Potential User Data Breach

"
tommyrot wrote:
Everyone can stop thanking GGG for disclosing this data breach as they are required by law to do so.

Change your password on all sites and services that use the same password (understand why this is bad practise in hindsight) and that share the same email address or user name as you are registered with at GGG. Keep an eye on suspicious CC activity and call the issuer when in doubt.


As far as I am aware, they are only required to notify you when "personal information was, or is reasonably believed to have been, acquired by an unauthorized person". Chris said that there is currently no evidence of this. So AFAIK, they didn't legally have to inform us yet, they are just being a responsible company. (please someone correct me if I'm wrong)
Last edited by Aziraphale on Mar 28, 2017, 5:26:18 PM
"
Fetus wrote:
So, the breach was detected on the 23rd, that's fine. Why is the communication about that only reaching us now, though?


It's possible they did some investigation to further understand the breach and what was affected, and to make sure there were no more signs of the intruder within the system. If they let us know immediately while the intruder still had access, the intruder might be able to hide their tracks better.
"
Chris wrote:
"
I_NO wrote:
So does this mean they also had steam password access if your game is connected to steam? PW wise.


They couldn't get your Steam password. We don't know those on our end.


Shouldn't there still be some form of user id and authentification send between steam and POE for steam users?

I would imagine that even with this information not much could be done, considering steam sends a message when you try to log in from a new location (though there would not be any login in steam). trying to do anything (like making a payment) would not be expected to work since steam does not know that you are logged into a game
It's unfortunate this happened, but GGG seems to have handled it very well.
Maybe it was just a hobo squatting internet. But wow, 10 days? That's a little long to notice there is a illegal user on the network. Though I guess since it's a gaming company who's not use to high security they were lax on network access.
well it was time for a passwort change anyways for me, i try it to change every 3-6month or so so why not ^^


hope nothing was stolen too
30 Shores with Double Pack / Breach / Max Sextants https://www.pathofexile.com/forum/view-thread/2006424/page/1
First Selfmade Build as Sparker ( MF ) https://www.pathofexile.com/forum/view-thread/1637690
1 Million Tool Tip Dps Sparker https://www.pathofexile.com/forum/view-thread/1761162

Thank you for letting us know, Chris.

While my password is complex. should it be bruteforced or hacked into... obviously by validated IP login conflicts etc, does GGG have any plans to restore accounts evidently hacked?
I got a fever and the only prescription, is more cowbell!
I have posted this in the feedback forum before, but will post this again here:

Could we please get a 2nd password for our accounts, which is needed to access our items(stash/inventory/equipped gear)?
This is how I envision it to work: After logging in like we do now, for the first time when you try to pick up an item in your inventory, equipped items or stash you will be prompted for this password. This password could be a simple 4 or 5 digit code. This password would only have to be used once per log-in, and auto log-offs the account when you attempt three failed uses in a row. Meaning that even if somehow your account would be brute-forced, your items would still be safe.

The advantage is that your items are always safe, even if your account does get hacked. The disadvantage would be people forgetting their 2nd password and mailing GGG for this.

I've actually used this type of system in another mmo I used to play, and it worked great.

Would this 2nd password be something GGG could take a look at?
It's not fair that GGG gets Breach while standard players don't.
Never underestimate what the mod community can do for PoE if you sell an offline client.
"
I_NO wrote:
"
Chris wrote:
"
Sexcalibure wrote:
So will 3.0 be delayed?


I hope not. The team have been able to mostly work through this uninterrupted. There are some parts of our build infrastructure that are still down, but that doesn't stop people creating content.

"
Nephalim wrote:
Should we change your passwords now just to be safe even if it was strong?


It's always good to change your passwords often, so definitely.


So does this mean they also had steam password access if your game is connected to steam? PW wise.


How could GGG a separate entity store steam's passwords? Like, do you think before posting?

Nice try at trying to make this into a bigger deal than it already is.
"Good thing they nerfed the carto, it wasn't fun to find one in every map." - Haborym
Last edited by monkuar on Mar 28, 2017, 5:53:45 PM

Report Forum Post

Report Account:

Report Type

Additional Info