Hacked Accounts

"

ibase wrote:

TODAY SOm1 LOGGED INTO MY ACCOUNT FROM CHINA

Your Path of Exile account has been locked because someone attempted to log in from a location that you don't typically play from - "Changchun, Jilin, China".

To play again, you'll need to type or paste the following access code into the game client after logging in:



!!!!!!!!


THIS GOT ME NUTS... I USED TO FLAME AGAINST PPL WHO GOT HACKED BUT NOW IM A VICTIM BY MYSELF!

i cant believ eit i never had this in any game history,


christ your server files are being cracked or something...

Think you were one of the people who spoke to me after my partner was hacked. Even though what you said to me was not nice, I am still sorry to hear the same thing has happened to you. I hope it will make you more understanding towards other people in the future.

i didnt lose items becouse i have a different email password,

but the fact that some chinga bastard managed to log in in my account lighted up my blindess for all you guys who r posting here ..

"

ibase wrote:

i didnt lose items becouse i have a different email password,

but the fact that some chinga bastard managed to log in in my account lighted up my blindess for all you guys who r posting here ..

Yep. And thread keep growing...

Got hacked today, too. Never visited any other sites than the official one or "clicked" any links. 3 months of work gone, but I don't gonna whine. In fact I will make use of this and detach myself from this time consuming game.

Don't think I'll come back.

Anyhow, good work GGG on this amazing game

After an unsuccessful attempt or two at hacking my poe acct. it seems that my hacker is now trying to crack my e-mail acct. I deleted all of my poe related mails and changed my password yet again. The hack attempts are comming from Lindenhurst, NY... could it be a proxy acct or something? All of the changeable things in my e-mail like weather and news now say Lindenhurst, NY. Please GGG, look in to this and and maybe ban the IP or something. I don't really have any great items or anything like that in-game, but I would still hate to lose what I have gathered so far. I am not ready to stop playing yet because I'm still having fun, but I'm not going to compromise my personal security for a video game.

I got one of those emails today with the code, so I changed my password, unlocked my account, and everything was still there. I'm only an occasional player anyway but it still would have sucked if I lost everything regardless. Thanks to GGG for adding that security measure for me.

As for why or how, I'm not really involved in too many community sites but I was using a "throwaway" password which is complicated enough but I use it generally on sites I don't care about, so its entirely possible that my email and throwaway password are a part of some large list of accounts for this guy to try. I admittedly should have probably changed it to something more secure as I didn't think I'd play PoE all that much but I've really gotten into it as of late, but ah well, at least I lost nothing and lesson learned.

My account is tied to gmail, which has a unique password and two step authentication, and google didn't inform me of any malicious attempts (I'm guessing they tried with the throwaway password but it didn't work).

Suggestion for GGG: Any time you see anyone logging in from a place/computer, you should send an email with an activation code for that computer. Steam does this these days and they talk about how it works wonders for them. It of course comes a bit down to the email provider and user not using identical passwords, however with that in place it'd give me a bit more peace of mind seeing as I was almost a victim and I do actually take my email security seriously, more so then I did my PoE account (which has changed).

Hi, my account didnt get compromised but i have to deal with unlock codes rather often, due to ISP changing gateways.

Correct me if i got it wrong,

but there are about 4 means of hacking an account:
- obtaining email addresses from the site / client (1)
- getting into GGG datebases, somehow getting the stored PW (which really shouldnt ever happen) (2)

-malware / keyloggers / phishing (3)
and
- hacking email accounts with the help of (1)(3) (or library/Brute force), unlock the accounts thx to the emails received, until they succeed

The geo-filter with the location lock in itself works. I can see every second day how good it distinguishes between gateways beeing less then 50km away. Its impossible to guess and have access to the same gateway from half the globe away.

The problem lies within the hacking of the email accounts.

Why isnt it possible to
a.) not use the email accounts as username?
b.) set a new random min 8 letter long username (which then can be stored for faster login but at least wont help in obtaining email adresses)
c.) set a username to be displayed in the forums, which has to differ from the account username

D.) everyone playing this game gets a master key per email, like the current unlock code, and has to confirm that he/she got it.

As this is a master key which wont be ever send again, every plaver in his right mind will copy to file/write down (pen & paper ;)) the code and delete the received email.

If now the account pw is forgotten/ typed wrong 3 times in a row / location lock!, the master key is required. (you also wont get any emails stating that your account is locked, this would just provoke phishing mails trying to obtain the master key)

What this would do:
hacking email accounts will be a waste of time, atleast for POE.
Besides (1) and (2) it really is down to the human failure element.

Its one thing to state that hacked accounts are due to human error, and another to make sure that its the only possible cause.

I understand that this is the beta, and security is being improved, but the standard in which continuous hacking's occur is unacceptable in my opinion. I've had to go through the experience of loosing my first character, but I enjoyed the game enough to restart from the low level of 42 which is understandable. Two days ago, I returned onto my new character just obtaining the level of 40 to find all my currency gone with the relief to find none of my gear stolen and vendored, and wished to continue with my shadow character. I wanted to play, my game today after hanging out to find out my account is non existent anymore. I had to create this whole new account and now have lost all those items I had earned, bought, and had been given to as gifts from friends. I am extremely upset with this continuous occurrence, because I know for a fact it's not my computer, it's usually after I find something of value, post it on the in game market, and become a target of lazy profit. I understand that you choose not to reimburse your players, and I can understand why, but I'm tired have my privacy invaded, and now to the extent where they delete my account all together. So I'm not sure I'll make a new character yet or not.

i got hacked 2 days ago....

work gone.. i ll never clicked any links, got different pw and emails..

if anyone is interested in a gold account, pm me..

gl

add captcha, 4 digit numerical click input pass with random number key input to account pw, and a security question pw and all this will end... its overkill but on this amazing game i would pay 20$ just to get a stash and pet if u did this for ur costumers.

im sure many other ppl would do the same, just as thanks, and reassurance of their security.