Hacked Accounts

^

This is where you are wrong in ANY game that has a pay option there should be no risk of hacked accounts. Take the fucking shop down if there's going to be hacked accounts or atleast reroll them. Its not hard for them to see a chinese person who logged in your account and at what time right? so if the email from the customer is sent within a day after that it should be rerolled knowledging the fact it had been hacked.

"

hzflank wrote:

What is hard to understand about the following statement? : no person at GGG can possibly find out your password from their internal systems.

This is one of the most basic things with account security. Passwords are not stored anywhere in plain text. No one from GGG can possibly login to your account using your password. The only thing that they could do would be to reset your password to a password of their choosing (or to a randomized password). It would take Chris all of 5 minutes to realize that people's whose accounts were hacked had their passwords reset internally before the hack, another 2 minutes to find out which staff member performed the reset a just a few more minutes to stick a foot up their ass.

If this was internal then it would of been resolved by now. User account management is not difficult, a schoolboy could manage most of it.

First of all: I DON´T think anyone of GGG would hack any account. Why should anyone of them if it´s just smarter to create items themselves.

But you should know that you just tell bullshit.
Any stored PW, no matter if stored in plain text or not can be obtained if you got the full data base. Especially for an admin it would be done in the blink of an eye.
Further it´s very naive not to know which possibilities an good programmer with the right software have.

"

Josephoenix wrote:

"

Smokeybacon wrote:

Of course it is internal. That is incredibly obvious at this point, so many factors point to it being a dangerous loophole in PoE's account security. And still, GGG blame people's emails...how many more people will it take?

Feel free, at any point, to offer some proof to your accusations. You've been at it a while now and all I see are basely finger pointing posts, with nothing to back them up.

Rather than being a conspiracy theorist, why not "show us" how the problem is internal. This might allow some of us to start taking you seriously.

Supposed "email hacks" with no other signs - my email was linked to many many other games, forums and communities, none of which were compromised in any way.

Linked to the above - at least 1 poster has stated that their POE account was linked to a brand new email account, used only for playing POE

Malware, trojans, phishing, keyloggers bla bla - stooping rather low

"weak password" - Not really. You think I was born yesterday?

First MMO hack experience - not just me. Look how many other people have stated this. I have played my fair share of MMOs, large, small, Western and Eastern. This is my only hacked experience.

GGG's shut mouth on the whole issue - Something is dreadfully wrong? Brush it under the carpet before all our supporters start getting worried

Consistency in hacking damage - We are reporting the same types of item loss. Equipped gear is rarely taken, and characters are not deleted, but particular orbs and gems are swiped with alarming efficiency, whilst quite specific items are untouched.

Shall I continue? Is the wool over your eyes translucent enough yet?

you still haven't offered any "proof" smokey. All I'm seeing is a BOT programme used to clean out specific items from accounts. The fact the hacked accounts "alt" weapons are never touched (as far as I've heard/seen) seems to indicate this.

As for "how ppl are being hacked", I would again suggest an automated programme.

As for ppl claiming their comp's are clean, and they never used the same passwords (or similar ones) anywhere else, or have a brand new e-mail only used for PoE...well... they might be telling the truth or the might be lying... you never know on the interwebs.

One thing is for sure: Ppl are far less likely to take the blame or admit a mistake when hiding behind a monitor.

Just my opinion

"

free_at_last wrote:

"

hzflank wrote:

What is hard to understand about the following statement? : no person at GGG can possibly find out your password from their internal systems.

This is one of the most basic things with account security. Passwords are not stored anywhere in plain text. No one from GGG can possibly login to your account using your password. The only thing that they could do would be to reset your password to a password of their choosing (or to a randomized password). It would take Chris all of 5 minutes to realize that people's whose accounts were hacked had their passwords reset internally before the hack, another 2 minutes to find out which staff member performed the reset a just a few more minutes to stick a foot up their ass.

If this was internal then it would of been resolved by now. User account management is not difficult, a schoolboy could manage most of it.

First of all: I DON´T think anyone of GGG would hack any account. Why should anyone of them if it´s just smarter to create items themselves.

But you should know that you just tell bullshit.
Any stored PW, no matter if stored in plain text or not can be obtained if you got the full data base. Especially for an admin it would be done in the blink of an eye.
Further it´s very naive not to know which possibilities an good programmer with the right software have.

That is wholly incorrect. The whole point of encryption is that it cannot be decrypted without the salt. You would need a substantial list of plain text passwords as well as the encrypted passwords to even attempt to decypher it, and since a list of plain text passwords does not exist (I hope), what you are saying is impossible.

Fwiw, typically an admin is not a good programmer, and if this magical software that you speak of existed then all of our bank accounts would of been raided long ago.

"

hzflank wrote:

"

free_at_last wrote:

"

hzflank wrote:

What is hard to understand about the following statement? : no person at GGG can possibly find out your password from their internal systems.

This is one of the most basic things with account security. Passwords are not stored anywhere in plain text. No one from GGG can possibly login to your account using your password. The only thing that they could do would be to reset your password to a password of their choosing (or to a randomized password). It would take Chris all of 5 minutes to realize that people's whose accounts were hacked had their passwords reset internally before the hack, another 2 minutes to find out which staff member performed the reset a just a few more minutes to stick a foot up their ass.

If this was internal then it would of been resolved by now. User account management is not difficult, a schoolboy could manage most of it.

First of all: I DON´T think anyone of GGG would hack any account. Why should anyone of them if it´s just smarter to create items themselves.

That is wholly incorrect. The whole point of encryption is that it cannot be decrypted without the salt. You would need a substantial list of plain text passwords as well as the encrypted passwords to even attempt to decypher it, and since a list of plain text passwords does not exist (I hope), what you are saying is impossible.

Fwiw, typically an admin is not a good programmer, and if this magical software that you speak of existed then all of our bank accounts would of been raided long ago.

How is this 'wholly incorrect'?

Do you work for GGG? Would you like to preclude all your future assertions with '...in my opinion...'?

Nah probably easier just to make all encompassing, arrogant statements.

Your Path of Exile account has been locked because someone attempted to log in from a location that you don't typically play from - "Szczecin, Zachodniopomorskie, Poland".



After the second time someone to hack into my account but now I have a new password by email. Please GGG do a better protection.

Just adding my voice to the chorus. I logged in after a week away to find my account stripped.

1. I know nobody else who plays this game.
2. I do not save my password (primarily because I have a four-year-old, and I need to be sure he isn’t a few clicks away from logging in and deleting a character). Regardless, my computer was off and password protected and in a locked house, so nobody would have had access to my computer.
3. Having had a failed attempt to log in to my account months ago from China, I made sure that my password was a strong password that I have never used in any other online application.
4. I received no notice via e-mail of an attempt to log in from an unusual location over the past week.
5. I believe that the thief also changed my password, as after several unsuccessful attempts to log in after patching, I had to request a password reset.
5a. I was logging in to the website to read the forums over the past week on nearly a daily basis until today. That suggests to me that the theft happened within the last 40 hours or so, as it would otherwise have not let me log in to the forums and read ‘More’ posts from Chris.
5b. I changed my password through the UI login screen first. That sent me an e-mail for the password reset. After I logged in and realised that I had been hacked, I went through the website My Account screen to reset my password again. Doing it that way, no notification was sent to my e-mail address that anything had occurred. This means that hackers can try to log in via the website until they are successful, and the account owners won’t know that anything has happened until after the hacker is successful.

I have sent an e-mail to Support. However, assuming that the canned response that I've read here will be issued shortly, I'll have to sadly say that my time with this game is done. It is incomprehensible that a game this far into 'release', and with such well known history with hacking attempts, is still lacking the ability to restore characters.

YES! I finally found this web page! I’ve been looking just for this article for so long!!

Nike Air Max Outlet
Nike Air Max 95
Nike Air Max TN
mac cosmetics wholesale
Mac Cosmetics Outlet

"

hzflank wrote:

The whole point of encryption is that it cannot be decrypted without the salt.

If salt = key, then yes. If no, you have no idea what you're talking about.