[Warning] my account got hacked

Hello everyone,

This is very unfortunate and i really didn't expect it. I have been playing this game since 2012. I even just bought ascendant supporter pack today to show my appreciation to GGG and a few hours later when i tried to log in the game says the account does not exist. I quickly searched for emails, found nothing inbox. then in the trash i found a mail requesting to change my mail address to this qianbengchengwa@163.com which GGG seems to approve. for the link of the mail it seems like a chinese website. I do not know how it was possible and how the cheater accessed my mail or my game, but he already started messing with my stash and character.

I can somehow view things from my browser as i am still logged in it. and I can see that the cheater has renamed my currency stash tab to ~b/o 0 alt. already all the exalted stored in my standard currency stash is gone.


then he messed with my perandus league character

I am really frustrated. This is absolutely disturbing to me because I have never once got my account hacked in any game I have played in my life. I have tried antivirus and malware detection software to check my PC but could not find anything.
I don't have the slightest idea how it happened. I honestly cannot think of any possible way ( at least within my knowledge ) of someone being able to hack my account.

I have been using the same email address since 2012 for logging in, purchase or mailing to GGG. I believe if GGG checks my account history they will find the truth.

Normally GGG is very prompt on answering mail but i haven't gotten a single response from GGG yet for about 2hours or so. I am a loyal and long time customer and i humbly request GGG to resolve the matter before the cheater does more damage to my toons.

My user name is Archzin. and my original login is from yahoo.com not from any random chinese website.

I am writing this so that other people are aware of what can happen. I hope this does not happen to anyone else and GGG can take an extra security measures like (phone code or something) to prevent this from happening to players. Now-a-days Emails can get hacked easily it seems. So a SMS system or phone app can help along a lot.

I completely understand GGG cannot do anything to prevent email address changes or password resets if the mail comes from original user. But i would like declare that i have never used or will use any email address beside one i use for logging in since 2012. I would recommend GGG to check my mailing history and they will understand.

Please GGG do something ASAP.

Any exiles reading this please refrain from trading or scams from any user named "Archzin" for the time being.

Thanks.

You have access to your account as you are posting here?

My advice until GGG contacts you:

Change your email back if can and then change your password immediately. After doing this get a more secure email address that isn't free if that's what you have. Then make sure your POE password is unique (not used by you anywhere else).

"

Vaydra wrote:

You have access to your account as you are posting here?

My advice until GGG contacts you:

Change your email back if can and then change your password immediately. After doing this get a more secure email address that isn't free if that's what you have. Then make sure your POE password is unique (not used by you anywhere else).

As i was logged in my browser since morning, i can still see things and post from only from the pc i am logged in. I cannot access game or change anything other than that. I think when my web logged session is over, I may not be even be able to see my profile in browser anymore.

I tries logging to browser from another pc using mmy original mail adress .... says account do not exist.

There really should be software protocols in place that lets any prior location/computer/email lock their associated account until someone at GGG can respond/investigate.

And there should be two factor authentication.
And it should be more difficult to change email/password from a different computer/location and more difficult to login from a different computer/location, especially after changing email/password. At least then if someone uses a RAT to change your email/pass you can disconnect from the internet to limit the damage.

By the time this gets looked at every item/currency you've worked on since 2012 will be gone.

It doesn't matter how long or difficult or unique your password is. Gmail, Hotmail, Yahoo, and others are all vulnerable according to today's IBT article: http://www.ibtimes.co.uk/hackers-can-break-into-your-gmail-hotmail-yahoo-account-just-129-says-dell-1553764. With current RMT prices people get more from liquidating the goods from long-time accounts than it costs for the email hack service.

Of course GGG could kill RMT demand/prices by making things like mirrors, exalts, and good rares much more accessible, going all out account bound like Blizzard did in D3, or simply releasing/selling a moddable offline mode. But with their focus on the economy so strong that's quite unlikely. So there needs to be better account protection. And much more RMT banning. Seeing 30+ legacy 20+ex uniques of every type being sold by the same account is a joke.

"

archzin wrote:

"

Vaydra wrote:

You have access to your account as you are posting here?

My advice until GGG contacts you:

Change your email back if can and then change your password immediately. After doing this get a more secure email address that isn't free if that's what you have. Then make sure your POE password is unique (not used by you anywhere else).

As i was logged in my browser since morning, i can still see things and post from only from the pc i am logged in. I cannot access game or change anything other than that. I think when my web logged session is over, I may not be even be able to see my profile in browser anymore.

I tries logging to browser from another pc using mmy original mail adress .... says account do not exist.

Try the new email address and the old password?

"

Vhlad wrote:

There really should be software protocols in place that lets any prior location/computer/email lock their associated account until someone at GGG can respond/investigate.

And there should be two factor authentication.
And it should be more difficult to change email/password from a different computer/location and more difficult to login from a different computer/location, especially after changing email/password. At least then if someone uses a RAT to change your email/pass you can disconnect from the internet to limit the damage.

By the time this gets looked at every item/currency you've worked on since 2012 will be gone.

It doesn't matter how long or difficult or unique your password is. Gmail, Hotmail, Yahoo, and others are all vulnerable according to today's IBT article: http://www.ibtimes.co.uk/hackers-can-break-into-your-gmail-hotmail-yahoo-account-just-129-says-dell-1553764. With current RMT prices people get more from liquidating the goods from long-time accounts than it costs for the email hack service.

Of course GGG could kill RMT demand/prices by making things like mirrors, exalts, and good rares much more accessible, going all out account bound like Blizzard did in D3, or simply releasing/selling a moddable offline mode. But with their focus on the economy so strong that's quite unlikely. So there needs to be better account protection. And much more RMT banning. Seeing 30+ legacy 20+ex uniques of every type being sold by the same account is a joke.

Totally agree with you about two factor verification. A simple app (like Blizzard Authenticator), SMS verifcation code or even multiple layered security questions should be in place for changing password or emails. GGG should really take a look at betterment of account protection as more things like this can occur in future.

If you managed to get hacked with the security thats already in place then it's very likely that even if they did add more layers that you would still end up compromised

Not only do the hacker have full access to your email address but they have managed to also get your game account details.

Quite a few of the better email providers offer layered security, including IP locking and sending that unlock code to a mobile.

Not much more GGG can do...if your shit was secure it wouldn't be a problem but it isn't.

"

lagwin1980 wrote:

If you managed to get hacked with the security thats already in place then it's very likely that even if they did add more layers that you would still end up compromised

Not only do the hacker have full access to your email address but they have managed to also get your game account details.

Quite a few of the better email providers offer layered security, including IP locking and sending that unlock code to a mobile.

Not much more GGG can do...if your shit was secure it wouldn't be a problem but it isn't.

How would that even be possible? To hack someone's email account AND poe account short of a keylogger.

Hi, I am OP (Archzin) logging in with a new account to let everyone know that i just have lost my browser access to view my my POE Profile. Can't log in to Poe website anymore with my original account. So I am kind of blind to what's happening in my stash right now. Really wish GGG can help me out.

"

deathrack wrote:

Hi, I am OP (Archzin) logging in with a new account to let everyone know that i just have lost my browser access to view my my POE Profile. Can't log in to Poe website anymore with my original account. So I am kind of blind to what's happening in my stash right now. Really wish GGG can help me out.

But.. the thread was moved from general discussion to help and information.
They didn't actually help you/lock your account?

llol