Potential User Data Breach

So, now its fixed?
Ultimatum Master Craft Service in Ultimatum My IGN TreeOfDead
https://www.pathofexile.com/forum/view-thread/2037371 Vouch
Ultimatum Masters Crafting All Service all crafts mods
Ultimatum SC Master Craft Service Ultimatum SC in USC craft!
Master Crafting Service in Ultimatum USC craft PM: TreeOfDead
Last edited by TreeOfDead on Mar 30, 2017, 8:59:55 AM
"
Chris wrote:
"
I_NO wrote:
So does this mean they also had steam password access if your game is connected to steam? PW wise.


They couldn't get your Steam password. We don't know those on our end.

Does this mean you also don't know Steam account names?

I know that if you play using a steam account you still have to make a forum account the first time you log in. Is the forum name the only thing GGG saves for steam users?
you can test your passwords here:
https://www.grc.com/haystack.htm
Last edited by kompaniet on Mar 30, 2017, 11:45:33 AM
"
kompaniet wrote:
you can test your passwords here:
https://www.grc.com/haystack.htm

I tried a similar password for my GGG account (not my password, but same number of characters, upper & lower case alpha, numbers, and special characters) on that site.

Even in the best scenario, "Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)", it would take 11.52 thousand trillion centuries to brute force my password. I think it's safe provided no one gets both the salt and hash to my password from some less-than-secure GGG database.

Just know that if your password is in the top million or so of the common passwords list, you're in trouble. Even of the 10 million is widely used for brute force attacks.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▒▒▒▒░░░░░ cipher_nemo ░░░░░▒▒▒▒ │ Waggro Level: ♠○○○○ │ 1244
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
Last edited by cipher_nemo on Mar 30, 2017, 1:54:17 PM
"
Ezzi wrote:
Does this mean you also don't know Steam account names?

I know that if you play using a steam account you still have to make a forum account the first time you log in. Is the forum name the only thing GGG saves for steam users?

Yes, Valve do not share Steam account names with third-party companies. They give companies like GGG a UUID so they can identify you, without sharing sensitive information.

If you'll forgive the pedantry, you create a Path of Exile account - not a forum account.

You don't appear to be using the same account on the forum and in-game. If you'd like to, then log out of the forum and use the green Sign In Through STEAM button on the log in page. If you're using different accounts intentionally, then that's totally fine - it is, of course, up to you. :)
Last edited by Sarno on Mar 30, 2017, 3:37:12 PM
i want a refund for poe
Yeet Yote Yate
Thanks Chris, password changed :)
"Oblique satire is the only avenue of truth remaining in the wake of compliance masquerading as mandatory civility"
One of the best writers I know, 2021
"
cipher_nemo wrote:
"
kompaniet wrote:
you can test your passwords here:
https://www.grc.com/haystack.htm

I tried a similar password for my GGG account (not my password, but same number of characters, upper & lower case alpha, numbers, and special characters) on that site.

Even in the best scenario, "Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)", it would take 11.52 thousand trillion centuries to brute force my password. I think it's safe provided no one gets both the salt and hash to my password from some less-than-secure GGG database.

Just know that if your password is in the top million or so of the common passwords list, you're in trouble. Even of the 10 million is widely used for brute force attacks.


yes that's a very strong password you have. interesting link i will check that out.
Hi All,

Right now trying to log into the game I received a message saying that my account has been accessed or tried to be accessed from another location. My location I have been playing for 2+ years said on the unlock email:

Your Path of Exile account has been locked because someone attempted to log in from a location that you don't typically play from ....(my current address).

I find that part very odd. I wasn't planning on changing my password as I felt it was strong, however I would strongly urge all to change their passwords as a precaution. Salted and hashed may mean our passwords are safe, though not that it won't be tried against our accounts. Seem mine was tried, and currently checking my account to make sure nothing is gone or missing.

I have to go to work, so once I get a break I will upload the images I print screened to show what I just mentioned to get my account back, and password reset.
Last edited by Snapfire on Mar 31, 2017, 12:08:41 PM
Thanks for the heads up, only happened to hear about this on reddit though :-\ mildly disappointed it wasn't a bigger announcement.
GG, GGG! I can finally be the flamethrowing psycho Marauder I've always dreamt to be! Wish they had a hockey mask MTX & a gore scorching ray skill gem MTX mmmm one can hope!

Report Forum Post

Report Account:

Report Type

Additional Info