[WARNING] I got my account hacked

"

maciemace написал:

IMO there is more to the story, there has to be a reason a "hacker" would want what you have.

The question that I wonder is why you? why not someone who has better items and more currency?
How did they know what you had to begin with?

Either of these I think applies to this situation.

1. You showed a friend what you have they wanted it and decided to fuck you over.
In the past you may have given them access to your steam for something but never changed info so they still had access to your account.

2. You downloaded something that had something to do with poe and in it there was a keylogger that you gave permission to run and allowed it to be white listed in your security programs so you would be able to use it.

3. You gave your info to a friend told them to jack your shit so you could tell GGG you got hacked in hopes they would "hook" you up with the items again giving you and/or your friend more assets.


People don't just get hacked out of nowhere, there was a reason to why this happened to you and not others.

If this was a random event then there is a problem, but as of now I do not see anyone else saying they got hacked.

A past account hacked read here ----> https://www.pathofexile.com/forum/view-thread/1409677


EDITED: Added link to someone who thinks procurement got them hacked.

I don't think hacker attack the most valuable Accounts. They attack all accounts and look where it works and where not.

I still belief that some other games can be hacked in a way that it is possible to perform code on the player's computer without that the player downlod a 3rd party tool.

For example in Trackmania (what I played) you can accept that other player download custom car models and Pictures. (I was stupid to allow that, but it is the game mechanic without 3rd party programs). These images and models are stored on your computer. If the games code is designed in a way, that you can create a buffer overflow, because the size of these models or pictures is not calculated correct, you can perform code on other gamer's PC.

Or look at a games like DayZ Standalone which I played too. They have so much problems to get the network code even running (without crashes), that the probability for critical security problems, is very high. The risk at games like DayZ is even bigger, because the servers are performed by other player and not by the game company itself. So people have the full control of it and can send manipulated data packages to the clients. So they can attack the network code implementation of clients directly.

And player are strange in its behavior. If someone got hacked they say "you got hacked because you did something wrong yourself". They don't ask "What programs did you run, so we can find out which program was hacked". They blame other player to be stupid, instead to think about the risk and what can be the reason for the hack.

And that is what helps hackers!

So assume there are groups of hackers which found a way to take over your computer. Why are not all PoE accounts are hacked? Because not all hackers have the same intentions. Some try to get money by manipulating the money transaction to steam. Some try to take over the steam account itself and some try to sell online items.

I lost money at paying at steam. So some hacker had control over my computer. But I did not lost items from Path of Exile. Why? Because the hacker had no interest on it, but he could have done it.
It is just the intention of what the hacker wants to do. You can be hacked and you lose no money, because the hacker just use your computer to send spam E-Mails or perform DDos attacks.

So you can not be sure to be save, just because you did not see something happen at your computer. You can be hacked without using 3rd party programs. Just because of bugs in other games network code or even bugs in windows.

"

lagwin1980 написал:

A lot of tin foil hat and paranoia in this thread.

Bottom line is that GGG are not responsible for the security of your account past a point.

So long as they give you the means to keep it secure (which they have)

If the OP is running through steam, then they use pretty much the same sort of security.

Stuff like "i use a very complex password" means nothing to a keylogger, all you need to do is login to your email and game at some point, complexity only stops brute forcing the account.

Stuff like "i didn't receive the unlock code" is a load of rubbish.
You got it, the hacker read it, then deleted it after using the code...sometimes if the hacker is being lazy you'll find the email in the trash.

Stuff like "i have good security"(or having multiple layers) that's nice an all but most of these work from a database and compare known security risks to that list...that list is updated almost daily...the fact is that someone can write a new one up that isn't on the DB and can wreak havoc until it's added to the database of the security programs.

Blaming it on GGG dose not work, if they were hacked then anyone with a high value account would be hacked in short order from the time you were hacked.
Same deal with procurement.

While I agree with you that GGG have limited responsibility after a point, I feel they still have an onus to protect accounts and have a system in place to deal with these kinds of issues. Rolling accounts back, removing items from accounts if they have been found to have procured them through theft are something they don't do. Moreover almost every online service now has two factor authentication but not PoE so there is definitely room for them to improve. Naturally they are a small company and I'm sure hacks aren't all that prevalent to warrant valuable resources but still they can do more than fire off a canned response that says "hard cheese" exile. Just sayin.

Sorry to hear one more user got in troubles with that.
Be aware that most of hacks like this one arn't targeted ones.
Often it's just about getting passwords / mail on database furnished by keyloggers datas and then people reading them use / test what they want in. It can be directly or months after your security has been compromised ( wich is an additional argue to change quite often your passwords aswell ).

I remember few years ago at a computer science conference they were explaining that at this hour lot of private data list were published around the web.
Found some of these list myself and i've to admit any 12yo kid could access them at this point that's a bit sad not much efforts are done about that.

There arn't any 0 risk security plan anyway lot of suggestions that has been given in this thread and past one are mostly correct.

Be sure to verify your mail arn't possible to find in google search aswell. In most of countries you are fully in right to ask plateform showing it publicly to hide it.

Eventualy consider using a different mail and different password per website subscribed.
To manage all of these passwords you can use some softwares dedicated to that. And for mail management you can use rambox for example or alternatives one.

On the GGG side it's " just fine " using a phone extra security layer would be great aswell alerting you directly when somebody is using your account but even with that it's wouldn't be fully safe.

Today was hacked my acc. Hacker delete all characters on Standart and stole items and currency