Trade servers are undergoing maintenance. Some features will be unavailable.

Note on accounts being hacked

I would hope there's a rate limit or other protections against brute forcing passwords.

The scope of the hacks seems small. Hopefully it's just a combo of reused passwords and lack of the account lock from new login location triggering and not malicious code in popular PoE 1 third party tools.
if we had MFA

it would be exponentially harder for accounts to be popped


"
AintCare#6513 wrote:
"
"
Change your password now - make it unique(as in never used before). Go for 24+ characters.


"QW3TY@!2EA5" is not a password, it's a blaring 'kick me' advert.
Same goes for repeated-use and low entropy passwords.


ppl taking about high entropy pswrds like brute forcing is the common way of attack. really makes you think about OPs credentials here lol



At my work (cyber security almost 9 years) we have phased out passwords for the most part, it is a weak point in security

For PoE, I randomly generate a password with KeePass.

Changing the password every 30-45 days, while inconvenient, can also be useful. We gotta work with what we have to protect ourselves.
Multi-Demi Winner
Very Good Kisser
Alt-Art Alpha’s Howl Winner
Former Dominus Multiboxer
Last edited by Manocean#0852 on Dec 30, 2024, 3:16:17 PM
"
Mouser#2899 wrote:
Or, now hear me out guys... , GGG could implement two factor authentication like it's the 21st century.


ngl would be about time that after 11 years lol, the launcher could really need one.
Last edited by Afura#6483 on Dec 30, 2024, 4:19:25 PM
"
1. Change your password - make it unique(as in never used before). Go for 24+ characters.

2. Don't do RMT. Those responsible for this campaign are very likely RMT traders. Don't go to the websites, click on the links, talk to them, don't do any such thing.

3. Try to stay away from open-source software like trade macros and such for the time being, unless you know how to read the source code, check for vulnerabilities, or very much trust the dev.. This is not to accuse the devs of these apps of being malicious, nor to say they aren't, but these may not be safe.

4. Try to stay off of any PoE related third-party content sites for the time being. Including sites popular for build guides and such wikis.

these sites could be vulnerable to numerous exploits(XSS, CSRF, etc). Try to stay off of anything that could be leveraged against you in a Watering-Hole type of attack.

(You can use something like https://www.browserling.com which will give you a browser window in a virtual machine, so your machine is not exposed).

5. If you have been compromised, reset your browser to its default settings, removing any and all cookies and extensions. Delete any accounts or software you've made/installed before you were breached, go back to step 1.

----------

Hopefully this is just ppl being hacked b/c they are clicking on ads for RMT, or re-using/using weak passwds. Hopefully there was no data breach at GGG or anything.

The rest is up to GGG, they must implement modern security best practices as soon as possible.

Stay safe, Exiles.


I think we can all agree it is highly probable at this point the loss of control of account is likely to be RMT related. These sites prey on the people silly enough to think currency buying is needed. They want those orbs back and anything free is a bonus. Like it or not these folks are never gonna tell you the one thing they have in common and GGG would have already remedied the situation if it was on their end. Vacation or not !

Let this thread die and the punishment is fit.
One sad Exile
"
MFQUANT#4363 wrote:
I think we can all agree it is highly probable at this point the loss of control of account is likely to be RMT related.


RMT traders thrive on repeat business.
"
Manocean#0852 wrote:
if we had MFA

it would be exponentially harder for accounts to be popped

At my work (cyber security almost 9 years) we have phased out passwords for the most part, it is a weak point in security

For PoE, I randomly generate a password with KeePass.

Changing the password every 30-45 days, while inconvenient, can also be useful. We gotta work with what we have to protect ourselves.


Change my mind about KeePass and those other tools. I've used passwords of my choosing since the 90s and updated them over time, but tools that make more complex unreadable passwords just seem like they'd be vulnerable for the same reason, one simple password you use to access the rest. Effectively just putting them all in one place. I feel like my brain is safer, and when a password gets leaked I can safely blame myself for not being careful on the sites I registered for.
"
"
Manocean#0852 wrote:
if we had MFA

it would be exponentially harder for accounts to be popped

At my work (cyber security almost 9 years) we have phased out passwords for the most part, it is a weak point in security

For PoE, I randomly generate a password with KeePass.

Changing the password every 30-45 days, while inconvenient, can also be useful. We gotta work with what we have to protect ourselves.


Change my mind about KeePass and those other tools. I've used passwords of my choosing since the 90s and updated them over time, but tools that make more complex unreadable passwords just seem like they'd be vulnerable for the same reason, one simple password you use to access the rest. Effectively just putting them all in one place. I feel like my brain is safer, and when a password gets leaked I can safely blame myself for not being careful on the sites I registered for.


KeePass is good. It is local and encrypted, so someone would need to be on your computer and know your password to get into it, there are other techniques but KeePassXC is even more secure against such techniques.
"
1. Change your password - make it unique(as in never used before). Go for 24+ characters.

2. Don't do RMT. Those responsible for this campaign are very likely RMT traders. Don't go to the websites, click on the links, talk to them, don't do any such thing.

3. Try to stay away from open-source software like trade macros and such for the time being, unless you know how to read the source code, check for vulnerabilities, or very much trust the dev.. This is not to accuse the devs of these apps of being malicious, nor to say they aren't, but these may not be safe.

4. Try to stay off of any PoE related third-party content sites for the time being. Including sites popular for build guides and such wikis.

these sites could be vulnerable to numerous exploits(XSS, CSRF, etc). Try to stay off of anything that could be leveraged against you in a Watering-Hole type of attack.

(You can use something like https://www.browserling.com which will give you a browser window in a virtual machine, so your machine is not exposed).

5. If you have been compromised, reset your browser to its default settings, removing any and all cookies and extensions. Delete any accounts or software you've made/installed before you were breached, go back to step 1.

----------

Hopefully this is just ppl being hacked b/c they are clicking on ads for RMT, or re-using/using weak passwds. Hopefully there was no data breach at GGG or anything.

The rest is up to GGG, they must implement modern security best practices as soon as possible.

Stay safe, Exiles.


one of the big sites got hit recently. Many people from albion got hacked who were buying some of that secret sauce. Not only will you likely get banned, youll also likely get hacked. just play the game like the rest of us.
Step 1 is to self reflect.
Well, it looks like it was in fact an account takeover and an admin acc for GGG was compromised.

They mentioned the threat actor was deleting the log after changing users passwords.

Hopefully GGG will implement some alerts for and better manage their admin accounts. If the account wasn't in use it should have been disabled, the steam account should have been unlinked, etc.. They know.

I hope the employee who maybe had some PII leaked elsewhere, as Jonathon suggested, (which was the info the threat actor used for verification to take the account with steam support) is OK and didn't suffer too bar.

GGG, I think still you should add support for MFA.

Change your password is the only actual advice. Everything else you said is irrelevant.

Report Forum Post

Report Account:

Report Type

Additional Info