[WARNING] I got my account hacked

I don't have access to steam version of PoE in my region so I can't test things there.
But I can throw a theory based on authentication used by Garena, it starts through their client and how it starts is a funny way! It just starts a game with token parameter which can be used to start a game from other places. Token is only valid for 6 hours though, if someone gained access to it I feel like that would be one of possible ways to hack into account. But I haven't tested logging in with it from different locations, maybe it wouldn't allow.

But if it would allow login from any location with token then hacker only needs this one small piece of data. And I don't think that tool to read which parameters program was started with is a really hard one. Process Explorer shows it.

Stand alone client locks your account if somebody tries to login from another location so hackers need to control your email as well to unlock the game. I thought steam was more secure, but maybe not.

"

mark1030 написал:

Stand alone client locks your account if somebody tries to login from another location so hackers need to control your email as well to unlock the game. I thought steam was more secure, but maybe not.

true in fact, hackers do have their way of hacking into account unconventional way it seems like. My friends that used stand alone account got their accts hacked before. For me, I am just unsure how this happened with steam. Steam will always send me a access code if someone else try to log in to my acct from any computer other than mine. Funny thing is it really happened within a matter of 5 hours too and I did not get sort of notification.

"

CaptainWARLORD написал:

"

OnizukaTeacher написал:

"

CaptainWARLORD написал:

First off, my condolences. My steam account has once been hacked, too. But I made a really long and strong password after that and so far haven't had an incident since.

But this is why I don't use any third party software in any game. Problem is, they get tolerated from developers at one point if they prove useful and if that one guy decides "Well, has been long enough. Trust has been built. Time to make money." and spreads a virus or hacks your shit, the damage will be done and money made long before anyone realises it.

How do I know this? GeDoSaTo. Someone modified it and tried to download some virus on my computer. Luckily I invested into security software, so it got detected and fucked pretty hard.

Sad but true: If you wanna stay safe, don't be lazy and do it yourself. I know it might suck more, but at least you are safe from any damages.

Thanks for your reply. my password is pretty complicating and I run like 3 different type of computer security programs so I am just really shocked how this happened ( i am pretty computer savvy except I do not know how to hack people's computer )

I hate this situation so much T_T

3 types of security systems. There's your problem. More isn't always better. They could in fact be interfering with each other, decreasing effectiveness.

People might disagree as everyone has their own preferences, but I recommend Norton 360. Been using it for years, so even has my stepfather at work and home, and I've never had any problems. Only downside is, you need a good computer, since it does eat quite a lot of RAM.

PS: Also it's worth to actually buy software (not implying anything here). Just because something is free, doesn't mean it's good. There's a reason why you need to pay for the "special features". Because they are worth your money.

Thanks for sharing your experience and information. However, I have to explain that I am not running 3 different programs concurrently. I have malware detector on and the other two are one virus program and another malware program which are ran manually to scan my computers and I do it pretty frequently. This should not cause any crashing or ineffectiveness in terms of protecting my computer. Nonetheless, its disappointing how steam did not notify me with my steamguard activated for many years. They only missed this one too..

Doesn't the person need to somehow know both your poe password and email password to login? How does someone get both.

That's really terrible.
I would be devastated if my account was wiped..

Not supposed to beable to happen..

Strange the guy must be a mid tier hacker like he bypassed

1) Steam guard

2) IP lock via your account

3) he also needs your core email

There are plenty of other plausible... perhaps more plausible... scenarios.

Just to be clear, there is no way for someone to hijack a Steam account by using Procurement without changing passwords, which is immediately noticeable.

When you log into Procurement using a sessionid, that is a sessionid from pathofexile.com. At worst, someone get ahold of that sessionid could use it to reset a pathofexile.com username and password - but it won't get you backwards into Steam.

If none of OP's passwords have been changed, then their Steam account was hijacked. There have been a few situations where Steam accounts have been vulnerable, maybe the OP was on a list of hijacked accounts during the July bust and reset his password to the same one or something and it just took this long for someone to take advantage of it.

Also, it's pretty unlikely that a "hacker" bypassed Steam Guard, and logging into the account from another location would have triggered an e-mail at the very least. The only reasonable assumption here is that either OP's e-mail AND steam accounts have been compromised, or someone took control of his computer remotely. Both are pretty extreme.

"How can this happen?" My first guess is that somebody acquired your password—simple as that. If you use a weak password or use the same password for more than one login, the chances get worse for you.