I would hope there's a rate limit or other protections against brute forcing passwords.
The scope of the hacks seems small. Hopefully it's just a combo of reused passwords and lack of the account lock from new login location triggering and not malicious code in popular PoE 1 third party tools.
|
Posted byDiabloImmoral#7632on Dec 30, 2024, 12:54:00 PM
|
if we had MFA
it would be exponentially harder for accounts to be popped
"
"
"
Change your password now - make it unique(as in never used before). Go for 24+ characters.
"QW3TY@!2EA5" is not a password, it's a blaring 'kick me' advert.
Same goes for repeated-use and low entropy passwords.
ppl taking about high entropy pswrds like brute forcing is the common way of attack. really makes you think about OPs credentials here lol
At my work (cyber security almost 9 years) we have phased out passwords for the most part, it is a weak point in security
For PoE, I randomly generate a password with KeePass.
Changing the password every 30-45 days, while inconvenient, can also be useful. We gotta work with what we have to protect ourselves.
Multi-Demi Winner
Very Good Kisser
Alt-Art Alpha’s Howl Winner
Former Dominus Multiboxer Last edited by Manocean#0852 on Dec 30, 2024, 3:16:17 PM
|
Posted byManocean#0852on Dec 30, 2024, 3:09:32 PM
|
"
Or, now hear me out guys... , GGG could implement two factor authentication like it's the 21st century.
ngl would be about time that after 11 years lol, the launcher could really need one.
Last edited by Afura#6483 on Dec 30, 2024, 4:19:25 PM
|
Posted byAfura#6483on Dec 30, 2024, 4:19:13 PM
|
"
1. Change your password - make it unique(as in never used before). Go for 24+ characters.
2. Don't do RMT. Those responsible for this campaign are very likely RMT traders. Don't go to the websites, click on the links, talk to them, don't do any such thing.
3. Try to stay away from open-source software like trade macros and such for the time being, unless you know how to read the source code, check for vulnerabilities, or very much trust the dev.. This is not to accuse the devs of these apps of being malicious, nor to say they aren't, but these may not be safe.
4. Try to stay off of any PoE related third-party content sites for the time being. Including sites popular for build guides and such wikis.
these sites could be vulnerable to numerous exploits(XSS, CSRF, etc). Try to stay off of anything that could be leveraged against you in a Watering-Hole type of attack.
(You can use something like https://www.browserling.com which will give you a browser window in a virtual machine, so your machine is not exposed).
5. If you have been compromised, reset your browser to its default settings, removing any and all cookies and extensions. Delete any accounts or software you've made/installed before you were breached, go back to step 1.
----------
Hopefully this is just ppl being hacked b/c they are clicking on ads for RMT, or re-using/using weak passwds. Hopefully there was no data breach at GGG or anything.
The rest is up to GGG, they must implement modern security best practices as soon as possible.
Stay safe, Exiles.
I think we can all agree it is highly probable at this point the loss of control of account is likely to be RMT related. These sites prey on the people silly enough to think currency buying is needed. They want those orbs back and anything free is a bonus. Like it or not these folks are never gonna tell you the one thing they have in common and GGG would have already remedied the situation if it was on their end. Vacation or not !
Let this thread die and the punishment is fit.
One sad Exile
|
Posted byMFQUANT#4363on Dec 30, 2024, 5:54:53 PM
|
"
I think we can all agree it is highly probable at this point the loss of control of account is likely to be RMT related.
RMT traders thrive on repeat business.
|
Posted byMouser#2899on Dec 30, 2024, 7:42:51 PM
|
"
if we had MFA
it would be exponentially harder for accounts to be popped
At my work (cyber security almost 9 years) we have phased out passwords for the most part, it is a weak point in security
For PoE, I randomly generate a password with KeePass.
Changing the password every 30-45 days, while inconvenient, can also be useful. We gotta work with what we have to protect ourselves.
Change my mind about KeePass and those other tools. I've used passwords of my choosing since the 90s and updated them over time, but tools that make more complex unreadable passwords just seem like they'd be vulnerable for the same reason, one simple password you use to access the rest. Effectively just putting them all in one place. I feel like my brain is safer, and when a password gets leaked I can safely blame myself for not being careful on the sites I registered for.
|
Posted byAetherSolace#2274on Dec 30, 2024, 8:30:20 PM
|
"
"
if we had MFA
it would be exponentially harder for accounts to be popped
At my work (cyber security almost 9 years) we have phased out passwords for the most part, it is a weak point in security
For PoE, I randomly generate a password with KeePass.
Changing the password every 30-45 days, while inconvenient, can also be useful. We gotta work with what we have to protect ourselves.
Change my mind about KeePass and those other tools. I've used passwords of my choosing since the 90s and updated them over time, but tools that make more complex unreadable passwords just seem like they'd be vulnerable for the same reason, one simple password you use to access the rest. Effectively just putting them all in one place. I feel like my brain is safer, and when a password gets leaked I can safely blame myself for not being careful on the sites I registered for.
KeePass is good. It is local and encrypted, so someone would need to be on your computer and know your password to get into it, there are other techniques but KeePassXC is even more secure against such techniques.
|
|
"
1. Change your password - make it unique(as in never used before). Go for 24+ characters.
2. Don't do RMT. Those responsible for this campaign are very likely RMT traders. Don't go to the websites, click on the links, talk to them, don't do any such thing.
3. Try to stay away from open-source software like trade macros and such for the time being, unless you know how to read the source code, check for vulnerabilities, or very much trust the dev.. This is not to accuse the devs of these apps of being malicious, nor to say they aren't, but these may not be safe.
4. Try to stay off of any PoE related third-party content sites for the time being. Including sites popular for build guides and such wikis.
these sites could be vulnerable to numerous exploits(XSS, CSRF, etc). Try to stay off of anything that could be leveraged against you in a Watering-Hole type of attack.
(You can use something like https://www.browserling.com which will give you a browser window in a virtual machine, so your machine is not exposed).
5. If you have been compromised, reset your browser to its default settings, removing any and all cookies and extensions. Delete any accounts or software you've made/installed before you were breached, go back to step 1.
----------
Hopefully this is just ppl being hacked b/c they are clicking on ads for RMT, or re-using/using weak passwds. Hopefully there was no data breach at GGG or anything.
The rest is up to GGG, they must implement modern security best practices as soon as possible.
Stay safe, Exiles.
one of the big sites got hit recently. Many people from albion got hacked who were buying some of that secret sauce. Not only will you likely get banned, youll also likely get hacked. just play the game like the rest of us.
Step 1 is to self reflect.
|
Posted byRKxZlcLUUF#5704on Dec 31, 2024, 1:32:22 AM
|
Well, it looks like it was in fact an account takeover and an admin acc for GGG was compromised.
They mentioned the threat actor was deleting the log after changing users passwords.
Hopefully GGG will implement some alerts for and better manage their admin accounts. If the account wasn't in use it should have been disabled, the steam account should have been unlinked, etc.. They know.
I hope the employee who maybe had some PII leaked elsewhere, as Jonathon suggested, (which was the info the threat actor used for verification to take the account with steam support) is OK and didn't suffer too bar.
GGG, I think still you should add support for MFA.
|
|
Change your password is the only actual advice. Everything else you said is irrelevant.
|
Posted bykamiknx#1162on Jan 13, 2025, 3:14:45 PM
|