straight answers in related threads about these account compromises doesn’t help either. For anyone curious, the threads on the Account Unlock Process and Account Security Layers are worth checking out, even though there hasn’t been much clarity provided: - Account Unlock Process Thread: https://www.pathofexile.com/forum/view-thread/3675157 - Account Security Layers Thread: https://www.pathofexile.com/forum/view-thread/3673854 In the Account Unlock Process thread, for example, there’s been no clear information on how the process works or how long players can expect to wait. Similarly, in the Account Security Layers thread, while GGG stated their systems are functioning normally, they avoided confirming whether a comprehensive review of their security had been done. At this point, it seems like we’re left to figure things out as a community, but honestly, it’s tough when everything about these breaches feels so unclear. Their paying customers are essentially tiptoeing in the dark, trying to make sense of something that feels impossible to solve from our side. If anyone has more insights or ideas, sharing them in those threads might help. Last edited by waitingforunlock#4272 on Jan 2, 2025, 7:46:31 AM
|
|
|
They direct all the account hacked posts to the support email for a couple reasons
1) so this thread doesn't become 200 pages long, clearly there is an issue on their end. It's not our passwords It's not 3rd party apps It's not 3rd party websites Most here already state none of them related to their situation. Including mine. I don't see the point of even farming maps right now. If clearly there's some type of back door into my account through their exploited game, why do I want to farm more divines for someone to just take again? 2) it will just be ignored via email or replied with the copy and paste "we can't do anything to recover in game currency" They haven't even replied to my 6 support emails over the past 4 weeks regarding my account getting early access and my other account getting my coins. A simple fix, no replies nothing. |
|
|
What a best new years gift for us
hacker still get more item and GGG don't even care about to ban him |
|
|
Just your friendly Cyber Security player reminding the company that you have a duty to ensure our information is secure. The fact that you knew the data was insecure, knew that there was ways to secure it better and did not do it and allowed hackers to get to the information is a law suite waiting to happen.
United States Legal Obligations The U.S. Government has a number of protection agencies that most people are familiar with such as the FTC, FCC and SEC. These agencies create and enforce regulations and compliances for the industries that fall under their jurisdiction. The federal government also has several mandated compliance regulations involving cybersecurity. These include: The Federal Information Security Modernization Act of 2014 (FISMA Reform) – This act was signed into law in order to establish a set of guidelines and security standards that federal agencies must meet concerning the handling of personal data involving U.S. citizens. The Health Insurance Portability and Accountability Act (HIPAA) – Any company or organization that deals with personal health information (PHI) of people must comply with the security provisions outlined by HIPAA concerning the handling of that data. HIPAA falls under the jurisdiction of the U.S. Department of Health and Human Services. Sarbanes-Oxley Act (SOX) – Although SOX doesn’t specifically pertain to cybersecurity, there are sections of it that do relate to the security of data. SOX was created to protect shareholders and thus applies to publicly traded companies. Duty of Care Responsibility When it comes to issues of liability, cybersecurity is no different than any other type of issue of accountability. Whether a case concerns the incident of who is responsible for someone injuring themselves while slipping on a wet floor, or a group of people whose personal information was compromised as a result of a data breach, the issue of duty of care comes to fruition. In the occurrence of a liquid that was spilled on the floor of a retail establishment, the determination of what a reasonable person would do to eliminate that risk would be the center of an involved legal case. Similarly, the question of what steps a reasonable person would have implemented to protect the personal data it stored would be a determining factor as well. The Need for Duty of Care Guidance Of course, we have only skimmed the surface of the legalities involved in cybersecurity today. The fact is that navigating the growing maze of regulatory compliances and legal obligations is challenging for any company today. That is why it so important to understand the legal requisites for your concerning cyber security and granular methodology to ensure those obligations. Do you know reasonable? Organizations need to balance their compliance requirements, cybersecurity safeguards, and the effects on customers and public. In essence, organizations must find the right blend of their mission, objectives, and obligations in order to implement the most effective cybersecurity strategy for their unique situation. Suggest lawyering up soon as this is going to get ugly. Last edited by Metalkicker#3337 on Jan 2, 2025, 10:56:33 AM
|
|
"thing is the "trade" sites seem to be the issue though deemed safe but than GGG themselves have the option in game to go to the supposed "safe" website and or other add ons, this would probably be a class action law suit when many people are locked out for doing nothing also, the funny thing is still not much help for the many who are locked out off accounts.. i think GGG bit off more than they can and worked on trading in general and many other issues with out having to use 3rd party sites to get items .... this kinda why the auction house in d3 got out of hand and took down.... to me its so weird so many issues in general for this game and yet though not happening to everyone per say people defend it like nothing bad is happening or no bugs etc... when alot of people have issues for the game...... and people say "early access" this is not a early access game we are pretty much playing a full build of a game besides 3 acts .. "You can't make everyone happy. You're not an avocado."
|
|
|
Don't install shit on your computers.
I've had 3 steam accounts hacked because I was dumb enough to install cracked office. They made off with my cs go skins, without even using my password. They hijack the session. They don't need your password. All we have here is your word that you didn't use any 3th party apps. I don't think this is a GGG issue but a steam issue. Even if they add more security to PoE, session hijacks won't care. Enable family view on steam as extra security, and put all games behind that pin code. They wont be able to do anything even if they hijack your session without the pin to exit the session. Unless GGG comes out and admits to a breach, and as a tech that's been working in IT for over 10y, I'm inclined to believe that its far more likely user stupidity than established security system. Stop. Using. 3th party tools, and never disable anti-virus to install them. It detects them for a reason. |
|
