Hacked Accounts

interesting the whole thread i hope i get back my 5 koams heart i dropped last night

now some things to think about

in closed beta playercountwas maybe 4k

now its 70k+

1% would be 700 hacked accounts and you guys speak about a big security breach ?

someone said its 100 hacked accounts so actually under 0.25% have been hacked



i never got hacked but i admit after reading this i installed an addaware and switched of the password reminder after i changed it to a more colmplex one just healthy paranoia


iam looking forward to iam so smart i didnt do anything and got hacked threads so keep it coming guys

the only think that i am intrested in is to know how save are poe statistics xyz and helper and wiki i will avoid them for the next time to be save

I'm done with this game until they implement authenticators or restores.

So much wasted time.

"

Selanmer wrote:

Educated gamer spouts off on forums mixing his/her irrelevant opinion about things he/she does not fully understand.

Fixed your quote, Selanmer.

While I think that user error, lack of proper password security, selection, and secrecy probably accounts for a large sum - even the bulk - of compromised accounts, it's silly to utterly and summarily discount a vulnerability in either the client or server software of a beta game from a small studio. Nobody is doing the community or GGG any favors by being rabidly defensive or worse, combative and downright mean to people who may have lost their progress.

Chris, in your OP, how can you be so 100% certain that the software you've put forth for users to consume is 100% bug free when it comes to security (especially when there are some easily demonstrable security issues)? It seems pretty arrogant to assume a mistake couldn't have been made in this area, especially when there has been a sudden surge of hacked accounts.

Charan, given that you don't even write the PoE SW, how can you be sure a mistake hasn't been made in this area as well? Respectfully, I think you generally do a great job of modding, but I can't see how you're not speaking out of ignorance on this topic.

"

Thrombo wrote:

"

Selanmer wrote:

Educated gamer spouts off on forums mixing his/her irrelevant opinion about things he/she does not fully understand.

Fixed your quote, Selanmer. Dick.

Query: why would you call someone a dick in the same post as you address a moderator?

Also: you're right. I'm pulling out of this topic. My heart is too close to the subject, rather than my brain. I get a lot of information from the devs through talking to them but merely parroting what they say piecemeal and without full grasp of it is foolish.

So as a moderator, I'm warning you not to call other users offensive names.

"

Charan wrote:

Query: why would you call someone a dick in the same post as you address a moderator?

I have no idea what you're talking about. O:)









<whistling....>

"

Charan wrote:

I'm pulling out of this topic

Well isn't that convenient. I would have really appreciated some sort of response my previous post, given that it was mostly based around assertions that you made.

The guy got his account hacked because his email provider was insecure. Sure, GGG got dragged into it, but they wouldn't have been able to spoof the email in the first place if he had protected himself. He still got his stuff back.

This really get worsts as even mods and dev themselves are looking at the other way while addressing genuine concern of the users.

If the hackers true goal was to creates unrest and chaos within PoE community, then I say congratulation, because they have succeeded.

GGG is walking the plank atm , and truth is with every action as this, they make a small step towards the water . Where is the respect for the users . for the people than invested not only a few bucks , but their time and trust, with this game .

POE proves to be yet another dissapointing game due to customer poor support and lack of appreciation for their player base . Some will maybe get over it as i did .. but i will certainly not forget what happened and how i was treated .

Dont expect more cashing in from people that took the boot in the back and were treated with another boot from u GGG!

"

Danyels64 wrote:

GGG is walking the plank atm , and truth is with every action as this, they make a small step towards the water . Where is the respect for the users . for the people than invested not only a few bucks , but their time and trust, with this game .

POE proves to be yet another dissapointing game due to customer poor support and lack of appreciation for their player base . Some will maybe get over it as i did .. but i will certainly not forget what happened and how i was treated .

Dont expect more cashing in from people that took the boot in the back and were treated with another boot from u GGG!

I would not like to think that way. As far as GGG's been fallen, I still got hope that they could pull out of this. What they only need is to listen to their user's genuine concerns and throw away that big ego. There's no harm in admitting your mistakes, actually it would regain lost trusts you guys have been suffering.

Like I said, no harms done in throwing that big pride of yours, GGG.

Please remove the hashed password from game memory after loading the game. It would hopefully require the attackers to obtain full code execution inside the game client, rather than just leak memory. Maybe there are no bugs in the game client, maybe they already have full code execution, and maybe there's some other session credentials that could be used... but as an attacker, the hashed password is the first place i'd go. If it's an easy change, it might buy you some time to implement countermeasures