Account Security and Theft Policy - READ THIS

In any online game with an economy, in-game items have value. These items are often sold on external real-money trading sites, and we’re doing what we can to stop these affecting Path of Exile. We're attacking their spam and the way that they get items to sell.

Unfortunately, one of the ways these shops obtain items is by stealing them from other Path of Exile players. We have received several reports of people losing items, and we can see from our logs that these end up on accounts (generally accessed by Chinese IPs) that are used to supply RMT item sites.

After several days of painstakingly investigating these cases, we've identified quite a few ways that players are having their passwords stolen. I'd like to go through them one by one and explain how players can keep themselves safe and what we can do on our end to make these attacks more difficult.

I should stress that these problems are common to most online games and that they're problems that players can prevent with good internet security practices.

Phishing Links/PMs
A phishing site is one that is set up to look just like pathofexile.com but instead sends your password to the attacker. We see people sending links to these sites in PMs or posting the links on the forum (these are often disguised as legitimate looking links). As soon as we discover these, we immediately delete them. We are probably going to change the forum and PM system so that external links either carry heavy warnings or just don’t work at all. To keep yourself safe from phishing links in the meantime, only enter your email/password on the official www.pathofexile.com site! You can tell it’s the official one by going to the login page and checking to see that your browser has a lock icon that says "Grinding Gear Games Limited" when you click it (i.e. is connecting via SSL and has a certificate proving it is us).

Malware in Cheat Programs
If you use a maphack tool (or other cheat program), we will ban you. If we don’t ban you in time, your account will be stolen due to the keyloggers that the program probably has. All maphacks that we have investigated currently have keyloggers. If you want to keep yourself safe, don’t try to cheat.

Posting Config Files
Your password (hashed, not in plaintext) is stored in your Path of Exile configuration file. Do not post this file online or allow other people access to this file. In the very near future we will make it so that this information does not allow other people to log into your account. If you want to be completely safe, untick the option that makes the game client save your password.

Non-unique Password
Don’t use the same password that you use on other services. It’s extremely common for fansites to be compromised, leaking a list of their users' email/passwords. Many of these can be used to log in to Path of Exile because people re-use passwords. Choose a new password! Make it long!

Already Compromised PC or Email account
A decent percentage of users have computers or email addresses that are already compromised and are part of a botnet. There’s nothing we can do about this. Please keep your computer clean and practice safe internet security.

Power-levelling Services
If you give someone your account details so that they can power-level your character, they’ll probably steal your items. We will ban people who accept real money for Path of Exile items and services, so it’s likely your account will be banned if they have accessed it. Do not cheat!

In addition to the above steps, we’re also planning on having access to accounts from strange IP addresses require email or cellphone verification. This will hopefully mean that even if your password is stolen, the attacker needs access to your phone or email in order to log in.

Unfortunately, we cannot restore any items lost to theft. One of the most important things about Path of Exile is its online economy, and if we performed restorations on demand then the economy would be flooded with duplicated items. We've seen this in other games (where the game companies restore compromised items and create a massive economic problem in the game).

If someone compromises your account and deletes your characters, we’re currently unable to restore these characters. We are working on changing the game so that deletions are "soft" rather than "hard", which will allow us to restore deleted characters easily. If their items are stolen, however, then the character will be empty. This feature will be available in the future but is not ready yet!

I am very sorry that our policy is no help if you've lost items or characters. I sincerely wish that I could restore them for you, but to do so would undermine one of the most important aspects of the game. If you have been compromised, I strongly suggest:

• First, make sure your computer is malware free. A reformat would be the best bet. If you follow the following steps but still have malware, the attacker will just take your password again.
• Make sure that your email account is secure. Change its password! Set up two-factor (i.e. cellphone) authentication with your email provider. If the email is not secure, the attacker can still steal your account
• Set a Path of Exile password that is different from any other password you have used before. Make it long and complex.
• Don’t enter your password anywhere except the official site and the game client. Make sure the site says "Grinding Gear Games Limited" when you click the lock icon next to the address.
• Don’t download untrusted software or click untrusted links.

We take security very, very seriously. The website and game client both use secure encrypted sessions to handle logins. We don’t store credit card information on our servers. Passwords are stored hashed and salted. Even the backups of your data are encrypted so that thieves can't get anything if they steal the backups.

Please take steps to make sure your accounts are safe. It pains me greatly every time I read about lost items that we can't replace. With some development time on our end (as outlined above) and good security on the part of our users, your accounts will be much more secure and the item sales sites won't be able to steal our items.

"

Boem wrote:

is there anybody on this forrum that knows, if my provider gives me a new ip adress durring a PoE session wil i get kicked because of the new anti hack protection in place?
i noticed this afternoon i got a new adress and i was kicked and had to get a delock key from my e-mail adress. If this is the case a lot of people wil be unesecarly allarmed i think, because they would assume they were hacked while in fact they just got a new ip adress and poe misttakes it for a hack attempt and asks for a delock key....(also if poe autokicks when ure provider gives u a new ip adress a lot of people in HC mode are about to die in an awfull mather....myself included, i fear for this know o.O )

If your ISP changes your IP, that will disconnect you from everything on the internet. This isn't related to PoE.

"

a19850710 wrote:

so you think no good english people is hack. why you so pomppous

i'm legal player i just think GGG casual banned my account i feel that is not reaonable

they are not trace my trade recording and give me a reason explain

they are just direct banned my account

If you believe you have been banned by mistake then please contact support@grindinggear.com with the name of the account and they will investigate the claim.

"

Hello, today I finished cleaning the malware from my PC and I had nothing, and as I explained in previous emails I only have a Steam account.
I explain again how I proceeded: I entered the game from Steam. then a sign appears in the game which has a very long text and only
I clicked agree and continue, I don't remember well but then I think I remember that I was wondering whether to link or enter from steam
and that's what I did, then it asks me for a new nickname which I put in and when I finally can access the game I no longer even have my characters
nor my stash. I just want to recover my account where I can invest money. which is the only account where he spent time playing.
I repeat that I only play from Steam. Please I hope someone human reads this and tries to help me, I have all the information they ask for
even complete purchase history or videos showing my steam account. From already thank you very much.
The support people don't help me, I don't know how to sue this.

Hey Elwoat, if you have sent an email to us at support@grindinggear.com we will be in touch with you as soon as possible. I apologise for any delays in the meantime.