Can These Theories About Account Compromises Be Ruled Out?

Hi GGG Team,

I hope this message finds you well. Given the recent wave of account compromises, there have been numerous discussions and theories circulating within the community. I wanted to bring up a couple of specific ideas that may sound unusual but could potentially explain the absence of 2FA triggers in some cases.

- Trade or Friend Requests: Some suggest that accepting a trade or friend request might inadvertently expose information that a malicious actor could exploit to bypass login processes.

- Hideout Visits: Another theory involves hideout visits potentially allowing unauthorized access to characters or stashes without requiring login credentials.

These ideas may sound far-fetched, but they remind me of an incident reported about six years ago, detailed in the 3.4.5c Redeployment Notes. During that time, a database error allowed players logging in simultaneously to access each other’s accounts. While this issue was patched and resolved back then, it shows that unexpected vulnerabilities can exist within the game itself.

Could you confirm whether mechanisms like those theorized above—or anything similar—might still be a possibility today? Even a simple denial would help reassure the community and redirect speculation toward more probable causes.

Thank you for taking the time to address this, and I hope we can work towards better understanding and resolving these issues.

Best regards

Thanks for all your very on-point posts over the last days.
I wish all people took the time to properly articulate the issues as clear and friendly as you do.

I hope this topic is properly addressed to senior staff, as this clearly is a not a user-issue with old passwords, phising or whatsoever.

Something is clearly wrong and some people managed to penetrate those insecurities for their benefit.

we need to keep this issue visible at all cost.

Thanks again!

"

lolepple#7866 wrote:

Thanks for all your very on-point posts over the last days.
I wish all people took the time to properly articulate the issues as clear and friendly as you do.

I hope this topic is properly addressed to senior staff, as this clearly is a not a user-issue with old passwords, phising or whatsoever.

Something is clearly wrong and some people managed to penetrate those insecurities for their benefit.

we need to keep this issue visible at all cost.

Thanks again!

Thank you for your kind words and support—it's truly appreciated. While I understand the frustration many of us feel, I think it’s important to avoid ruling out any possibilities, including user error, at this point. As I mentioned in my original post, the cause of these account compromises remains unclear, and the best way forward is to keep an open mind while investigating all potential factors.

Both the community and the forum staff are likely feeling the pressure of this ongoing situation, and adding tension doesn’t help anyone—especially those of us who love the game and simply want answers. Let’s aim to maintain a constructive and supportive environment as we work toward identifying the root cause and ensuring the game remains safe for everyone to enjoy.

Thank you for taking the time to consider this thread. I understand that you may not be able to speculate on these possibilities or provide direct answers to the theories mentioned earlier. I also want to apologize for taking up your time with these questions, especially knowing that you’re handling a high volume of inquiries at the moment.

However, I’d like to kindly ask for clarification on one specific point:

Can GGG confirm that the compromised accounts are solely the result of user-side errors, and that there are no issues or vulnerabilities within the game itself or the tools provided by GGG (e.g., the trade site)?

Even a confirmation of this would greatly help reassure the community and guide our focus toward addressing potential user-side security improvements. Thank you again for your time and attention, and I truly appreciate the effort your team is putting in to address these challenges.

I would really appreciate such a statement as well. My personal feeling about playing and specially trading at the moment is drastically less positive, seeing all those feedbacks. Today I traded and a player acted like described in many posts, like: whispered me, invited me, came to my hideout, traded (all very fast) but then stood in my hideout for very long time and moved to a border. Noticed him only through the minimap and made a screenshot. Not that this one will help. Strange feeling of being the next in line all the time. Well, not that there is much to get besides the trade today (which was 3 div).

Guess the feeling of my account being unsecure just because GGG don't communicate actively makes me tinfoil.

I am guessing GGG has different people responsible for different stuff. I hope the people responsible for fixing the hacking problem are doing their jobs properly... Maybe their servers logs just don't have the information that they need to know what exactly the hackers were doing due to GGG not being prepared for the attack. And maybe that's why there was a maintenance. I am hopeful, but the situation is just unfortunate.