Account has been hacked.
" Chris, If you're looking at those being causes, you're not looking in the right place. Your system has been compromised on your end, you've copy/pasted this several times in the other users thread and none of them apply, which is the same in my case. My advice - take your servers down, and find the software leaking your information. Once they start getting credit card information, if they haven't already, your company is in a SERIOUS world of hurt. GGG is small, and a lawsuit at this point will kill your dream. From one business owner to another, take the damn server down. Also, being registered as a limited company, your company will not protect your personal assets. Having less than ~$1,000,000 US in assets, you'll lose your homes, savings, everything. A quick google search shows there are only 4 of you as registered agents. If they gain access to credit card information, again assuming they haven't already, your lives will be ruined. Take the servers offline Chris. |
|
" We do not store any credit card information. We're still gathering data on the small percentage of users that have had their passwords compromised, so I don't mean to speak too soon, but so far it overwhelmingly looks like regular password theft that occurs due to the above actions that users can do (i.e. not due to anything that we can control on our end). I'm spending a lot of time on this at the moment and will post more information once we have more to say. If I had any suspicion at all that our servers had been compromised we'd of course have taken them down. We take so many pains to keep user data secure, and there's no sign that anything has been stolen from us. Last edited by Chris on Feb 7, 2013, 12:05:11 AM
| |
|
Every online game in the world has users who have accidentally leaked their passwords. Once a few people post about that, it would be easy to draw a conclusion that the company doesn't know what they are doing and has had their database compromised. We have been looking into this extensively all week and there's no sign of anything like that.
If our database was compromised, the first hashed/salted passwords that the attackers would try to crack would be the ones at the top of the ladder, not the characters that are actually being accessed. We can already see that many compromised accounts are linked to config files being distributed, infected hack software, etc. These are real things that cause people to lose their accounts, and we are working on ways to keep those people's accounts safe. The players with ten thousand times more in-game wealth are not being targeted - because no one has access to our database. They just have a few hundred stolen (from users, not from us!) passwords as far as we can see. Anyway, we'll post a more formal update once we've finished parsing all the data of who has accessed what accounts. Last edited by Chris on Feb 7, 2013, 12:11:13 AM
| |
|
So what about my case?
No config files, never given my password to any one, not even my mother. No leveling services, No hacking programs, no botting, no config files etc?!?! Last edited by sirspikey on Feb 7, 2013, 12:36:27 AM
| |
|
It's like none of you have ever followed any on line game ever, there are so many ways to compromise a users account virtually none of which are GGG's fault.
If i read right the passwords are not stored in GGG servers at all but the hash for it is the game is also encrypted. Now i'll point something out that some of you probably don't even know of. https://addons.mozilla.org/en-US/firefox/blocked/p182 This'll be the same on any of your browsers....disable it until there's an update. Get malware bytes and a good AV and restart your PC in safe mode and run them. If clean then change your email password then game passwords just in case someone has somehow managed to access your email account. Use stuff like noscript and add block because you can compromise yourself through add's AND flash video. Ancestral Bond. It's a thing that does stuff. -Vipermagi
He who controls the pants controls the galaxy. - Rick & Morty S3E1 |
|
" The person who accessed your account has only accessed a total of 25 accounts. I don't know how he got your password. The IP is from China. | |
|
Other players being compromised isn't evidence that it is an issue on GGG's side of things. This is merely circumstantial. You also can't rely that all reports are real. I have seen a few suspicious "ya me too" type posts without real details.
Back to circumstantial evidence. It remains a fact that most players who are compromised in online games, generally speaking, are compromised via user activity. Circumstantial evidence cuts both ways: You can lump yourselves in with a small number of hacked PoE players, claiming you have an unique password and your pc is clean etc etc. But you are lumped into a larger group (hacked online accounts) and, in that larger group, individuals with compromised accounts/passwords/etc. are primarily to blame. My point is that just because other players are claiming to be hacked, that doesn't mean that it is a compromised server. It is still just as likely that you are individually responsible. Last edited by Britannicus on Feb 7, 2013, 1:28:12 AM
|
|
" Is your account password the same as a password which you use on any gaming sites, wikias, etc.? |
|
|
Those maphacks what are "leaked/released" contains keyloggers and they email your settings file to 2 diffrent gmail address (and that maphack doesnt even work. lol.)
| |
|
A few days ago, I noticed a user posting links to a build that actually linked to a site that looked like the official site but wasn't, and required you to log in. It looked like (from his post history) he'd been doing this for quite some time. I PM'd support and the user was (apparently) banned very quickly. The mods/devs are really involved in the community and that's rare.
You need to be careful what links you follow. Always check the url whenever you've followed a seemingly innocent link that requires you to log in (not just for PoE, but anything). My suggestion for GGG would be to display a warning when following a link from the forums to any site that isn't the official site, like a lot of forums do. But still it's the responsibility of the player to keep his/her password safe. |
