GGG, I need urgent help

Hello there.

I had to log in to both my email and PoE's website at a non secure place, particularly accessible by a very unpleasant person. Unfortunately, I'm not sure how but that person managed to get hold of my accounts and, in order to prank me I assume, changed both the password and email of my original account, Falcord.

I am positive that account has not been used to cause any harm. It's just my account, which isn't accessible to me now, since the password and email have been replaced by gibberish.


I've been involved with the community under that account, and while I know there is an upcoming wipe, my former account was a Bronze subscriber, which is important to me, and I'd like to keep it than start a new one.

I looked for a support address to email those concerns discretely but I didn't find any, so I decided to post it here to get maximum exposure.

If anyone from GGG reads this: I'm just requesting the password and email from the account "Falcord" to be reverted to how they have always been. If necessary, I'll confirm I am the owner by sending my old password via my old email to wherever it is necessary.

Thank you very much.

And the next diamond supporter is Falcord! Happy credit card bills friend!

PM support for the support on this I think :)

Thanks for the idea. Who should I PM to?

"

falcord2 wrote:

I'm just requesting the password and email from the account "Falcord" to be reverted to how they have always been.

Oh I really hope GGG is smart enough to not be able to revert your password to "what it was before".

"

pneuma wrote:

"

falcord2 wrote:

I'm just requesting the password and email from the account "Falcord" to be reverted to how they have always been.

Oh I really hope GGG is smart enough to not be able to revert your password to "what it was before".

If you had read on a little, I said I am able to confirm that I am Falcord by providing the former password, emailing it from the former email address.

Obviously however, I'm not going to post it here.

Former password almost certainly won't be stored in the database, and if it is, it should be stored in an encrypted format, so they won't just be able to compare the two that easily.

Hopefully they log IP addresses for logins and can match those for you.

"

falcord2 wrote:

"

pneuma wrote:

"

falcord2 wrote:

I'm just requesting the password and email from the account "Falcord" to be reverted to how they have always been.

Oh I really hope GGG is smart enough to not be able to revert your password to "what it was before".

If you had read on a little, I said I am able to confirm that I am Falcord by providing the former password, emailing it from the former email address.

Obviously however, I'm not going to post it here.

Oh no, you don't understand. I hope they're using a strong cryptographic hash function like bcrypt and only storing the hash. Assuming they do this, they are literally unable to give you back "your old password".

And I mean unable in the sense of "I'm unable to lift Mount Everest" or "I'm unable to breath in a vacuum".

"

pneuma wrote:

And I mean unable in the sense of "I'm unable to lift Mount Everest" or "I'm unable to breath in a vacuum".

Fair enough. In that case, any will do.

If GGG keeps password history, they should easily be able to restore it. I don't understand why everyone is saying that is not possible.

GGG have to store everyone's password in some manner in order to authenticate logins. For security purposes, passwords are often stored in a hashed format to make reverse engineering impossible.

So, if GGG keeps password history, and you send them your old password, they can easily run that password through their hash algorithm, and compare the result to the stored hash. Alternatively, they can restore the password in its hash form, and see if you can log in.

Of course, if GGG does not store password history, you would have to find another way, such as verifying certain information about the credit card you purchased the support package with.