HUGE HACK went down!!! who all got jacked.

"

darkjoy wrote:

"

Rory wrote:

I'm really sorry, but we're not able to recover any items stolen by other players. Chris wrote up a long post about this which explains common ways players have items stolen, how they can keep safe and what we're going to do to make it safer for them. It also explains why we have a policy of no item restoration. I recommend checking it out: http://www.pathofexile.com/forum/view-thread/115464/

We are currently working on a system where accounts become locked if people log in to them from a different location. You will be able to unlock the account by typing in a code that is emailed to you. This system should be deployed by the end of February.

This is a piss poor policy. You should be compensating these people being hacked, or have your security system in order in the first place so these hacks don't take place.

You should be tracing the items to whatever account they are traded to and banning that account.

Basically GGG's policy is allowing thieves to go unpunished and the player is being punished for simply playing the game.

Absolutely ridiculous.

+1

"

darkjoy wrote:

"

Rory wrote:

I'm really sorry, but we're not able to recover any items stolen by other players. Chris wrote up a long post about this which explains common ways players have items stolen, how they can keep safe and what we're going to do to make it safer for them. It also explains why we have a policy of no item restoration. I recommend checking it out: http://www.pathofexile.com/forum/view-thread/115464/

We are currently working on a system where accounts become locked if people log in to them from a different location. You will be able to unlock the account by typing in a code that is emailed to you. This system should be deployed by the end of February.

This is a piss poor policy. You should be compensating these people being hacked, or have your security system in order in the first place so these hacks don't take place.

You should be tracing the items to whatever account they are traded to and banning that account.

Basically GGG's policy is allowing thieves to go unpunished and the player is being punished for simply playing the game.

Absolutely ridiculous.

You do realize how abusable that would be, right?
What you're suggesting would legitimize duping.

"

pneuma wrote:

"

darkjoy wrote:

"

Rory wrote:

I'm really sorry, but we're not able to recover any items stolen by other players. Chris wrote up a long post about this which explains common ways players have items stolen, how they can keep safe and what we're going to do to make it safer for them. It also explains why we have a policy of no item restoration. I recommend checking it out: http://www.pathofexile.com/forum/view-thread/115464/

We are currently working on a system where accounts become locked if people log in to them from a different location. You will be able to unlock the account by typing in a code that is emailed to you. This system should be deployed by the end of February.

This is a piss poor policy. You should be compensating these people being hacked, or have your security system in order in the first place so these hacks don't take place.

You should be tracing the items to whatever account they are traded to and banning that account.

Basically GGG's policy is allowing thieves to go unpunished and the player is being punished for simply playing the game.

Absolutely ridiculous.

You do realize how abusable that would be, right?
What you're suggesting would legitimize duping.

yes and no, you don't allow for unlimited rollbacks that would be stupid. In cases like this where you can verify someone has been hacked / etc you allow everyone a rollback or 2 if you're really nice. Easy enough to verify if they log anything at all. In addition to their current piss poor security setup this is really needed until they roll out what ever it is they plan on doing in Feb.

Keep your customers happy while having a few dupes in game.
or
Piss off paying customers over free customers that hack people.

Look at wow, they have replaced hacked / "misplaced" items for years now and the game eco hasn't crashed. They have happy customers that keep paying them.

It's called customer service, something GGG so far has not learned.

I wonder if info was gathered when we were able to log into others accounts awhile back...

Use 3rd party apps for a game that's in beta = you are asking for it.

"

k1llerhitman209 wrote:

"

darkjoy wrote:

"

Rory wrote:

I'm really sorry, but we're not able to recover any items stolen by other players. Chris wrote up a long post about this which explains common ways players have items stolen, how they can keep safe and what we're going to do to make it safer for them. It also explains why we have a policy of no item restoration. I recommend checking it out: http://www.pathofexile.com/forum/view-thread/115464/

We are currently working on a system where accounts become locked if people log in to them from a different location. You will be able to unlock the account by typing in a code that is emailed to you. This system should be deployed by the end of February.

This is a piss poor policy. You should be compensating these people being hacked, or have your security system in order in the first place so these hacks don't take place.

You should be tracing the items to whatever account they are traded to and banning that account.

Basically GGG's policy is allowing thieves to go unpunished and the player is being punished for simply playing the game.

Absolutely ridiculous.

+1

What a bunch of BS. Stupid people who are not able to secure their data have no right to possess digital goods ('orbs of xxx',etc.) in first place. (Just like in reality: It should be legal to rip stupid people off IMO)

I have great respect for GGG to not call every creator of such a thread by their real name: "reta.ds".

PS: Since the Sony Online Hack went down, i have even for faith in the data security of rising business like GGG. Any big misstep and they are out of business.

"

TheHeffNerr wrote:

Do you people even know what phishing is? You're just repeating shit you see on CNN.

"

Britannicus wrote:

"

cocoluva3 wrote:

I was a mod for a browser based game before I quit to allow more time for this game. Pockie pirates, a game operated by Game321, had a shit ton of security issues where people can log into other people account and wiping people of their character and gear. Yea some people lost shit because they were sharing account with random people, like my guild leader with other guild members, but the majority of the account breach was the company fault. Even after 1 month or 2 by now, they have yet to get it fixed.

I believe Chris was a security programmer (or involved in the field at least) before founding GGG. You are not in the hands of idiots.

If he was then it would explain why he doesn't do it any more... why would you leave the password hashed in plan text... That's just stupid. Highly doubt Chris has any security training.

You were made perfectly aware that storing the password on you own computer would leave it in a file, so you choose yourself to take advantage of it.

Yes it makes it easier to log into someone elses account if you get access to this file/hash as you can paste it into your own config file, then all you need is someones log-in info, which is much easier to get.

While i agree that the sheer number of reports are concerning, i'm still rather convinced that it is on the users own end the problem lies.

many have visited poe.xyz.is or similar sites, some of which are running banner ads, which are great way to infect people through insecure browsers.

"

sintflut2012 wrote:

What a bunch of BS. Stupid people who are not able to secure their data have no right to possess digital goods ('orbs of xxx',etc.) in first place. (Just like in reality: It should be legal to rip stupid people off IMO)

I have great respect for GGG to not call every creator of such a thread by their real name: "reta.ds".

PS: Since the Sony Online Hack went down, i have even for faith in the data security of rising business like GGG. Any big misstep and they are out of business.

Yes I'm stupid (this is sarcasm) and my computer gets scanned every day when I remote into the county's network to do work. This goes above and beyond anti-virus scans.

Come back when you have a clue to what you're talking about.

Also lost all my stuff, 40 exalteds worth in orbs and my quality gems + good gear pieces.

I think it was automated bot hack as well, 5 links, orbs above glassblowers and unique skill gems above 10%.

I'm not stupid enough to use login with this password anywhere outside of PoE.

Think we got a huge security breach here last night.

"

TheHeffNerr wrote:

Yes I'm stupid (this is sarcasm) and my computer gets scanned every day when I remote into the county's network to do work. This goes above and beyond anti-virus scans.

Come back when you have a clue to what you're talking about.

Not that I'm defending whoever you're talking to, but it would be trivial to grab your hash and destroy evidence of the malware. Plus, AV actually doesn't catch a lot of things, like rare new password hash grabbing scripts. If you have an active AV, make sure heuristics are enabled. An application level firewall would also prompt you on most suspicious activities. Security is layers of systems which prevent any lapse in data stream integrity, but a daily scan by the county network is always nice.