Announcements - Potential User Data Breach - Forum

" Chris wrote: " So does this mean they also had steam password access if your game is connected to steam? PW wise. They couldn't get your Steam password. We don't know those on our end. Does this mean you also don't know Steam account names? I know that if you play using a steam account you still have to make a forum account the first time you log in. Is the forum name the only thing GGG saves for steam users?	Posted by Ezzi on Mar 30, 2017, 9:01:32 AM Quote this Post
you can test your passwords here: https://www.grc.com/haystack.htm Last edited by kompaniet on Mar 30, 2017, 11:45:33 AM	Posted by kompaniet on Mar 30, 2017, 11:41:57 AM Quote this Post
" kompaniet wrote: you can test your passwords here: https://www.grc.com/haystack.htm I tried a similar password for my GGG account (not my password, but same number of characters, upper & lower case alpha, numbers, and special characters) on that site. Even in the best scenario, "Massive Cracking Array Scenario: (Assuming one hundred trillion guesses per second)", it would take 11.52 thousand trillion centuries to brute force my password. I think it's safe provided no one gets both the salt and hash to my password from some less-than-secure GGG database. Just know that if your password is in the top million or so of the common passwords list, you're in trouble. Even of the 10 million is widely used for brute force attacks. ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▒▒▒▒░░░░░ cipher_nemo ░░░░░▒▒▒▒ │ Waggro Level: ♠○○○○ │ 1244 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ Last edited by cipher_nemo on Mar 30, 2017, 1:54:17 PM	Posted by cipher_nemo on Mar 30, 2017, 1:47:34 PM Quote this Post
" Ezzi wrote: Does this mean you also don't know Steam account names? I know that if you play using a steam account you still have to make a forum account the first time you log in. Is the forum name the only thing GGG saves for steam users? Yes, Valve do not share Steam account names with third-party companies. They give companies like GGG a UUID so they can identify you, without sharing sensitive information. If you'll forgive the pedantry, you create a Path of Exile account - not a forum account. You don't appear to be using the same account on the forum and in-game. If you'd like to, then log out of the forum and use the green Sign In Through STEAM button on the log in page. If you're using different accounts intentionally, then that's totally fine - it is, of course, up to you. :) “Please understand that imposing strong negative views regarding our team on to other players when you are representing our most helpful forum posters is not appropriate.” — GGG 2022 ---- I'm not 'Sarno' on Discord. I don't know who that is. Last edited by Sarno on Mar 30, 2017, 3:37:12 PM	Posted by Sarno on Mar 30, 2017, 1:57:05 PM Quote this Post
i want a refund for poe Yeet Yote Yate	Posted by mysxepantaloos on Mar 30, 2017, 6:44:03 PM Quote this Post
Thanks Chris, password changed :) ~ Adapt, Improvise and Overcome	Posted by DoubleU on Mar 30, 2017, 7:41:50 PM Quote this Post
" cipher_nemo wrote: " kompaniet wrote: you can test your passwords here: https://www.grc.com/haystack.htm I tried a similar password for my GGG account (not my password, but same number of characters, upper & lower case alpha, numbers, and special characters) on that site. Even in the best scenario, "Massive Cracking Array Scenario: (Assuming one hundred trillion guesses per second)", it would take 11.52 thousand trillion centuries to brute force my password. I think it's safe provided no one gets both the salt and hash to my password from some less-than-secure GGG database. Just know that if your password is in the top million or so of the common passwords list, you're in trouble. Even of the 10 million is widely used for brute force attacks. yes that's a very strong password you have. interesting link i will check that out.	Posted by kompaniet on Mar 31, 2017, 10:55:17 AM Quote this Post
Hi All, Right now trying to log into the game I received a message saying that my account has been accessed or tried to be accessed from another location. My location I have been playing for 2+ years said on the unlock email: Your Path of Exile account has been locked because someone attempted to log in from a location that you don't typically play from ....(my current address). I find that part very odd. I wasn't planning on changing my password as I felt it was strong, however I would strongly urge all to change their passwords as a precaution. Salted and hashed may mean our passwords are safe, though not that it won't be tried against our accounts. Seem mine was tried, and currently checking my account to make sure nothing is gone or missing. I have to go to work, so once I get a break I will upload the images I print screened to show what I just mentioned to get my account back, and password reset. P̯̹̙̥̉̏ͦͯA̠̝̰̣̯͕͚̲̭͈̥̠͑̓̿ͦ̾ͯ̍ͅͅȚ̜̦͕̞̞̠̮͎͔͙͔̺̺͉̟̿̿̏ͬ͛͋̍ͮ̌̚H̹͕͚̟͍̘̤̱̻̬͓̬̮̫̦͖̳̹ͮͨ̒̉ͮ̿̈ͪ̇̿͆ͭ̃ͭ̃ͭ̚ ̲̫̞̤͓̳͑ͬ̾͌ͯ͐͂̿͗ͨ͋͑̍͐͗̾̄O͕̮̻͔̳̠͉͖̳͖͈̻͇͈̣̙̪͈ͨ͐̒̽ͣ̋ͅF̣͎̞̞̯̝ͦ͌̆ͥ̈͐̾ͣ̔ͮ̐̀̏ͪ̚ ̟̩͙̙̩̮̻̼ͬ͑ͥͦ͗̿E̼̭̩̜͕̱̤̭̞͖̳͍̝̤̼͓̗ͩͫ̌ͬ̊̋̄͑͗̽X͕̰̪̱̲̩̙̦͓͓̯̠̤̝̝̯̣̥̀̋̌̍̚Ȉ̖̟͔̩̝̊̿ͪͅL̺͓̻̰̀͋̅ͮͧE̎̑͆̏ Last edited by Snapfire on Mar 31, 2017, 12:08:41 PM	Posted by Snapfire on Mar 31, 2017, 11:56:45 AM Quote this Post
Thanks for the heads up, only happened to hear about this on reddit though :-\ mildly disappointed it wasn't a bigger announcement. GG, GGG! I can finally be the flamethrowing psycho Marauder I've always dreamt to be! Wish they had a hockey mask MTX & a gore scorching ray skill gem MTX mmmm one can hope!	Posted by Dublins on Mar 31, 2017, 11:59:07 AM Quote this Post
Thanks for the heads up GGG.. Just another example why you (everyone in general) should use MFA whenever possible!! If you are a steam user like me, Steam offers MFA.. Enable it!!! Yeah its an extra step when logging in, but it's worth it.. Regards..	Posted by Thadenkeen on Mar 31, 2017, 11:25:25 PM Quote this Post