Please stop this.. another friend got hacked..

"

sanleon wrote:

Hey man i want to buy your infernal mantle for 50 exalts but poexyz gives me an error...
Could you please visit this phising link so i can get your stuff for free?

Where is the link?

[Post Edited by Support]

I already explained why Zero day is called zero day. Does the threat exist ? Yes. However, many of said threats have already been filled, hints why i said that anti-virus will generally detect it. Zero day exploits arent found instantaneously by the people exploiting them, it takes time.

If theyre using it on said sites for long periods of time, chances are, its been filled in and anti-virus will detect it. The likeliness of being keylogged/hacked is very low in this case.

It can pretty much be agreed upon that said users were doing something they shouldnt of been, on a site that they shouldnt of been on. Zero day users arent going to go specifically for a POE account, theyre going to go for far more valuable information. Thats the product of being on a POE specific targeted site, more than likely an RMT website or another shady POE based website as ive said before.

"

Tin_Foil_Hat wrote:

It can pretty much be agreed upon that said users were doing something they shouldnt of been, on a site that they shouldnt of been on.

I for one, have to disagree.

The weakness in PoE's account security is that it's tied to an email address. If your email details are compromised as a result of having used them sometime in the past to register at an unrelated site that has been hacked, (Ebay or Target for instance), then you could well be fucked here at PoE too.

Game client really needs it own 2 factor authentication and something as basic as a PIN to access the character screen would have saved the contents of many accounts.

"

BazzV5 wrote:

"

Tin_Foil_Hat wrote:

It can pretty much be agreed upon that said users were doing something they shouldnt of been, on a site that they shouldnt of been on.

I for one, have to disagree.

The weakness in PoE's account security is that it's tied to an email address. If your email details are compromised as a result of having used them sometime in the past to register at an unrelated site that has been hacked, (Ebay or Target for instance), then you could well be fucked here at PoE too.

Game client really needs it own 2 factor authentication and something as basic as a PIN to access the character screen would have saved the contents of many accounts.

Thats really a completely separate topic, people have been hacked with authenticaters. Personally, played WoW from Classic-MOP, never used an authenticater, never got hacked, i had tons of stuff people would want to steal (Gold, Mats, etc [not to mention theyd probably want to steal my entire account in general if they did go for it since i had alot of rare things such as legendaries, low drop rate rare mounts, achievement mounts]). Im not convinced by authenticaters.

Again, they arent going to go for a POE account if theyre on regular old websites like target or ebay, theyre going to go for your credit card information or other sensitive personal information.

They would pretty much have to be on a shady POE based site for the zero day users to even bother with their POE account, especially if theyre going as far as deleting players characters after swiping their stuff.

I mean anything could happen, dont get me wrong, im just stating that the possibility of a zero day user getting or even giving two shits about your POE account from another site (regular sites, non-poe based) is pretty much abyssal.

"

BazzV5 wrote:

"

Tin_Foil_Hat wrote:

It can pretty much be agreed upon that said users were doing something they shouldnt of been, on a site that they shouldnt of been on.

I for one, have to disagree.

The weakness in PoE's account security is that it's tied to an email address. If your email details are compromised as a result of having used them sometime in the past to register at an unrelated site that has been hacked, (Ebay or Target for instance), then you could well be fucked here at PoE too.

Game client really needs it own 2 factor authentication and something as basic as a PIN to access the character screen would have saved the contents of many accounts.

For myself it was the dungeons and dragons online offer wall. They had a subsection of their site that was to contain 'offers' which would give in-game currency for completing their offers. While I never touched any of them as they were obvious scams, there was an issue where they would still send the email addresses of anyone who even cached the page to these scammers unencrypted. So my email address, which was used for other games, ended up in the hands of scammers and rmt site owners in china who then tried to brute force their way into every game in existence using my email address as the log-in. While they never got into any of them, the sheer numbers of attempts they made got my guild wars and bnet accounts account locked up as a result and I had to call to unlock my guild wars one (bnet one is still locked up). That email address which had been clean to that point was spammed to hell with phishing scams from that point on as well and I had to abandon that old email address.


Check it out, the whole thing made me hate turbine.. a company I once loved. For no benefit to themselves even, they had sent my email address to companies that would try to abuse it to steal accounts. Thankfully all the profile info I had on my 'myDDO' page was false and kept them from social engineering any actual info about me from it.

http://massively.joystiq.com/2010/04/13/fans-have-strong-reaction-to-dungeons-and-dragons-online-offer-w/

"

CharanJaydemyr wrote:

My first reaction is 'hacked multiple times, when most players don't get hacked once? Yeah, that's probably not GGG's fault.'

Please note I am still sympathetic towards those who do get hacked -- I watched it happen to probably the finest member of our community, a multi-diamond supporter who's never posted anything mean or negative, and who has created some extremely cool items. There's no way he'd engage in shadiness, but still it happened. I don't think it's a black and white case of 'you got hacked? you deserve it!' but I do think the overwhelming majority of times it happens are out of GGG's hands.

Well there are some cases when it isnt shady stuff, but very few, the only one that i can recall was when prozon got hacked because ggg gave a random dude preteding to be him his log in info, its also the only time i can recall when ggg restored someones items and HC char which was awesome.

But really, most of them are because of fishy business or the player's fault for giving away his log info to some scam

"

Tin_Foil_Hat wrote:

I mean anything could happen, dont get me wrong, im just stating that the possibility of a zero day user getting or even giving two shits about your POE account from another site (regular sites, non-poe based) is pretty much abyssal.

That's not true at all. Off the top of my head, I can think of three non gaming sites that have sent me advisory emails to change password due to being hacked and two were non-gaming forums. ie no credit card data stored. The third one was Ebay.

Why even target forums if not to gather email/password combinations that can be tried and used elsewhere?

But thats where PoE's account security policy falls down. It puts the onus of security back on the user by assuming email address/passwords are clean and uncompromised even though many are not.

There used to be a sticky thread in these forums, that from memory, was well over 100 pages long here with different users being hacked. And I put my balls on the line and say many of them could not have happened if the client had 2 factor authentication rather than the useless change of IP protection that is currently in place.

"

BazzV5 wrote:

"

Tin_Foil_Hat wrote:

It can pretty much be agreed upon that said users were doing something they shouldnt of been, on a site that they shouldnt of been on.

I for one, have to disagree.

The weakness in PoE's account security is that it's tied to an email address. If your email details are compromised as a result of having used them sometime in the past to register at an unrelated site that has been hacked, (Ebay or Target for instance), then you could well be fucked here at PoE too.

Game client really needs it own 2 factor authentication and something as basic as a PIN to access the character screen would have saved the contents of many accounts.

Fun story, but i never met "innocent hacked players". There is always a small detail. Untold detail.

But there would always be people who will try to defend "hacked one".
And they won't even try to read the arguments and "story behind it", nor think about the provided information (which, btw, indicates on the guilt of the "hacked")

Let's play "House M.D."?

1)

"

AkamuCZ wrote:

Btw1. For those who think their security wasn´t enought, one of them had mail on gmail, with verifying tho mobile phone, he did not get message that means hacker got on his account WITHOUT using security code while loging from other IP than usual. He also had different password ingame and on gmail, generated - no "password123"... random symbols.

So your "weakness in PoE is mail..." is irrelevant. We are being told that the victim has "excellent security".
And yet, the hacker(s) hacked that "perfect measures" 12 times in a row. Kudos to great hacker(s)?..


2) (possibly irrelevant also, but still)
I play online games for a long time. And was never "hacked". Same goes for all my friends.
Why? Because we don't use cheats, hacks, and such.
And i'm sure that most of you are the same. No "illegal activity" - no problems.

Victim usually think simple: "This maphack isn't detectable by server - i'll install it. I'm the smartest and slyest person".
Sure. You are...

3) You may not believe in or can deny it, but i witnessed 20, 25, 30-yrs old people (furthermore, familiar with IT and such) who still fall for "hey, that site offers me free gold\items\level-up\etc - i should send my account info to them".
There are (and would be)plenty of people who still fall for (good old) phishing sites tricks.

4) Blurted out evidences? Here you go:

"

AkamuCZ wrote:

Another Fact, All of my friends got hacked same way it´s like 10-12 friends could forgot someone, could name them. The guy who hacks it usually when he comes put status something like tinyurl.com/poehacks

Now we have a "suspect"? Because that url provides you "PoE AoB Multihack.rar"

Don't forget to "clean yourself" with

"

AkamuCZ wrote:

never checked it

phrase ^_^

Put some distraction in topic

"

AkamuCZ wrote:

tbh, I think some rmt site does that..

And combo-finish, evoking sympathy with implanting the indirect guilt feelings

"

AkamuCZ wrote:

"

VictorDoom wrote:

Usually when people get hacked it means theyve been doing something fishy

Usually maybe, not always.

Btw. people usually don´t believe until it happen to them..., but I understand you, I was same :)

Guilty. Case closed.

P.S. everybody lies ©

"

HarukaTeno wrote:

Fun story, but i never met "innocent hacked players". There is always a small detail. Untold detail.

Ohhh please. Black hats don't discriminate between innocent and guilty accounts.


Even Chris posted about the, (his second post in this thread), although it was D3 in his case rather than PoE.

http://www.pathofexile.com/forum/view-thread/172532/page/1

Even the 'cleanest saints' cheat and hack. Not all of them. Not every time opportunity arises..but..

Internet have seen several 'saints' loose their masks to the astonishments of masses

Hacking poe players? Who does that? Only reason to waste bot-processing-power on poe accounts is irrititating streamers. And this is easily done with ddos. No need to try and break sometimes very long passwords.

Heck. All streamers have visible logins. Ziggy and krip do not hide it. So the 'email is the weakness' is not true.

What happens in 99% cases is a flirt with rmt/hack site. And what happens afterwards in 100% cases is pledging innocent.

Ive never been hacked once. I just dont go stupid places. Nor click stupid links. And dont try to pretend innocent when experienced players smell rat for a mile.