Got Hacked
" While I can't rule it out, here's some facts. -This PC is a fresh install, it has like 4 games on it (Dota2, Diablo 3, PoE, Minecraft) -I don't save my password in PoE -I use KeePass to generate and store my passwords - I don't even know my password. -I've never had to log in to the site after the first time (when I created my account). I am 100% sure of this. This leaves the possibility of a cookie vulnerability of some sort, but I'd think a lot more people would be affected if this is the case. -The only sites I've visited on this PC that are PoE related are --link removed-- and the Curse wiki (which has had some Flash vulnerabilities in the past but I have flash disabled in Chrome, also I don't even have Java installed), neither of which I've logged in to. Now, like I said, I can't rule out a client-side issue, but all of that seems to point away from it being on my end. I'm rather paranoid about these sorts of things to begin with, so I'd like some plausible explanation for the sudden influx of hacked accounts within the last few hours. EDIT: Also running NOD32, and tried a few different virus scan programs just to be sure. Nothing found, not even false positives. ign: Xasz Last edited by ionface on May 21, 2013, 1:48:30 AM
| |
|
I got hacked as well lol, I too am done playing. It was fun though.
|
|
|
Does Lask have nothing better to do than blame everyone individually for being hacked?
GGG is an amateur game development studio. They are a very small staff and this is their first game. I would consider it QUITE likely that there is a security vulnerability they're not aware of, and furthermore, one they may not even know has been compromised. This could be through the forums, the website, their database, or the game. The fact that the password for your account is stored UNENCRYPTED in the game's config file is already a huge red flag. MANY of us have absolutely no reason to be hacked. My computer is fine, and I've been playing online games for 7+ years now, and it's never happened until just now. Even after it, there's still ZERO sign of anything that could've caused it. My computer is completely clean, I've never logged in ANYWHERE with my PoE info (I registered and have been logged in since that moment) and I don't visit any stupid sites. You need to relax and do something better with your time. It's very possible something IS going on, and you need to stop trying to blame everyone else. Would love to see how you would react if your stuff got stolen. Last edited by Crevox on Feb 19, 2013, 3:16:23 AM
| |
" Posted this in another thread, just figured I could speak to your issue as well and yea Lask seems like a super troll :/ Last edited by ionface on May 21, 2013, 1:48:39 AM
| |
|
We're in the middle of implementing a feature where people who steal your password are not able to easily log into your account. This is unfortunately still approximately a week away, so in the meantime make sure to avoid falling into the common traps that people use to scam passwords (discussed in this thread and here).
Almost every account compromise that we've investigated in depth has eventually led back to one of those causes where people are unsafe with their computers or passwords. It's generally people running exploit/hack software in most cases. I wish there was more we could do to help protect users in the very short term but our new security features I mentioned above are coming along well and we'll deploy them as soon as they work reliably. Last edited by Chris on Feb 19, 2013, 2:53:20 PM
| |
|
I understand completely Chris and as I explained in another thread I can be 100% sure the only website I've logged into is this one. Also before posting in the trading forums a few days ago had never even typed in the account information on this machine (copied the configuration info over). With that said could it still have been me? Sure I don't deny that it could be from 0day exploit or something or that I may have used the same password on another account. I will say I'm not quitting, but I am changing password and using a hashed random password going forward. And since my account other than uniques some rares and orbs are gone my characters remain in tact (though i now have no maps). I would be very appreciative going forward if there was some type of IP/location based authentication needed if that changes of course. Overall great work with the game thus far and I hope it continues to grow, and hope security and crackdown on hackers continues.
| |
|
I just got hacked today, really shame . Lost many uniques etc, they left only shitty gems and cleared all the items from my main. Was fun thought. Not going to play anymore until i get my things back if its possible :(
| |
" Sorry to hear this, but GGG has a strict policy of not restoring lost items, so i sincerely doubt you will get you items restored. | |
|
Add me to the list of people who got hacked. Que sera sera I guess. Sympathize with everyone that this happened to because being a first time hackee myself, feels pretty crappy. Oddly enough I received a random party invite while playing last night. Do not remember the name. Obviously they were partying up with me because they thought my account was already compromised and was ready to strip my character.
|
|
|
Well today got hacked as well, i have run every program that's out there to ensure my P.c. is clean, nothing found.
They only took my orbs, nothing else. But what's the use in continuing playing now? So to bad, a game that really appealed to me. |
