Note on accounts being hacked

1. Change your password - make it unique(as in never used before). Go for 24+ characters.

2. Don't do RMT. Those responsible for this campaign are very likely RMT traders. Don't go to the websites, click on the links, talk to them, don't do any such thing.

3. Try to stay away from open-source software like trade macros and such for the time being, unless you know how to read the source code, check for vulnerabilities, or very much trust the dev.. This is not to accuse the devs of these apps of being malicious, nor to say they aren't, but these may not be safe.

4. Try to stay off of any PoE related third-party content sites for the time being. Including sites popular for build guides and such wikis.

these sites could be vulnerable to numerous exploits(XSS, CSRF, etc). Try to stay off of anything that could be leveraged against you in a Watering-Hole type of attack.

(You can use something like https://www.browserling.com which will give you a browser window in a virtual machine, so your machine is not exposed).

5. If you have been compromised, reset your browser to its default settings, removing any and all cookies and extensions. Delete any accounts or software you've made/installed before you were breached, go back to step 1.

----------

Hopefully this is just ppl being hacked b/c they are clicking on ads for RMT, or re-using/using weak passwds. Hopefully there was no data breach at GGG or anything.

The rest is up to GGG, they must implement modern security best practices as soon as possible.

Stay safe, Exiles.

Great stuff, thank you, CyberSec guy!

Yeah hi, as a Technology Analyst I would like to stress the importance of passwords.
You absolutely have to have good passwords.
You have have to have password that aren't words.
Like if your password was 'password', which is the most common password, change the 'S' to a '$'.

"

green_bloodshed#1928 wrote:

Change your password now - make it unique(as in never used before). Go for 24+ characters.

"QW3TY@!2EA5" is not a password, it's a blaring 'kick me' advert.
Same goes for repeated-use and low entropy passwords.

"

strawwmann#6193 wrote:

"

green_bloodshed#1928 wrote:

Change your password now - make it unique(as in never used before). Go for 24+ characters.

"QW3TY@!2EA5" is not a password, it's a blaring 'kick me' advert.
Same goes for repeated-use and low entropy passwords.

ppl taking about high entropy pswrds like brute forcing is the common way of attack. really makes you think about OPs credentials here lol

"

AintCare#6513 wrote:

ppl taking about high entropy pswrds like brute forcing is the common way of attack.

You're right, you could literally make your password "kickme" and be fine most of the time (particularly if there is nothing of 'value' to protect or someone else takes responsibility for your carelessness) - until that one time you aren't.
But, if you advertise yourself as being both 'wealthy' AND careless, then you needlessly make yourself a soft target - personal choice and consequence.

you litteraly can check on your googleaccount (that is if you use chrome etc ofcourse) what websites leacked your accounts and/or passwords

even then, the only way anyone get your passwords and accountnames is if someone, in this case, has access to gggs data OR if someone has a keylogger on your pc

trust me, your random youtuber

Or, now hear me out guys... , GGG could implement two factor authentication like it's the 21st century.

"

Mouser#2899 wrote:

Or, now hear me out guys... , GGG could implement two factor authentication like it's the 21st century.

They want you to feel the weight of your password

"

maquino85#7657 wrote:

"

Mouser#2899 wrote:

Or, now hear me out guys... , GGG could implement two factor authentication like it's the 21st century.

They want you to feel the weight of your password

lol, well played sir