|
you guys are just paranoid
#1 you will not get "hacked" unless you have downloaded malicious software somewhere that could be scanning your keystrokes or data packets.
#2 the game HAS 2FA, if you login from a different location the game forces you to authenticate via your email.
#3 the games does not send your personal account login info to anyone you are in a party with. (trust me ive checked)
|
Posted byH3LLSA1NT#6412on Jan 6, 2025, 10:01:02 PM
|
"
you guys are just paranoid
#1 you will not get "hacked" unless you have downloaded malicious software somewhere that could be scanning your keystrokes or data packets.
#2 the game HAS 2FA, if you login from a different location the game forces you to authenticate via your email.
#3 the games does not send your personal account login info to anyone you are in a party with. (trust me ive checked)
and yet people are still reporting missing stash items.... and have been for like 2 weeks.....
|
Posted bybossdonut#2391on Jan 6, 2025, 10:13:45 PM
|
|
I just watched the entire tv series "Mr. Robot". Now I'm a cybersecurity expert.
|
Posted byScavengeBR#7569on Jan 6, 2025, 10:18:52 PM
|
"
you guys are just paranoid
#1 you will not get "hacked" unless you have downloaded malicious software somewhere that could be scanning your keystrokes or data packets.
#2 the game HAS 2FA, if you login from a different location the game forces you to authenticate via your email.
#3 the games does not send your personal account login info to anyone you are in a party with. (trust me ive checked)
#1 - Wrong, completely
#2 - That is not what two factor authentication is. Two factor authentication is done through other means. So a mobile phone, authenticate via text message to your personal device with a code, another two factor application running that generates a security code based on the setup of the authenticator application itself, that type of stuff. You do not 2fa based on the email setup on the account. Authenticating against the email that is already associated with the account would kind of defeat the purpose of two factor authentication since the account information was already compromised.
#3 - You do not know for sure what is included in the secure token being passed throughout the game. That token could be intercepted and translated. Best place to do that would be a hideout since, now im assuming here, the only account information being passed back and forth is who is in the instance, because well, its a private instance.
Last edited by bobothewizard#1818 on Jan 6, 2025, 10:34:19 PM
|
Posted bybobothewizard#1818on Jan 6, 2025, 10:18:59 PM
|
"
"
you guys are just paranoid
#2 - That is not what two factor authentication is. Two factor authentication is done through other means. So a mobile phone, authenticate via text message to your personal device with a code, another two factor application running that generates a security code based on the setup of the authenticator application itself, that type of stuff. You do not 2fa based on the email setup on the account. Authenticating against the email that is already associated with the account would kind of defeat the purpose of two factor authentication since the account information was already compromised.
Additionally as a IT Professional who deals with Cyber Security, we will say in many cases, SMS and EMAIL are the worse forms of 2FA. RSA Tokens, and Fido2 Compliant Keys are the best way to go.
Sadly the game industry is behind when it comes to deploying cyber security solutions.
|
Posted byAvindor#4128on Jan 6, 2025, 11:49:21 PM
|
"
"
you guys are just paranoid
#3 - You do not know for sure what is included in the secure token being passed throughout the game. That token could be intercepted and translated. Best place to do that would be a hideout since, now im assuming here, the only account information being passed back and forth is who is in the instance, because well, its a private instance.
I have thought about this a lot over the last few days.
There is already online discussion of cheat programs for D4 that allow the users to look at and EDIT the memeory of the game while running.
Apply this to POE2 and you could work out the credentials of the person you are trading with, as well as the memory location for your own credentials.
Without logging out of your own account, you watch POE Trade, you wait for the person to go offline, then use the memory editor to replace your ID for theirs, ie effectively turning you into them.
Go to hideout using the updated credentials, so its their hideout, not yours. The intiate trade with a 3rd Account thats part of the scam and transfer all the desired items.
Log out, and back in and you are yourself again.
This would not require any username or password and fits well with many of the commenst that Steam etc show no unusual logins. I.e it does not require the thieves to log into your account, they have spoofed thier account into you.
Last edited by TrebligNairb#2645 on Jan 7, 2025, 1:39:23 AM
|
Posted byTrebligNairb#2645on Jan 7, 2025, 1:37:32 AM
|
"
and yet people are still reporting missing stash items.... and have been for like 2 weeks.....
Is it only stash items though? I'd imagine if people are selling stuff for hundreds of divs, they'd be decked out in gear too but i've never heard or seen a post about the character being stripped naked too. It's always "emptied my stash".
|
Posted byAIDA_TriEdge#4390on Jan 7, 2025, 5:22:44 AM
|
|
SSf btw
|
Posted byrrogan17#2926on Jan 7, 2025, 5:30:13 AM
|
|
Good thing is that this forces GGG to make an ingame market for both Poe1 and Poe2.
|
Posted byxerkx#0500on Jan 7, 2025, 5:33:17 AM
|
|
PoE nowadays looks more and more like a fan-made fork server with tons of custom weird experimental stuff rather than original game with carefully thought out balance brough live to players.
|
Posted byjudikator#2053on Jan 7, 2025, 5:46:49 AM
|
