Technical Support (Path of Exile 1) - Hacked today. Certainly on GGG's end. - Forum

Just adding to the flood. My username and password combination are entirely unique to this game. And, like most players, I haven't typed the username and password in anywhere since initial install weeks ago. This is on GGG's end, in that somewhere they are storing credentials is not secure. Will not be playing until GGG has an acceptable solution in place, inlcuding recompense for those of us who are victim to their shoddy security. Very disappointed with their current handling of the situation.	Posted by bluelightningflik#5007 on Feb 21, 2013, 3:42:32 AM Quote this Post
Did you use the unofficial skill planner hosted on google code? That's the only third part tool/website I used aside from the wiki. " bluelightningflik wrote: Just adding to the flood. My username and password combination are entirely unique to this game. And, like most players, I haven't typed the username and password in anywhere since initial install weeks ago. This is on GGG's end, in that somewhere they are storing credentials is not secure. Will not be playing until GGG has an acceptable solution in place, inlcuding recompense for those of us who are victim to their shoddy security. Very disappointed with their current handling of the situation.	Posted by tritonxiv#2728 on Feb 21, 2013, 3:50:31 AM Quote this Post
It's sad to say but using anything other than this website that involves PoE at this point is unsafe - that's including places like --link removed--, blah, etc. Oh, also, GGG has pretty much confirmed that a high number of the hacks are reports from people that have downloaded that stupid speed/maphack that people were spamming in party groups in the social menu last week, etc. Then people cry and come here and wonder where their stuff went. There has been 0 logged attempts on GGG's end of anyone obtaining anything from their servers, as they've stated. Last edited by ionface#0613 on May 23, 2013, 3:38:57 AM	Posted by hs0j#7330 on Feb 21, 2013, 4:41:01 AM Quote this Post
Fancy that, hs0j, GGG not admitting or not noticing they've been compromised. And seeing as I've never downloaded any hack or 3rd party program nor visited any related site with scripts of note, your other comment is hogwash as well. Anyone else?	Posted by bluelightningflik#5007 on Feb 21, 2013, 4:45:56 AM Quote this Post
did you use google code passive planner ? what about poeex or poestatistics ? one of them could of forced a certifcate on to your web browser and logged your info when you logged on to here... people seem to think that the only way to get hacked in game is via the game... it isnt IGN: Yunboro_	Posted by ChemicalBurns#3677 on Feb 21, 2013, 4:53:05 AM Quote this Post
You don't need to download a maphack or visit a shady site to become infected with a keylogger. Through exploits in browsers and popular plugins (Flash, Java), attackers can infect your pc without you knowing what happened. And thanks to modern automatic advertisement systems, an attacker can simply purchase advertising space on an otherwise clean website and inject their exploit-code into the ad. When you view the ad with a vulnerable system (and there may very well be vulnerabilities for which no patch exists yet), and you're infected with a keylogger. The keylogger than patiently waits for the program 'client.exe' (the name of PoEs main executable) to start after which it logs whatever you type and / or copies the contents of the input boxes in case your login is remembered. Virusscanners always trail behind malware creators, since you can't plan for detecting malware when that malware hasn't been analyzed yet (and heuristic scans of virusscanners aren't all that either). While it's true that GGG could offer some additional security features (2-factor authentication and removal of the option to save your password in the client), I have no doubt that the recent wave of account thefts are due to the players computers being infected or the passwords being stolen from the players in some other way. Similar things happen in every game that has tradeable items that people would pay money for: Attackers collect a ton of logins, wait for a moment where the economy is somewhat developed and then empty the accounts that they acquired in one go. Last edited by Rannasha#0717 on Feb 21, 2013, 4:56:44 AM	Posted by Rannasha#0717 on Feb 21, 2013, 4:56:09 AM Quote this Post
" Rannasha wrote: You don't need to download a maphack or visit a shady site to become infected with a keylogger. Through exploits in browsers and popular plugins (Flash, Java), attackers can infect your pc without you knowing what happened. And thanks to modern automatic advertisement systems, an attacker can simply purchase advertising space on an otherwise clean website and inject their exploit-code into the ad. When you view the ad with a vulnerable system (and there may very well be vulnerabilities for which no patch exists yet), and you're infected with a keylogger. The keylogger than patiently waits for the program 'client.exe' (the name of PoEs main executable) to start after which it logs whatever you type and / or copies the contents of the input boxes in case your login is remembered. Virusscanners always trail behind malware creators, since you can't plan for detecting malware when that malware hasn't been analyzed yet (and heuristic scans of virusscanners aren't all that either). While it's true that GGG could offer some additional security features (2-factor authentication and removal of the option to save your password in the client), I have no doubt that the recent wave of account thefts are due to the players computers being infected or the passwords being stolen from the players in some other way. Similar things happen in every game that has tradeable items that people would pay money for: Attackers collect a ton of logins, wait for a moment where the economy is somewhat developed and then empty the accounts that they acquired in one go. +1 to you sir IGN: Yunboro_	Posted by ChemicalBurns#3677 on Feb 21, 2013, 4:58:31 AM Quote this Post
No keylogger either. That should have been obvious. You guys are really grasping at straws. It takes quite a bit more than I would allow on my system to allow keylogging. And as I said, I haven't typed a password in weeks for this game in any format, and certainly when I did it was before even knowing about any 3rd party sites or anything else. I'm not saying it couldn't be clientside, but if it is it's due to some unsecure caching that would be GGG's to fix. I could post a hijackthis and event logs to GGG if they ask, but the kids who think they're security experts should really leave it up to those of us that are, and to GGG to validate. You're clogging up threads to hilarious levels. Last edited by bluelightningflik#5007 on Feb 21, 2013, 5:07:27 AM	Posted by bluelightningflik#5007 on Feb 21, 2013, 5:05:59 AM Quote this Post
" bluelightningflik wrote: No keylogger either. That should have been obvious. You guys are really grasping at straws. It takes quite a bit more than I would allow on my system to allow keylogging. And as I said, I haven't typed a password in weeks for this game in any format, and certainly when I did it was before even knowing about any 3rd party sites or anything else. I'm not saying it couldn't be clientside, but if it is it's due to some unsecure caching that would be GGG's to fix. I could post a hijackthis and event logs to GGG if they ask, but the kids who think they're security experts should really leave it up to those of us that are, and to GGG to validate. You're clogging up threads to hilarious levels. While keylogger is the generic term for this type of malware, it can typically do more than just log keystrokes. The login-email for PoE is displayed in plaintext, which probably means it's easy to read directly from memory and if not, a simple screengrab will suffice (combined with basic text-recognition or just cheap chinese sweatshop labour). I don't know if the password is stored unencrypted in memory, but the config file has the hashed password, which is all an attacker needs to log in. The malware need not be recently installed, many malware tools can automatically update themselves. So the attacker can identify PoE as a potential income source, create an update for his malware and distribute it to those already infected.	Posted by Rannasha#0717 on Feb 21, 2013, 5:17:05 AM Quote this Post
" bluelightningflik wrote: You guys are really grasping at straws. It takes quite a bit more than I would allow on my system to allow keylogging. And as I said, I haven't typed a password in weeks for this game in any format, clearly you know what your talking about dont you...you have been reading the posts on the forums then " We're working hard on finding where the attackers are getting the passwords from. These are the ones we've identified so far: a) Phishing PMs b) Users posting config files c) Infected hack programs d) Users not using a unique password for PoE e) Powerlevelling services We're intending to post a security bulletin soon about what users can do to stay safer and what things we're planning on doing to help protect them (such as storing the cached password in a different place, potentially changing the PM system to disallow links, etc). as you can see your password is storged in your config files if you use the save password feature, so you talking about "i havent typed a password in weeks" is moot IGN: Yunboro_	Posted by ChemicalBurns#3677 on Feb 21, 2013, 5:18:32 AM Quote this Post