|
Account has been accessed/emptied by someone else, so I guess I got 'hacked' too.
Don't see how, never logged into any other sites then this one to use the forum.
Pretty sure something happened on their part.
|
Posted bySinditalon Feb 20, 2013, 4:45:08 PM
|
"
The strange thing is that there are only like 20 users who claim to be hacked or know somebody who seems to be hacked. Since the number is slim it's most likely related to some infected 3rd party tool.
Yet nobody of them provides information what PoErelated sites they visited.
I haven't used any third party tools and haven't logged in on to any other PoE related site, other then the PoE Subreddit on www.reddit.com
Devs are on that subreddit and I'm sure reddit's databases is a tad more secures then GGG's own databases.
|
Posted bySinditalon Feb 20, 2013, 4:46:55 PM
|
|
I personally got hacked as well, but it was probably my fault. My username and password is hanging around the internet somewhere because I don't have a unique password for every game I play. I don't use the same password for every account but guess I was unlucky this time.
I'm just slightly annoyed because I sent support an email and they were able to tell me that someone else logged into my acount on a IP different from my usual IP. I just feel like they could have implemented a system to prevent logins from wildly different IPs before they started Open Beta. Oh well, I didn't lose too much.
IGN: iplayjax Last edited by nathchan001 on Feb 20, 2013, 5:56:36 PM
|
Posted bynathchan001on Feb 20, 2013, 5:08:50 PM
|
|
The main thing is, Kripparians account is fine. They have nothing to worry about.
|
Posted byMoeseson Feb 20, 2013, 6:27:30 PM
|
"
The main thing is, Kripparians account is fine. They have nothing to worry about.
QFT
|
Posted byomnibeanon Feb 20, 2013, 6:32:02 PM
|
"
I unexpectedly got hacked as well. I work as a sysadmin and I've fairly good knowledge of IT security. My own systems are secure.
I've spend the evening searching for a clue how this could've happened, looking for hashes of my PoE password in hacked pw hash databases to no avail. I haven't even used the same login/pass combination anywhere else and no service where I've used either has been hacked to my knowledge.
tl;dr: I'm pretty damn convinced there is a security issue on GGG's side.
You've pretty much summed up my thoughts
I'll be honest with you, I used to keylog people myself in Diablo 2 as a kid (10 years ago, give me a break). I'm not really upset about losing my currency, I guess I had it coming. I even found it humorous that the hacker found the time to kill off my naked lvl 73 HC character (I had no intention of playing it anymore anyway) just to transfer the orbs to softcore.
I'm a person that uses ridiculously long dictionary-immune passwords and has javascript and even cookies completely disabled when browsing, only separately allowing them for trusted sites when necessary. I don't re-use passwords and in fact, I don't really do anything expect for playing this game when I boot up Windows. I have a up-to-date ~40k entry hosts file that redirects the vast majority of malicious sites to localhost.
Like I said, I don't really care about losing my currency, I actually found it amusing since it was quite a surreal thing to see. I don't want anything back and I perfectly understand why a rollback is not an option like it may be in some other games.
What drives me crazy, however, is the denial that this even happened. Being told that I need to uninstall Java and learn to use a computer is just amusing to no end.
IGN : asdfman
|
Posted byasdfmanon Feb 20, 2013, 6:35:28 PM
|
"
"
I unexpectedly got hacked as well. I work as a sysadmin and I've fairly good knowledge of IT security. My own systems are secure.
I've spend the evening searching for a clue how this could've happened, looking for hashes of my PoE password in hacked pw hash databases to no avail. I haven't even used the same login/pass combination anywhere else and no service where I've used either has been hacked to my knowledge.
tl;dr: I'm pretty damn convinced there is a security issue on GGG's side.
You've pretty much summed up my thoughts
I'll be honest with you, I used to keylog people myself in Diablo 2 as a kid (10 years ago, give me a break). I'm not really upset about losing my currency, I guess I had it coming. I even found it humorous that the hacker found the time to kill off my naked lvl 73 HC character (I had no intention of playing it anymore anyway) just to transfer the orbs to softcore.
I'm a person that uses ridiculously long dictionary-immune passwords and has javascript and even cookies completely disabled when browsing, only separately allowing them for trusted sites when necessary. I don't re-use passwords and in fact, I don't really do anything expect for playing this game when I boot up Windows. I have a up-to-date ~40k entry hosts file that redirects the vast majority of malicious sites to localhost.
Like I said, I don't really care about losing my currency, I actually found it amusing since it was quite a surreal thing to see. I don't want anything back and I perfectly understand why a rollback is not an option like it may be in some other games.
What drives me crazy, however, is the denial that this even happened. Being told that I need to uninstall Java and learn to use a computer is just amusing to no end.
Cookies and Java do not protect against phishing. If you were using a third party program to modify the game, cheating or otherwise, it could have easily taken your password.
|
Posted byLask001on Feb 20, 2013, 6:41:22 PM
|
"
"
"
I unexpectedly got hacked as well. I work as a sysadmin and I've fairly good knowledge of IT security. My own systems are secure.
I've spend the evening searching for a clue how this could've happened, looking for hashes of my PoE password in hacked pw hash databases to no avail. I haven't even used the same login/pass combination anywhere else and no service where I've used either has been hacked to my knowledge.
tl;dr: I'm pretty damn convinced there is a security issue on GGG's side.
You've pretty much summed up my thoughts
I'll be honest with you, I used to keylog people myself in Diablo 2 as a kid (10 years ago, give me a break). I'm not really upset about losing my currency, I guess I had it coming. I even found it humorous that the hacker found the time to kill off my naked lvl 73 HC character (I had no intention of playing it anymore anyway) just to transfer the orbs to softcore.
I'm a person that uses ridiculously long dictionary-immune passwords and has javascript and even cookies completely disabled when browsing, only separately allowing them for trusted sites when necessary. I don't re-use passwords and in fact, I don't really do anything expect for playing this game when I boot up Windows. I have a up-to-date ~40k entry hosts file that redirects the vast majority of malicious sites to localhost.
Like I said, I don't really care about losing my currency, I actually found it amusing since it was quite a surreal thing to see. I don't want anything back and I perfectly understand why a rollback is not an option like it may be in some other games.
What drives me crazy, however, is the denial that this even happened. Being told that I need to uninstall Java and learn to use a computer is just amusing to no end.
Cookies and Java do not protect against phishing. If you were using a third party program to modify the game, cheating or otherwise, it could have easily taken your password.
Thank you for sharing this wisdom with a person who already admitted to having hands-on experience with keyloggers. Next time you might want to actually read the post first.
IGN : asdfman
|
Posted byasdfmanon Feb 20, 2013, 6:45:48 PM
|
|
Got hacked, don't use any third party sites and use no script when visiting them, so i was pretty suprised.
|
Posted byAnneuhon Feb 20, 2013, 6:49:24 PM
|
"
Account has been accessed/emptied by someone else, so I guess I got 'hacked' too.
Don't see how, never logged into any other sites then this one to use the forum.
Pretty sure something happened on their part.
Same thing happened to me, logged on about an hour ago, everything of value is gone. It's like the last three weeks never happened... except it did and it was stolen. I've gone through in my mind how this could have happened and I am totally stumped. I did not do a single thing that could have had my account information offered up. My account was "secure" yesterday and is "secure" today after an extensive virus, spyware, and other malware scan. If the problem really is on my end, I see no solution besides reformatting.
Everyone who has not been hacked yet: no matter how secure you think you are... it can happen to YOU.
Can't wait for some additional layer of security to be implemented, like an email authentication log in or even txt msg log in or SOMETHING! The current situation is just bad.
|
Posted bybroadreach55on Feb 20, 2013, 6:50:50 PM
|
