Is this third-party stash app safe?

In light of GGG saying they can't recover accounts that have been compromised, I think it's worth questioning which third-party applications are safe especially when many require login info.

There's a new tool called Procurement that has some very useful features:


Here's the link on reddit:


Can someone who is more technically savvy than me elaborate on the potential risks/safety concerning applications that require login info?

I am aware of virus scans and it appears to be scanning clean, but is that enough to trust a program with my credentials?

^

How much are they paying you for this advertisement?

lmfao ^

"

Jim_Fear wrote:

How much are they paying you for this advertisement?

The same amount that I paid you for bumping this.

"

Jim_Fear wrote:

How much are they paying you for this advertisement?

You know how hackers are....they dont get paid unless they win...alot like lawyers.

Rule of thumb: if your question starts with "is this third party" the answer is "no. Fuck no."

If the question doesn't start with "is this third party" but has "requires login info" and *isn't* produced by the game company, the answer is "no. Fuck no."

If the question both starts with "is this third party" AND "requires login info" then the answer is "holy crap, back away from the internet slowly!"

"

CrystalisQualinthi wrote:

Rule of thumb: if your question starts with "is this third party" the answer is "no. Fuck no."

If the question doesn't start with "is this third party" but has "requires login info" and *isn't* produced by the game company, the answer is "no. Fuck no."

If the question both starts with "is this third party" AND "requires login info" then the answer is "holy crap, back away from the internet slowly!"

I disagree with the first, but the other two I stand with you!

"

CrystalisQualinthi wrote:

Rule of thumb

My thumbs have rules?

"

Luvz wrote:

Can someone who is more technically savvy than me elaborate on the potential risks/safety concerning applications that require login info?

I am aware of virus scans and it appears to be scanning clean, but is that enough to trust a program with my credentials?

Virus scanners are only as good as their definitions. Thus, if no one has reported the app as a virus or other piece of malware then the app will scan clean. Security software *is* becoming more complex to where it can recognize certain action types as malicious and block from there, but the scenario you described requires zero malicious action on the programs part to get what 100% of every hack attempt *always* wants which is your user/password.

Let's examine what happens once you give someone else your user/password.

Best case scenario - your user/password is unique to this game and never used in combo anywhere else. Result - they only were able to log in as you to Path of Exile and take all your stuff.

Worst case scenario - your user/password is NOT unique to this game and in fact is shared with your email address or other websites. Result - they are logging in as you anywhere that user/password combo is good and able to use this info to further compromise you, especially if they were able to compromise your email account. Now they can just use 'forgot password' on all sites that send reset requests to your email address and reset your passwords for you on any site they want.

In summary - unless you personally know the coder and can drive to his house and kick him in the junk if he uses your user/pass to rip you off, I'd never use any app that requires login information to a game.