Got Hacked

"

FRAGGOMACHINO wrote:

Guess I'll reply here as well to let GGG know the extend of the problem.
Got all the currency orbs from my stash taken, no characters deleted or any of that stuff.

I have never been hacked nor has my account been compromised ever before in any other game.
I find myself to be a fairly advanced internet user / gamer in general so it's highly improbable
that after over 10 years of internet gaming this would have been caused by my careless actions not to say it's 100% impossible of course.

I haven't entered my PoE account information on any site (before logging in these forums to post this) after I created this account nearly a year ago, just logged in the game client after open beta launched.

I traded with 1 guy yesterday and idled in town for many hours. (if it's some kind of a ingame stash hack as my character inventories / characters / account weren't affected.)

Hope this is of some help so more people won't be affected :)

::EDIT:: of course I haven't used any 3rd party programs or I wouldn't be making this post.

Yup, same story here :(

I'm curious: Are any of you reporting these hacks rapid fire using the same email name/password?

For example, email being

Jerk@comcast.net
Password:buttcatt

Path of exile account:
Jerk
Pass:buttcatt

Comcast is a good example: I know for a fact that comcast employees and their contract employees with support.com and onforce can access tools to reset your password. This would allow them access to your path of exile account by doing a password reset, I imagine.

There are a few email providers that can be comprimised, or if someone happens to have your email password laying around from previously phishing it, they could always try that on path of exile with same account name, and babam, they are in.

Also, didn't blizzard end up losing essentially plaintext passwords/acct names? I think that happened a while back. Meaning, if your blizzard account was jerk/buttcatt, and so is your PoE account, well shit, that info is basically public to a group of turds somewhere.


DONT USE THE SAME PASSWORD FOR PATH OF EXILE AS ANYTHING ELSE.

no, my email is a million times more important than PoE.

"

altimitone wrote:

"

Crevox wrote:

Yeah, pretty much still have no idea how I would lose my password. It's very strange that a very large number of people suddenly are losing their stuff, and a lot of us (including me) have done absolutely nothing that would warrant it. I have 0 history of being hacked or losing account info, over 7+ years of playing online games. This is the first time, EVER, it has happened, and nothing after the fact has led me to believe that there was any cause or reason for it.

Thankfully, I was lucky enough to change my password before they took everything of mine; they only got away with all my currency (...) and my chest piece. Other stuff was off in my inventory and out of my stash, but I interrupted them before they could finish stripping.

I don't think they are completely stripping accounts. They must have had free reign on mine and only took probably 10-ish exalted (not entirely sure, it was an entire stash page full) worth of orbs and all of my quality gems. Oh and they grabbed an Infractum bow. Luckily I had plenty of high value uniques equipped on characters that were not #1 of the character list, otherwise I probably would've fallen victim in that regard as well.

Correct. They're grabbing currency, maps, and any uniques it seems like. My necklace (Sidhebreath) was unequipped but still there, and the maps in my stash were in my inventory (they didn't get time for a second trade).

And, honestly, I might've been able to interrupt them sooner but I could not for the life of me find the "forgot my password" page fast enough. I ended up googling "path exile forgot password" and it was the second link.

Massive account got hacked, I do hope GGG look into this matter asap

Got hacked too.

Nobody have my password and it's a complex one.
I never used a 3rd program, my computer is clean, and i don't use this password for others website/game so...

I really don't know how they did that but i lost every good items i had.

"

Chris wrote:

We're in the middle of implementing a feature where people who steal your password are not able to easily log into your account. This is unfortunately still approximately a week away, so in the meantime make sure to avoid falling into the common traps that people use to scam passwords (discussed in this thread and here.

Almost every account compromise that we've investigated in depth has eventually led back to one of those causes where people are unsafe with their computers or passwords. It's generally people running exploit/hack software in most cases. I wish there was more we could do to help protect users in the very short term but our new security features I mentioned above are coming along well and we'll deploy them as soon as they work reliably.

Can you please just do one thing?

Can you check the IP of the guys that got hacked and see how many that same guy got? Like the last time. It would be nice to know :)

"

Xasz wrote:

While I can't rule it out, here's some facts.

-This PC is a fresh install, it has like 4 games on it (Dota2, Diablo 3, PoE, Minecraft)

-I don't save my password in PoE

-I use KeePass to generate and store my passwords - I don't even know my password.

-I've never had to log in to the site after the first time (when I created my account). I am 100% sure of this. This leaves the possibility of a cookie vulnerability of some sort, but I'd think a lot more people would be affected if this is the case.

-The only sites I've visited on this PC that are PoE related are --link removed-- and the Curse wiki (which has had some Flash vulnerabilities in the past but I have flash disabled in Chrome, also I don't even have Java installed), neither of which I've logged in to.

Now, like I said, I can't rule out a client-side issue, but all of that seems to point away from it being on my end. I'm rather paranoid about these sorts of things to begin with, so I'd like some plausible explanation for the sudden influx of hacked accounts within the last few hours.

EDIT: Also running NOD32, and tried a few different virus scan programs just to be sure. Nothing found, not even false positives.

This isn't evidence that it's server side. These are things you have done to try to make sure you account is secure client side. Does not even begin to hint that it's a server side problem. Care to try again?

"

Crevox wrote:

Does Lask have nothing better to do than blame everyone individually for being hacked?

GGG is an amateur game development studio. They are a very small staff and this is their first game. I would consider it QUITE likely that there is a security vulnerability they're not aware of, and furthermore, one they may not even know has been compromised. This could be through the forums, the website, their database, or the game. The fact that the password for your account is stored UNENCRYPTED in the game's config file is already a huge red flag.

MANY of us have absolutely no reason to be hacked. My computer is fine, and I've been playing online games for 7+ years now, and it's never happened until just now. Even after it, there's still ZERO sign of anything that could've caused it. My computer is completely clean, I've never logged in ANYWHERE with my PoE info (I registered and have been logged in since that moment) and I don't visit any stupid sites.

You need to relax and do something better with your time. It's very possible something IS going on, and you need to stop trying to blame everyone else. Would love to see how you would react if your stuff got stolen.

And you are an amateur video game player? How are you magically more secure than them? I understand the logic of "Well maybe they want to attack the servers because they can get more accounts", but by that logic why wouldn't they steal from the richest players, like top 200 ladder? Also, the password is not unencrypted, it's hashed. The config file is unencrypted, and encrypting it would be pointless as for the game to access it, you would have to decrypt, and for that you would need to provide the key.

Every single one of you have a reason to be hacked, people want your currency to sell. Everything you have posted is a false equivalency in regards to reasons you couldn't have been the reason you got hacked. I post from work and sometimes in the evening, stop attacking me and attack my argument.

If my stuff got stolen I would be pissed, but reasonable. It's happened to me with wow before. Took a while for me to figure out where it came from, about 2 weeks, but I found a keylogger that none of my AV picked up embedded into a utorrent download - something completely unrelated to wow.

Oh sorry Master Lask001, everything you say is right, and everything we say is wrong.
Please accept our apologies.

"

Prodige wrote:

Oh sorry Master Lask001, everything you say is right, and everything we say is wrong.
Please accept our apologies.

Finally someone with some sense.

There hasn't been a single hacked individual yet that can do anything but make logical fallacies on why it must be GGG's fault. I'm waiting for the one.