Got Hacked

Yeah, pretty much still have no idea how I would lose my password. It's very strange that a very large number of people suddenly are losing their stuff, and a lot of us (including me) have done absolutely nothing that would warrant it. I have 0 history of being hacked or losing account info, over 7+ years of playing online games. This is the first time, EVER, it has happened, and nothing after the fact has led me to believe that there was any cause or reason for it.

Thankfully, I was lucky enough to change my password before they took everything of mine; they only got away with all my currency (...) and my chest piece. Other stuff was off in my inventory and out of my stash, but I interrupted them before they could finish stripping.

"

Crevox wrote:

Yeah, pretty much still have no idea how I would lose my password. It's very strange that a very large number of people suddenly are losing their stuff, and a lot of us (including me) have done absolutely nothing that would warrant it. I have 0 history of being hacked or losing account info, over 7+ years of playing online games. This is the first time, EVER, it has happened, and nothing after the fact has led me to believe that there was any cause or reason for it.

Thankfully, I was lucky enough to change my password before they took everything of mine; they only got away with all my currency (...) and my chest piece. Other stuff was off in my inventory and out of my stash, but I interrupted them before they could finish stripping.

I don't think they are completely stripping accounts. They must have had free reign on mine and only took probably 10-ish exalted (not entirely sure, it was an entire stash page full) worth of orbs and all of my quality gems. Oh and they grabbed an Infractum bow. Luckily I had plenty of high value uniques equipped on characters that were not #1 of the character list, otherwise I probably would've fallen victim in that regard as well.

Generally, you're blaming the user because it's usually the users fault. It sucks, and it hurts even worse when you expose yourself and get bit in the dick for it. It's worse when you don't realize how you expose yourself.

While this pops up once in a while, the forums would be on fire if there was a legitimate exploit in path of exile, or any reasonably exploitable hole that doesn't require user error.... or you know, hax that grab yer password.

Let me tell you a story. A few weeks ago, I wanted to get a private email belonging to a guy running a D3 spam/gold site.... ruined. But adblock plus was blocking ads in firefox and chrome, so I popped IE to get ads to load: my only browser with java, and my only browser without adblocking.
I started going to porn sites, googling "free games" and "free serials" popping emails into any box I could find.

It took 20 minutes to get FakeDOJ infection. (interestingly, it can only grab one monitor)

So, here I was, with a moderately serious infection that's pretty nasty to the general layman. If I had one display, the variant I had tanks safe mode, too: the only way around it is either boot disk party, or more easily, safe mode with cmd, and creating a new user and force rebooting into it, in safe mode.

Now, I have a bit of an advantage, working in malware removal and research.

But the point I'd like to make: Who's fault is this? I was doing something obviously shitty and mean. And I was just bouncing through horrible websites with java enabled. So hey, maybe those websites should watch what they advertise with! Maybe, java should forcibly patch itself so I wouldn't be vulnerable to drive by's.

Or.... maybe.... just maybe....
IF YOU DO SOMETHING YOU KNOW IS WRONG AND THEN LATER GET BIT IN THE ASS IN A WAY DIRECTLY RELATED, WELL, GOOGLE OCCAM'S RAZOR. YOU DID SOMETHING BAD AND SOMETHING BAD HAPPENED.



I know this sounds really mean, but if you google path of exile maphack and download something, you get what is coming to you. I do this stuff every day, and 99% of the time, it's the user's fault. Oh, and uh, always, 100%, when I get "My wow got hacked I keep losing my password" or something of the like, I find a goddamn bot, hack, or some trash they downloaded that is clearly the source of the exploit.

and I have a feeling these guys at GGG can see that on their side, too. I have no idea what the server logs, at all, but I'm betting they can figure out if a user has over-reached, or managed to always beeline to the right place on a map, etc.

TL:DR it's probably you're fault, thats why the community tends to come down on the occasional "I GOT HACKED GGG FU"

"

Chris wrote:

It's generally people running exploit/hack software in most cases.

Which makes it really hard to get taken seriously when you haven't done anything like that.

"

Spoiler

Hi, here are my advices for account security:

- no 3partysoftware anykind
- Disable Java in your Browser and maybe other addons (adope,...)
- Close all Browser windows
- Dont use "save password" in poe // delete the hash out of the .ini
- Dont type password there is one other possiblity to do it(takes long but efficent)// clear cache after
- Dont let the Browser save your password
- Use a unique password
- use good antivir, for example "spybot search&destroy" makes you pc immune to most backddors and trojs. search your pc every week.
- never go on game related sites even high traffic game sites can take you password away, for example with advertisments. This inculdes Build-links ... Any game related links any kind
- never use things like PoE helper
- hold Windows up to date
- dont accept (curiosly) strager friend requests, its an indication that your account data is already compromised // change pass+scan+clear all caches


Example how they get your Password/Hash with Java:

You search on google "PoE builds" > You klick first link (big site) > Site is loading >
* > Account data gone > You search your pc with antivirussoftware > no result

* (not stored password) temporary keylooger > You log in


Stealed accounts (Passwors/Hash) are sold on the "black market", customers buy them in big packets (Hack waves).


Tell something more wich browser do you use ?
What wansnt the case from above ?

I'm sorry but this is offensively disinformative. To the point where it's insane.
Spybot is terrible. It was cool in the early millennium, as was zone alarm. That doesn't mean it's still good. Teatimer is nagware/alertware trash.... letting you know EVERY TIME ANY REGISTRY ENTRY IS CHANGED is not effective preventative, as you will immediately adjust to just clicking allow: just like UAC is supposed to do.

Tools to broadstroke scan with to SUPPORT your AV with (SPYBOT IS NOT AV AT ALL, IT IS NOT A SUBSTITUTE FOR ANTIVIRUS) would be malwarebytes antimalware and kaspersky's TDSS killerm but again, these are not a substitute for proper AV. And even then, these tools can't remove everything: Some variants of TDL3 or zero access, for example, can't be effectively removed any way besides by hand.

Disabling java is a fine idea, and frequently recommended these days. I'd heavily recommend using an alternate browser like chrome or firefox, and installing adblock plus. It helps with a myriad of typically malicious bullshit floating around the net. Noscript can help kill java and allow you to enable it case-by-case, if you do need it occasionally. (some VPN software requires it, stupid browser games, etc.)

Your browser saving your passwords is generally fine. I'm not familiar with anything that unencrypts passwords stored in browsers. Just don't use the same password for everything, that's stupid. Always check the URL before you type your password. Pathofexile.ru.cx is not pathofexile.com, and the like. If it looks wrong, it probably is.

High traffic websites aren't evil. Advertisements can be, depending on who the site owner/admin gets ads through, and their laziness/evilness. It's terrible how hard to deal with malicious ads are, and they are common. Again, adblock plus.

PoE helper isn't dangerous. Pretty sure it's stickied here. Sure, a newer upload could potentially be malicious. Upload that fucker to virustotal.com if you are worried. That'll scan it by 46 separate AV programs for heuristic positives and known positives.


And finally, that example is just off the wall nuts. Path of exile is amazing, and will continue to grow in fans, but at this point, it's a fantastic dream to pretend people are writing drive by's intended to deliver a keylogging payload written to carefully extract specific data or a specific .txt and upload it, while avoiding modern AV. If this existed, there would be some talk of it. Some info. It doesn't.


Paranoia leads to stupidity. And stupidity leads to paranoia. Please, please, please ignore any advice given by the 2nd poster.

I'm no security genius. I work in research and virus removal, hands on, 10 hours a day, better half of the week. I have a lot of experience and know enough to know this is insane.
Use your brain. If you're that worried, read a few security blogs or keep up on the latest threats. Don't be nuts. Don't download stupid things.

So...I got hacked as well. Pretty much all my orbs are gone, as well as good stuff. I have NO IDEA how they could get my password and login, if GGG doesnt find the way how to solve this I think I'm forced to stop playing this game for good, because there is no reason to play anymore :(

+1. Hacked yesterday.

Yea I can kind of understand where you coming from Punk all things said I've written and used a fair amount of bots and exploits. I've even in my younger days been on the other end of these things. I'm not saying this to excuse any of the actions or even give me an ccredence as most of the stuff I did was script kiddyish. With that said I've not even been interested in any of the exploits coming out of path simply because the game is fun as it and as such the most "enhancements" I've used is Poe.xyz.is to make searching for good equipment easy. Not saying it's GGG at all its probably my end but its impossible for me to figure out where. Given that it's not a standard attack route. Only thing I can think of is a script exploit got a hold of the configuration file somehow. Another layer of security would be salting that hash with a unique machine identifier maybe MAC address of the network adapter or the windows key hell who knows....

Guess I'll reply here as well to let GGG know the extend of the problem.
Got all the currency orbs from my stash taken, no characters deleted or any of that stuff.

I have never been hacked nor has my account been compromised ever before in any other game.
I find myself to be a fairly advanced internet user / gamer in general so it's highly improbable
that after over 10 years of internet gaming this would have been caused by my careless actions not to say it's 100% impossible of course.

I haven't entered my PoE account information on any site (before logging in these forums to post this) after I created this account nearly a year ago, just logged in the game client after open beta launched.

I traded with 1 guy yesterday and idled in town for many hours. (if it's some kind of a ingame stash hack as my character inventories / characters / account weren't affected.)

Hope this is of some help so more people won't be affected :)

::EDIT:: of course I haven't used any 3rd party programs or I wouldn't be making this post.

"

FRAGGOMACHINO wrote:

Guess I'll reply here as well to let GGG know the extend of the problem.
Got all the currency orbs from my stash taken, no characters deleted or any of that stuff.

I have never been hacked nor has my account been compromised ever before in any other game.
I find myself to be a fairly advanced internet user / gamer in general so it's highly improbable
that after over 10 years of internet gaming this would have been caused by my careless actions not to say it's 100% impossible of course.

I haven't entered my PoE account information on any site (before logging in these forums to post this) after I created this account nearly a year ago, just logged in the game client after open beta launched.


Hope this is of some help so more people won't be affected :)

::EDIT:: of course I haven't used any 3rd party programs or I wouldn't be making this post.

Exactly the same here.