Gameplay Help and Discussion - HACKED, See if GGG cares. Read Bellow (Long) - Forum

" Bataille wrote: people are so quick to judge, claiming to know exactly what happened, saying it's his own fault. it might be but I wouldn't be so sure about that. passwords are stolen, bought and sold in large quantity. sometimes it's just bad luck I guess.. also I'm not really satisfied with how GGG handles cases like this either. I'm not talking about giving stuff back but showing some dedication to solve this. his stuff is probably gonna end up on some RMT site, so it's not just about him only. How do you know they don't do anything behind the scenes.	Posted by Kavlor on May 25, 2016, 6:13:24 AM Quote this Post
Your E-Mail, which is used only for POE AND your POE Password beeing hacked pretty much sounds as if it is your fault. http://www.pathofexile.com/forum/view-thread/1158669 Cyclone MARA Beginners and Advanced Guide.	Posted by Vincendra on May 25, 2016, 7:39:55 AM Quote this Post
" Vincendra wrote: Your E-Mail, which is used only for POE AND your POE Password beeing hacked pretty much sounds as if it is your fault. IF its my email that everyone is so quick to judge as the reason why did I not get prompted when I logged in? To answer the previous questions no one has access to my accounts or Emails, all passwords are different. I think people are missing something I have stated a few times. I am NOT asking for my stuff back, its gone...Get it. I'm trying to raise awareness in that all of your hard work on your account at this point could end up being for nothing...and that GGG will send you a cut and pasted generic email ( You get this so fast, it has to be generic ). and wont even pay you the respect to tell you that they are working on future fixes. 3+ years in this game, lord knows how many hours and I never once would have thought all my hard work and time spent was so easy to take....	Posted by shahmat1972 on May 25, 2016, 8:00:58 AM Quote this Post
If nothing else, GGG should be able to tell where the hacker logged in from. Maybe it was somebody close enough that the ip location lock didnt trigger. And to expand on what has been said, it's not enough to just have different passwords for everything. They also have to be passwords that were never used before. Hackers could have your password from a site you created an account on 10 years ago and never use but if you used that password again, you'd be vulnerable. Guild Leader The Amazon Basin <BASIN> Play Nice and Show Some Class www.theamazonbasin.com	Posted by mark1030 on May 25, 2016, 10:07:59 AM Quote this Post
" mark1030 wrote: If nothing else, GGG should be able to tell where the hacker logged in from. Maybe it was somebody close enough that the ip location lock didnt trigger. And to expand on what has been said, it's not enough to just have different passwords for everything. They also have to be passwords that were never used before. Hackers could have your password from a site you created an account on 10 years ago and never use but if you used that password again, you'd be vulnerable. SO if Email is the problem, how primitive is GGG at protecting our hard work? MOST have already had this battle and created a duel party authenticator...BLAM not inventing a new thing here. MAYBE an option to make the items we cherish BoP, giving them zero value to the thief.....All small idea's and I'm not even a programmer. WAY better then suck it up buttercup...Sorry about the 3 years of your work, and ALL the time you spent away from your family going in the dumpster.	Posted by shahmat1972 on May 25, 2016, 11:00:37 AM Quote this Post
I can see a few possibilities for how your account might be compromised without you getting the unlock code prompt. 1. The attacker gained access to your PoE email and used it to impersonate you to tech support, requesting the IP locking feature to be disabled. Apparently this is a thing they can do, although they don't recommend it. The email probably can also be used to reset a forgotten password. The attacker then emptied your account and deleted the relevant emails to hide evidence of their tampering. 2. The attacker gained access to your PoE password. One of your other computers was compromised by malware. The attacker installed a proxy on it and used that to log into the game. It's likely that your computers all share the same public IP address, so from the game servers' perspective it was business as usual and no unlock code was issued. 3. The attacker gained access to GGG's login servers, stole your password and modified your account settings to disable the IP locking feature. They then proceeded to clean the account. 4. The attacker gained access to GGG's backend servers and was able to directly transfer the items from your account to his own. They wouldn't even need to log into the game so no unlock codes were issued. Options 3 and 4 have two big problems: means and motive. The attacker would require high level access to manipulate sensitive information like passwords or game data. And assuming they did get in, they could access any account they chose - so why yours? Why not pick one of the top players with vast riches to their name?	Posted by databeaver on May 25, 2016, 11:24:53 AM Quote this Post
Very sorry to hear this happened, shahmat1972.	Posted by brenspin on May 25, 2016, 11:25:43 AM Quote this Post
" databeaver wrote: I can see a few possibilities for how your account might be compromised without you getting the unlock code prompt. 1. The attacker gained access to your PoE email and used it to impersonate you to tech support, requesting the IP locking feature to be disabled. Apparently this is a thing they can do, although they don't recommend it. The email probably can also be used to reset a forgotten password. The attacker then emptied your account and deleted the relevant emails to hide evidence of their tampering. 2. The attacker gained access to your PoE password. One of your other computers was compromised by malware. The attacker installed a proxy on it and used that to log into the game. It's likely that your computers all share the same public IP address, so from the game servers' perspective it was business as usual and no unlock code was issued. 3. The attacker gained access to GGG's login servers, stole your password and modified your account settings to disable the IP locking feature. They then proceeded to clean the account. 4. The attacker gained access to GGG's backend servers and was able to directly transfer the items from your account to his own. They wouldn't even need to log into the game so no unlock codes were issued. Options 3 and 4 have two big problems: means and motive. The attacker would require high level access to manipulate sensitive information like passwords or game data. And assuming they did get in, they could access any account they chose - so why yours? Why not pick one of the top players with vast riches to their name? All good info for the public. I actually hope at some point to farm a response from GGG on what they are doing to prevent this in the future. Give me something that makes me feel at least semi safe moving forward or why play?	Posted by shahmat1972 on May 25, 2016, 11:36:51 AM Quote this Post
" Vincendra wrote: Your E-Mail, which is used only for POE AND your POE Password beeing hacked pretty much sounds as if it is your fault. Guess you did not even read the post, its long...I understand	Posted by shahmat1972 on May 26, 2016, 8:25:00 AM Quote this Post
In the end GGG is the only one who can stop this hackings. If they want. They can look through logs, find the items, return them, ban/delete the accounts involved in hacking. GGG should do this couple of times and won't be worthing the time and effort for hacking as you will gain only a ban. The best way to deal with hackers. Otherwise....is like a society where the police will tell you "we are sorry that you got robbed. Try a better lock on the door next time" and no burgler will ever be caught. Who will want to live in such environment?	Posted by Piftiuta on May 27, 2016, 8:58:18 AM Quote this Post