Hacked today. Certainly on GGG's end.

Don't take my word for it. I'm not claiming GGG is to blame, and if it sounded like I said that, it wasn't the intention. I just pointed out the chance that it could be the case.

Had just been browsing through threads again and kept seeing you say that people should provide evidence, and then threads with people (not looking at you for this) saying that all who were targeted were using exploits, so I guess I just got annoyed and wanted to post something :P

But true, they have been very direct when they made mistakes.
Last edited by Zegasu#3430 on Feb 21, 2013, 1:10:28 PM
"
Zegasu wrote:
Don't take my word for it. I'm not claiming GGG is to blame, and if it sounded like I said that, it wasn't the intention. I just pointed out the chance that it could be the case.

Had just been browsing through threads again and kept seeing you say that people should provide evidence, and then threads with people (not looking at you for this) saying that all who were targeted were using exploits, so I guess I just got annoyed and wanted to post something :P

But true, they have been very direct when they made mistakes.


It's certainly understandable to be upset. But outlandish claims don't help anyone. Honestly, if you got hacked, there is nothing to gain from even posting here. GGG doesn't restore items, and no one will be able to definitively tell you how you got hacked here. If you want answers, the only course of action would be to use the contact support button.
If GGG is able to track items it would be nice to know where all my items went and who is using them now(either I trade tham and then I already know the name, or it is a thiefs name). It would be nice to check if all stolen gear is concetrated on some accounts or spread on many. It would be nice to know how many accounts are reporting account breach up today. But all I got was sorry email and link to forum where I can read how to increase security...
"
Ath3las wrote:
If GGG is able to track items it would be nice to know where all my items went and who is using them now(either I trade tham and then I already know the name, or it is a thiefs name). It would be nice to check if all stolen gear is concetrated on some accounts or spread on many. It would be nice to know how many accounts are reporting account breach up today. But all I got was sorry email and link to forum where I can read how to increase security...


I think they can track items, but I don't know for sure. The can track IP's though, and the only time I saw a GGG person respond about a hacking specifically, it was a chinese IP. Problem is they simple do not have the man power to track everything down for everyone.
It is not about tracking the items.

Of course, there are a multitude of people demanding restorations. That will not happen. I got hacked too. Granted i didn`t lose much, but I never expected my items to be restored.

The lack of information is disturbing though. But it is understandable, since their team is so small.

I would be extremely disappointed if the silence persist for too long tough. They have always been crystal clear on the issues encountered in the way and the first announcement was hard to swallow.
Last edited by buttseckz#3921 on Feb 21, 2013, 1:59:34 PM
What I find strange is that at about the same time peole start getting "hacked"... I start seeing people in global chat advertising for a a POE item site... Already reported 4 of such individuals for such behaviour, but I think if GGG digs deeper, the will see a connection. They have to be getting the items somewhere.. And I guess the best way to procure random currency is by keylogging and or decrypting the hashed passwords stored on our systems.

I suggest unchecking the "store password" option in your POE client... And if you want to be even more secure, log off your POE website account, delete all cookies and create a new POE account just for browsing the forums.. Not exactly the most efficient manner, but at least they won't be able to read password from the text file, nor your web browser... Which would leave only a keylogger.

Was I Dreaming ? - Harry Mason
"
Mortiferius wrote:
Not exactly the most efficient manner, but at least they won't be able to read password from the text file, nor your web browser... Which would leave only a keylogger.

If that was somehow possible on a scale like the "hacks" supposedly occurring in PoE, the whole internet would be knee-deep in sh... Just imagine what other passwords could be read from cookies and website cache.
A sword he brought, his foes to maim and rend,
from places dark behind forbidden doors,
But night by night he woke with frighten'd roars
from darkest dreams, too strange to comprehend.
(Anonymous)
"
Mortiferius wrote:
What I find strange is that at about the same time peole start getting "hacked"... I start seeing people in global chat advertising for a a POE item site... Already reported 4 of such individuals for such behaviour, but I think if GGG digs deeper, the will see a connection. They have to be getting the items somewhere.. And I guess the best way to procure random currency is by keylogging and or decrypting the hashed passwords stored on our systems.

I suggest unchecking the "store password" option in your POE client... And if you want to be even more secure, log off your POE website account, delete all cookies and create a new POE account just for browsing the forums.. Not exactly the most efficient manner, but at least they won't be able to read password from the text file, nor your web browser... Which would leave only a keylogger.



It's because it's a Chinese company doing a majority of the hacking... they do this for every game that has a currency that can be sold.
"
ChemicalBurns wrote:
did you use google code passive planner ? what about poeex or poestatistics ?

one of them could of forced a certifcate on to your web browser and logged your info when you logged on to here...

people seem to think that the only way to get hacked in game is via the game... it isnt


Things hosted on Google Code are generally there because they have source code available, which you can read in order to decide for yourself whether they're doing anything fishy. I had a quick look right now, and apart from some code to load builds from a no-longer-working skill tree planner on the Russian fansite poezone.ru, the unofficial skill tree planner doesn't appear to contain any references to sites other than the official pathofexile.com and none of the things it does seem very suspicious at all (though I can't say I did anything close to an audit of any sort, I just skimmed through it looking for URLs or places where it was making requests over the network and read the nearby code).

Anyway, I'd just like to say, people can probably be a little more trusting of programs whose source code is available for everyone to see, because if there are untoward things going on in that code, someone will typically find out about it pretty quickly and inform everyone. I'm not the only one looking at those things. If they don't want to be more trusting, of course, they can also potentially read the code for themselves and try to sort out whether it's doing anything too sketchy.

I'd also be willing to say that poeex.info and poestatistics.com are both very likely to be safe, given that they don't involve any Java (there have recently been a few very exploitable Java bugs which have been patched, but many people are still running old versions), don't ask for any account information, and don't appear to attempt any cross-site requests on your behalf at least as far as I have seen. On top of that, if they were compromising people's accounts, many more top players would be having their stashes wiped, as almost everyone who has been playing for a while has visited those sites at one point in time.

Of the most popular tools, PoE helper is perhaps the most risky, in that it does require you to be logged in to the pathofexile.com site and interacts with it on your behalf. However, it too is open source, and everyone can look at precisely what it does on github. I'm personally of the opinion that it is safe, but again I'm human and could have missed something.

The trouble is probably going to lie with smaller sketchier sites, sites pretending to be the official pathofexile.com, and tools which don't have released source code. (And of course, passwords leaked through other means entirely.)

If there's one good thing which has come out of all this, it's the fact that the good people who write genuinely useful tools are generally releasing their source code in order to help build trust with the community.
I don't see how I got hacked then...

The only tool I used was the google code skill planner....


I don't log into any websites and I only browser the official site and path of exile wiki (don't log into that)

I have no suspicious programs running and I haven't downloaded anything....

How was I hacked???? It's frustrating me... especially when I am being treated like it's my fault...

Report Forum Post

Report Account:

Report Type

Additional Info