Hacked Accounts

Welp, my account was compromised. My password was really simple for poe, didn't worry about using a secure password to register for beta, then never changed it after. Not sure if I was brute forced or some some sort of hash reader. I have not downloaded anything or run any 3rd party software and I do use AVG that updates every day. Honestly, it has killed my interest in continuing to play. I understand why GGG doesn't do restores. On the other hand, GGG should understand why no restores causes people to leave.


As far as the blame game goes. Yes, GGG should have authenticators in place. However, I understand theyre a small company. It's not their fault my account was compromised, nor is it mine, its the fault of the malicious 3rd party. The arguments that its your fault if you get hacked are the same that people use that its your fault if you get mugged, raped, etc. Its a dumb argument, the fault is with the criminal and no one else.

I'm sure I'll be back in the future, until later exiles.

Got hacked as well... this is way worse than any of my hardcore deaths, at least they were a learning experience and I wanted to come back stronger from them, but this just totally demoralizes me. Can't believe they won't do some IP checks and see that a bunch of us just got screwed over, we didn't use maphack or any 3rd party stuff, somebody logged on our accounts, took all valuable currencies and gems/items and laughed at us.

"

Mugaaz wrote:

Welp, my account was compromised. My password was really simple for poe, didn't worry about using a secure password to register for beta, then never changed it after. Not sure if I was brute forced or some some sort of hash reader. I have not downloaded anything or run any 3rd party software and I do use AVG that updates every day. Honestly, it has killed my interest in continuing to play. I understand why GGG doesn't do restores. On the other hand, GGG should understand why no restores causes people to leave.


As far as the blame game goes. Yes, GGG should have authenticators in place. However, I understand theyre a small company. It's not their fault my account was compromised, nor is it mine, its the fault of the malicious 3rd party. The arguments that its your fault if you get hacked are the same that people use that its your fault if you get mugged, raped, etc. Its a dumb argument, the fault is with the criminal and no one else.

I'm sure I'll be back in the future, until later exiles.

Well said, Mugaaz. Other games had similar issues, lots of ragequit, threats of 'thousands of players leaving in droves' etc. and those companies didn't maintain anything close to the level of interaction this company has - and they survived.

As, er, someone said, delaying Open Beta might have helped with issues like this but they couldn't delay it without another sort of adverse reaction from a portion of the community. Is no one aware that it's always a tightrope when you have a community to 'please'? They expect all things all the time.

"

TheHeffNerr wrote:

"

Chris wrote:

We do lock out accounts for multiple incorrect password attempts! The threshold is higher than 3 though, because users often legitimately take quite a few attempts to get their password right. There's no way they can effectively brute-force passwords in an online manner, and we'd be able to see that in our access logs.

This is just flat out a lie. I've just entered 10 incorrect passwords in less then a minute and then able to log in... This is why I'm also pissed because GGG lies out their ass. Any one can try this.

http://www.twitch.tv/theheffnerr/b/369580932

I can't wait for GGG nut swingers to answer this one.

I've also tried this for not only 10 times, 20 times, with reasonable delay in each password input since if you're entered it repeatedly, you will get warning message of "trying to login too much in a short time period". And guess what, when I tried my own password after the 20 tries, it still get me logged in.

Looks like PR disaster is imminent.

Get your shit together, GGG. When you resort to public lies like this, your credibility just shrunk more.

"

darkro90 wrote:

"

TheHeffNerr wrote:

"

Chris wrote:

We do lock out accounts for multiple incorrect password attempts!

This is just flat out a lie. I've just entered 10 incorrect passwords in less then a minute and then able to log in... This is why I'm also pissed because GGG lies out their ass. Any one can try this. http://www.twitch.tv/theheffnerr/b/369580932

I can't wait for GGG nut swingers to answer this one.

Looks like PR disaster is imminent.

Get your shit together, GGG. When you resort to public lies like this, your credibility just shrunk more.

Lol! WTF - hilarious guys. Well well I'm no GGG nut swinger but I do like to dangle my nuts about the place so I hope I'll do?

This is the kind of fucked up non-sequitur "logic" that raging kids suffer from. Because I proved Chris wrong THEREFORE he lied to us! Oh god, touch my balls, the horror!

What about, they made a mistake? What about, something else has happened? What about, you have no fucken clue what's happened so log the bug and leave without spilling your crying seed all over the forum?

"

darkro90 wrote:

"

TheHeffNerr wrote:

"

Chris wrote:

We do lock out accounts for multiple incorrect password attempts! The threshold is higher than 3 though, because users often legitimately take quite a few attempts to get their password right. There's no way they can effectively brute-force passwords in an online manner, and we'd be able to see that in our access logs.

This is just flat out a lie. I've just entered 10 incorrect passwords in less then a minute and then able to log in... This is why I'm also pissed because GGG lies out their ass. Any one can try this.

http://www.twitch.tv/theheffnerr/b/369580932

I can't wait for GGG nut swingers to answer this one.

I've also tried this for not only 10 times, 20 times, with reasonable delay in each password input since if you're entered it repeatedly, you will get warning message of "trying to login too much in a short time period". And guess what, when I tried my own password after the 20 tries, it still get me logged in.

Looks like PR disaster is imminent.

Get your shit together, GGG. When you resort to public lies like this, your credibility just shrunk more.

This is exactly how you counter brute force attacks you moron.

More to the point: Chris said specifically that they did not detect (and it would be easy to detect) brute-forcing.

So either people are skimming over this while reading or they're insinuating something far more serious.

"

mkmaddage wrote:

Lol! WTF - hilarious guys. Well well I'm no GGG nut swinger but I do like to dangle my nuts about the place so I hope I'll do?

This is the kind of fucked up non-sequitur "logic" that raging kids suffer from. Because I proved Chris wrong THEREFORE he lied to us! Oh god, touch my balls, the horror!

What about, they made a mistake? What about, something else has happened? What about, you have no fucken clue what's happened so log the bug and leave without spilling your crying seed all over the forum?

Are you on crack, son? Users like me and Heff actually trying to make the game better by pointing out GGG mistakes, it's called giving FEEDBACKS. Get off your High Councilor of GGG Hardfanboys horse and start contributing to the game like testing their security system and reports bugs you found instead of flaming actual feedbacks while thinking "omg im so swaggy lel ggg rulez wheres muh pizza". People like you that only defends the game while not giving actual feedback is the real cancer that kills the game, aside from the hackers.

"

crazypyro wrote:

This is exactly how you counter brute force attacks you moron.

No, that's not how you exactly counter brute force. Brute force program these days are more sophisticated than before, and if GGG only implements half-assed counter measure like this, the hacker could easily circle it by adding, say, 0.5 or maybe 1 second delay on password inputting.

"

pneuma wrote:

More to the point: Chris said specifically that they did not detect (and it would be easy to detect) brute-forcing.

So either people are skimming over this while reading or they're insinuating something far more serious.

Yeah, right. And, how many samples he had taken? 5, 6 users out of 100+ users hacked?

Thing is, if you're only sampling the users that is genuinely hacked because of their own stupidity (phising and stuffs), it would only gives you false sense of security while the hackers swimming in currencies of the people they've hacked via the security exploits.

"

darkro90 wrote:

"

crazypyro wrote:

This is exactly how you counter brute force attacks you moron.

No, that's not how you exactly counter brute force. Brute force program these days are more sophisticated than before, and if GGG only implements half-assed counter measure like this, the hacker could easily circle it by adding, say, 0.5 or maybe 1 second delay on password inputting.

Do you realize how unfeasible brute forcing say an 8 character password is with even a delay of 2 seconds or are you still a moron?

There's no need to call him a moron.
I do suggest that everyone accusing GGG of being weak to brute-forcing actually read what brute-forcing (and combinatorics) is.