I think I am a pretty responsible person. I have specific emails with unique passwords for PoE and my email account. I haven't actually logged in since December when I first joined.
Anyway to the point.
I have only visited 2 sites that are not affiliated with PoE. The curse wiki, and poe.xyz.is.
Link to the forum post for poe.xyz.is.
Looking at the source code for poe.xyz.is I noticed this in the source code.
Piwik is a free and open source web analytics application. Which has been known to have malicious code injected. Now, again. I am no expert. But, this is a quote from Piwik website.
"enableLinkTracking( enable ) - Install link tracking on all applicable link elements. Set the enable parameter to true to use a pseudo-click handler to track browsers (such as Firefox) which don't generate click events for the middle mouse button. By default only "true" mouse click events are handled.
It seems rather suspect. And, I wish to bring discussion about this. Talking with a friend in game, whom was also hacked; was hacked after visiting this website.
A hacker recently breached Piwik.org and added malicious code to the .zip file containing Piwik 1.9.2.
"Created in 2007 by New Zealand-based French national Matthieu Aubry, the web analytics platform is currently used by 460,000 websites in 150 countries, according to Piwik," notes CSO Online's Liam Tung.
"You would be at risk only if you installed or updated to Piwik 1.9.2 on Nov 26th from 15:43 UTC to 23:59 UTC," the Piwik team stated in a security announcement. "If you are not using 1.9.2, or if you have updated to 1.9.2 earlier than Nov 26th 15:40 UTC or from Nov 27th, you should be safe."
"Customers who believe they might be impacted are advised to check for a piece of malicious code at the end of the Loader.php file located in the Core directory," writes Softpedia's Eduard Kovacs. "If the code is present, they must back up config.ini.php, delete the Piwik directory, and download a clean version from piwik.org."
"In their report they say it was compromised through a vulnerability on a WordPress Plugin, but didn’t provide any details on which one caused it," writes Sucuri CTO Daniel Cid.
"The hack is only the latest to compromise a popular provider of open-source software," notes Ars Technica's Dan Goodin. "In September, malicious code was found in phpMyAdmin after one of the mirror sites for SourceForge, which hosts more than 324,000 open-source projects, was compromised. In June 2011, WordPress required all account holders on WordPress.org to change their passwords following the discovery that hackers contaminated it with malicious software. Three months earlier, maintainers of the PHP programming language spent several days scouring their source code for malicious modifications after discovering the security of one of their servers had been breached."