PSA: Check Your PayPal — Found an Unauthorized Xsolla Charge on My PoE Account
" Yeah it's not an account hack thing, they just have your PayPal data and they can do whatever they want with it, simple as that. | |
" they don't have your paypal access, only POE, which in turn use Xosolla without any 2-factor to pay for purchase via paypal autopayment So that they can only purchase poe 2 and giveaway key, instead of just buy a lot of crypto This is the start of forum signature: I am not a GGG employee. About the username: Did you know Kowloon Gundam is made in Neo Hong Kong?
quote from the first page: "Please post one thread per issue, and check the forum for similar posts first" This is the end of forum signature |
|
|
According to GGG there is 2FA for PoE, to quote them in their email response to me:
"Two-factor authentication is enabled by default for Path of Exile accounts with email addresses associated with them in the form of the unlock code system. If anyone attempts to access the game from a new location using an email address and password they will need access to that email address to retrieve the verification code. Enabling two-factor authentication on that email address further enhances this security." If that is true then it makes no sense that someone logged in to my PoE account to make a purhcase without me getting any emails or needing to verify by a code. So the conclusion must be that there is an exploit on the Xsolla end of things, maybe if you have someones PoE credentials you can use Xsolla to bypass all the PoE safeguards and make a purchase that way, no idea how they get the key after doing the purhcase though, maybe that is also something you can get via Xsolla somehow. But if you unlink Xsolla from your Paypal and if they don't have your credit card details then it shouldn't be possible anymore. |
|
