Please stop this.. another friend got hacked..

I still say that based on this happening within a "circle of friends" that passwords are being shared and one of your "friends" or "friends of a friend" ended up with the account information.

"

Shagsbeard wrote:

I still say that based on this happening within a "circle of friends" that passwords are being shared and one of your "friends" or "friends of a friend" ended up with the account information.

They don´t even know each other.... Already wrote it.

"

sidtherat wrote:

Heck. All streamers have visible logins. Ziggy and krip do not hide it. So the 'email is the weakness' is not true.

You need the email password as well silly!

We're not talking about brute forcing here but moreso that many people use the same email/password combo across numerous sites/games. The email is a SPoF for PoE's security setup.

"

BazzV5 wrote:

"

HarukaTeno wrote:

Fun story, but i never met "innocent hacked players". There is always a small detail. Untold detail.

Ohhh please. Black hats don't discriminate between innocent and guilty accounts.


Even Chris posted about the, (his second post in this thread), although it was D3 in his case rather than PoE.

http://www.pathofexile.com/forum/view-thread/172532/page/1

And you still defending them. Okay, whatever.

I was talking about single cases of direct 'hax'. Like 1-10 people, not "mass leakage" of passwords

(harsh IRL example)
If gunfire happens in public place - yes, victims aren't guilty that they were there.

But this case (12 "friends" hacked) is like if they go under the bullets on purpose ("downloaded cheats\hacks\visit phishing site\etc) and then they blame the government (GGG) for bad security.

"

BazzV5 wrote:

"

sidtherat wrote:

Heck. All streamers have visible logins. Ziggy and krip do not hide it. So the 'email is the weakness' is not true.

You need the email password as well silly!

We're not talking about brute forcing here but moreso that many people use the same email/password combo across numerous sites/games. The email is a SPoF for PoE's security setup.

So you're saying that it's GGG's fault that people use BAD (or same) passwords?
Excellent...

P.S. what bothers me is that victims still didn't appear here.
Why would they need "a lawyer"?
Answer is simple: because they know that it's their fault

"

AkamuCZ wrote:

"

VictorDoom wrote:

Usually when people get hacked it means theyve been doing something fishy

Usually maybe, not always.

Btw. people usually don´t believe until it happen to them..., but I understand you, I was same :)

this is a niche game so if you really get a keylogger which captures your poe pass you tried to download a bot a maphack script or whatever no other site would have any interest in your poe password

the moment this game went to live version from open beta it had countless hack reports which were mostly a result of same password usage

d3 got hacked hard so the password list for d3 worked for path of exile in many cases

"

HarukaTeno wrote:

And you still defending them. Okay, whatever.

NO....not defending them at all. A group of 10-12 friends all getting hacked is suspicious.

What I am doing however is highlighting an ongoing security issue with the PoE client that affected me personally some 12 months ago.

"

HarukaTeno wrote:

So you're saying that it's GGG's fault that people use BAD (or same) passwords?
Excellent...

I didn't say it was GGG's fault.

I said they put the onus back on the player with their security policy. There is a difference.

Another lvl100 friend got hacked on 26.12. em_jake but all his chars are deleted... as always his char was rank 1 on std. Account "Dawwwis"

Just saying..

Am I the only one that's noticed the website we are currently using isn't using https ( ssl aka SECURE socket layer ). It's plain text and it doesn't take a wickedly smart hacker to sniff everything out. The only security we have on this site is security by obscurity.

spare me the .... blah blah blah same subnet to sniff... blah blah blah.

It's all fun and games until we are running around on the official forum site with our pants down. And then it's woodstock, or possibly Sparta!

"

buhdunkadunk wrote:

Am I the only one that's noticed the website we are currently using isn't using https ( ssl aka SECURE socket layer ). It's plain text and it doesn't take a wickedly smart hacker to sniff everything out. The only security we have on this site is security by obscurity.

spare me the .... blah blah blah same subnet to sniff... blah blah blah.

It's all fun and games until we are running around on the official forum site with our pants down. And then it's woodstock, or possibly Sparta!

You can get an addon in chrome or firefox to force ssl on certain websites, I recommend it for everyone. The thing is certain people might not have ssl enabled (work, old pc, whatever) and GGG wants to retain the ability for anyone to access the site so it doesn't force it on users, this isn't uncommon.

Simply get the addon, add the site and your ready to browse safe.

Assuming

1. you use different password for your account and email
2. you don't have an infection on your machine logging key strokes
3. you have the email unlock code setup

If you are using steam the same applies for that too.


In case I wasn't clear from above, you can simply added https:// in front of all the addresses to force ssl, which GGG fully supports, the addon just ads it for you.

The fact it append to level 100 toon is the hints considering the amount of people cheating and going rmt just to get level 100.




Not saying it is your friends case but I have seen things in past.