Got Hacked

"
LennyLen wrote:
"
Daiug wrote:
"
LennyLen wrote:

You don't have to work for GGG to know that if the database security was compromised there would be hundreds, if not thousands, of these threads. Instead there are just a handful, which with the size of the playerbase is a small fraction of a percentage of affected players.

This is indicative of individual breaches of security, which are almost always the player's "fault." And in this day and age, everyone should be well aware of the importance of internet password security.


And all of them between yesterday night and this morning? (Europe time)

See, if it were just a couple of accounts per day than yeah, i would concour with you.

Between yesterday and today i saw at least 20+ different people saying they got hacked. And this in a 18~ hour span. Plus, just wait another 12+ hours when the americans will start logging in

Another thing you should understand is that they have just emails and passwords. And many of the streamers don't have something like "Nugiy@whatever.com" same for Kripp so probably they are just going through a list.


Having a sudden rush of affected players still doesn't mean a compromised database. It can also, and is more likely to, mean that someone has launched a successful phishing campaign.


Well that, and this isn't a sudden rush. It's been pretty steady since launch.
yea same just got hacked in middle of palying, they made off with most of my currencies before i noticed what was happening.
"
Having a sudden rush of affected players still doesn't mean a compromised database. It can also, and is more likely to, mean that someone has launched a successful phishing campaign.

Do you honestly think that is easier to launch phishing campaign then to exploit security holes in forum software?

Name one phishing site related to PoE? One.

I can name you at least dozen sites with tutorials and scripts how to exploit security holes in forum software, or if you are too lazy to do it yourself or there is no working tutorial you can pay someone to try and do it for you.

I am far from expert in this area but i know something because one of my best friends is an admin of one of better gaming forums in my Country. I know that his forum was hacked at least 4 times in last few years all because of security holes in VBulletin software.

And when im already talking about our forum 6 people there reported the same thing. They log in and their stash was empty. So if on my local forum 6 people reported hacked account total number is way higher that one reported here. Thing is, most people wont cry on forums, they will just press alt+f4 and uninstall the game.

I know that is not possible for me to get my stuff back, im not here for that, i only want assurance from GGG that this will never happen again. Our account need to be much safer that they are now. We need separate passwords for game and forums and they need to send us confirmation email when we or someone else are changing password.

Having a same password for forum and game is just dumb.

My main account is mi5t, im just using this one to post on forums because there is no way i will log in on forums with my main account until they improve security.

I love this game and i want to spend money on it after so much wasted time on D3 but GGG wont let me with all problems im having right now.

Sorry for long post and my bad English. I suck :)
Last edited by Missst on Feb 19, 2013, 1:58:27 AM
"
Missst wrote:
"
Having a sudden rush of affected players still doesn't mean a compromised database. It can also, and is more likely to, mean that someone has launched a successful phishing campaign.

Do you honestly think that is easier to launch phishing campaign then to exploit security holes in forum software?

Name one phishing site related to PoE? One.

I can name you at least dozen sites with tutorials and scripts how to exploit security holes in forum software, or if you are too lazy to do it yourself or there is no working tutorial you can pay someone to try and do it for you.

I am far from expert in this area but i know something because one of my best friends is an admin of one of better gaming forums in my Country. I know that his forum was hacked at least 4 times in last few years all because of security holes in VBulletin software.

And when im already talking about our forum 6 people there reported the same thing. They log in and their stash was empty. So if on my local forum 6 people reported hacked account total number is way higher that one reported here. Thing is, most people wont cry on forums, they will just press alt+f4 and uninstall the game.

I know that is not possible for me to get my stuff back, im not here for that, i only want assurance from GGG that this will never happen again. Our account need to be much safer that they are now. We need separate passwords for game and forums and they need to send us confirmation email when we or someone else are changing password.

Having a same password for forum and game is just dumb.

My main account is mi5t, im just using this one to post on forums because there is no way i will log in on forums with my main account until they improve security.

I love this game and i want to spend money on it after so much wasted time on D3 but GGG wont let me do it.

Sorry for long post and my bad English. I suck :)


I could make a phishing site in under 10 minutes. I don't know of any sites off the top of my head, the only one I was aware of has already been taken down, and it was pathofexil.com

Attacking the server and stealing usernames / hashes would be much much harder than going after the user. First rule of computer security - the user is always the weak point in any system.

Name a single exploit that would allow the user to do this (Not a website, an actual exploit). Also, you don't even know what PoE is using for their back end, it could be a sql server database, it could be something completely unique. The problem isn't that it's impossible for them to be hacked, the problem is there isn't a single shred of evidence that they have been compromised. Beyond that, GGG has specifically stated they have not been.

6 people is an insanely small percentage of the population, and even if you assume only 1 out of a hundred people will come complain on the forums, the numbers are still tiny. I don't know how many active players GGG has, but I would guess somewhere in the range of 500k to 1 million, seeing how they have had as many as 70k users active at once. I'm probably being conservative, but these numbers work well for what I'm trying to point out. If we have 500k users, and lets say 600 people get hacked a day, that's a massive .12% of the population. If it's 1 million players, we are at .06%, also a insignificant number. I wouldn't be surprised if not even half that many people get hacked a day, and GGG had far more semi active players.

But you don't want logic do you, you just want to blame someone else for your problems... right?

Also I got my orbs stolen today...
I just had all of my characters deleted :x
"
tmaneri wrote:
I just had all of my characters deleted :x


Seems to be a common move by the "hacker" when they gain access to a compromised account.
Just had this happen to me as well. Pretty sure this isn't a client-side issue.

http://i.imgur.com/BNmCL8s.jpg

all that was left. All my witch's gear was still there, but everything in the inventory was deleted.
ign: Xasz
"
Xasz wrote:
Just had this happen to me as well. Pretty sure this isn't a client-side issue.

http://i.imgur.com/BNmCL8s.jpg

all that was left. All my witch's gear was still there, but everything in the inventory was deleted.


Give me one piece of evidence this isn't client side. Anything, besides a gut feeling.
I just got hack too...I suddenly got dc and it said something logged in my account, password got changed and I have to reset my password through email. Unfortunately, it is too late, all of my value orbs are gone now. Please help!!!

I will try to submit ticket or something.

Ign: DrSlump
IGN: DrSlump / DrArale
My shop: http://www.pathofexile.com/forum/view-thread/2125286

Report Forum Post

Report Account:

Report Type

Additional Info