Account has been hacked.
We're working hard on finding where the attackers are getting the passwords from. These are the ones we've identified so far:
a) Phishing PMs b) Users posting config files c) Infected hack programs d) Users not using a unique password for PoE e) Powerlevelling services We're intending to post a security bulletin soon about what users can do to stay safer and what things we're planning on doing to help protect them (such as storing the cached password in a different place, potentially changing the PM system to disallow links, etc). | |
" We do not store any credit card information. We're still gathering data on the small percentage of users that have had their passwords compromised, so I don't mean to speak too soon, but so far it overwhelmingly looks like regular password theft that occurs due to the above actions that users can do (i.e. not due to anything that we can control on our end). I'm spending a lot of time on this at the moment and will post more information once we have more to say. If I had any suspicion at all that our servers had been compromised we'd of course have taken them down. We take so many pains to keep user data secure, and there's no sign that anything has been stolen from us. Last edited by Chris on Feb 7, 2013, 12:05:11 AM
| |
Every online game in the world has users who have accidentally leaked their passwords. Once a few people post about that, it would be easy to draw a conclusion that the company doesn't know what they are doing and has had their database compromised. We have been looking into this extensively all week and there's no sign of anything like that.
If our database was compromised, the first hashed/salted passwords that the attackers would try to crack would be the ones at the top of the ladder, not the characters that are actually being accessed. We can already see that many compromised accounts are linked to config files being distributed, infected hack software, etc. These are real things that cause people to lose their accounts, and we are working on ways to keep those people's accounts safe. The players with ten thousand times more in-game wealth are not being targeted - because no one has access to our database. They just have a few hundred stolen (from users, not from us!) passwords as far as we can see. Anyway, we'll post a more formal update once we've finished parsing all the data of who has accessed what accounts. Last edited by Chris on Feb 7, 2013, 12:11:13 AM
| |
" The person who accessed your account has only accessed a total of 25 accounts. I don't know how he got your password. The IP is from China. | |
"Please point out to me by PM exactly which posts/links you clicked. The behaviour we've seen recently is that these people edit their phishing links to actual genuine build links a little while after they're up, and they've already caught some people, to cover their tracks if anyone goes looking back. EDIT: Thanks Palyu for linking me to those threads. I don't personally have time to check all the pages of them in detail, I'm afraid, but form looking at the first couple, and last couple of pages of each, I didn't find any edited bad links on those ones. Please do be aware that people are doing this - we've banned multiple accounts, but they'll come back as long as even a few people fall for it, and they can be hard to find, especially when they cover their tracks by editing their links to real ones afterwards. I'm not a part of the support team and don't usually deal with this stuff myself, so I've only banned one myself, but that phishing site was so much like ours that if I hadn't known I was looking for it because it was reported as fishy, and had been perhaps a little tired or inattentive, it might have fooled me. If clicking a link on the forums, check that the url it's taking you to is actually what the link is labelled as, and don't 'log in' to see a passive skill tree or anything of the sort that you've found from a link. It only takes a moment's inattention to be caught. Last edited by Mark_GGG on Feb 21, 2013, 11:26:39 PM
|