Account has been hacked.

We're working hard on finding where the attackers are getting the passwords from. These are the ones we've identified so far:

a) Phishing PMs
b) Users posting config files
c) Infected hack programs
d) Users not using a unique password for PoE
e) Powerlevelling services

We're intending to post a security bulletin soon about what users can do to stay safer and what things we're planning on doing to help protect them (such as storing the cached password in a different place, potentially changing the PM system to disallow links, etc).

"

AllKindsOfBad wrote:

"

We're working hard on finding where the attackers are getting the passwords from. These are the ones we've identified so far:

a) Phishing PMs
b) Users posting config files
c) Infected hack programs
d) Users not using a unique password for PoE
e) Powerlevelling services

We're intending to post a security bulletin soon about what users can do to stay safer and what things we're planning on doing to help protect them (such as storing the cached password in a different place, potentially changing the PM system to disallow links, etc).

Chris,

If you're looking at those being causes, you're not looking in the right place.

Your system has been compromised on your end, you've copy/pasted this several times in the other users thread and none of them apply, which is the same in my case.


My advice - take your servers down, and find the software leaking your information. Once they start getting credit card information, if they haven't already, your company is in a SERIOUS world of hurt. GGG is small, and a lawsuit at this point will kill your dream.

From one business owner to another, take the damn server down.

Also, being registered as a limited company, your company will not protect your personal assets. Having less than ~$1,000,000 US in assets, you'll lose your homes, savings, everything.

A quick google search shows there are only 4 of you as registered agents. If they gain access to credit card information, again assuming they haven't already, your lives will be ruined.

Take the servers offline Chris.

We do not store any credit card information.

We're still gathering data on the small percentage of users that have had their passwords compromised, so I don't mean to speak too soon, but so far it overwhelmingly looks like regular password theft that occurs due to the above actions that users can do (i.e. not due to anything that we can control on our end).

I'm spending a lot of time on this at the moment and will post more information once we have more to say. If I had any suspicion at all that our servers had been compromised we'd of course have taken them down. We take so many pains to keep user data secure, and there's no sign that anything has been stolen from us.

Every online game in the world has users who have accidentally leaked their passwords. Once a few people post about that, it would be easy to draw a conclusion that the company doesn't know what they are doing and has had their database compromised. We have been looking into this extensively all week and there's no sign of anything like that.

If our database was compromised, the first hashed/salted passwords that the attackers would try to crack would be the ones at the top of the ladder, not the characters that are actually being accessed. We can already see that many compromised accounts are linked to config files being distributed, infected hack software, etc. These are real things that cause people to lose their accounts, and we are working on ways to keep those people's accounts safe. The players with ten thousand times more in-game wealth are not being targeted - because no one has access to our database. They just have a few hundred stolen (from users, not from us!) passwords as far as we can see.

Anyway, we'll post a more formal update once we've finished parsing all the data of who has accessed what accounts.

"

sirspikey wrote:

So what about my case?

No config files, never given my password to any one, not even my mother. No leveling services, No hacking programs, no botting, no config files etc?!?!

The person who accessed your account has only accessed a total of 25 accounts. I don't know how he got your password. The IP is from China.

"

Palyu wrote:

The only possibility that seems plausible is that someone linked a build on the witch/marauder forums which I clicked - but going through them all now and they all seem to be official.

Please point out to me by PM exactly which posts/links you clicked.
The behaviour we've seen recently is that these people edit their phishing links to actual genuine build links a little while after they're up, and they've already caught some people, to cover their tracks if anyone goes looking back.

EDIT: Thanks Palyu for linking me to those threads. I don't personally have time to check all the pages of them in detail, I'm afraid, but form looking at the first couple, and last couple of pages of each, I didn't find any edited bad links on those ones.

Please do be aware that people are doing this - we've banned multiple accounts, but they'll come back as long as even a few people fall for it, and they can be hard to find, especially when they cover their tracks by editing their links to real ones afterwards. I'm not a part of the support team and don't usually deal with this stuff myself, so I've only banned one myself, but that phishing site was so much like ours that if I hadn't known I was looking for it because it was reported as fishy, and had been perhaps a little tired or inattentive, it might have fooled me.
If clicking a link on the forums, check that the url it's taking you to is actually what the link is labelled as, and don't 'log in' to see a passive skill tree or anything of the sort that you've found from a link. It only takes a moment's inattention to be caught.