Potential User Data Breach

"
Archfiend wrote:
Appreciate the transparency.


yeah let's paise them for transparancy,
just a couple of weeks after they said they were working in secret for years on an xbox version...
LoLz..
IGN: Bluntexile
"
abbarnes wrote:
How long do you think it would take them to break my password, hotsausluvr? Do I need to change it?



nah seems pretty solid!

My pass is horsebuttpoopypants and I am fine just now
★ IGN: Pinockio_the_Transexual or PM me on forums ★
This is just how hackers apply for jobs in 2017.
🐢
"
"
waskely wrote:
"
sarannah101 wrote:

- user experience when trying out the game (even if it seems minor to type in 2 passwords)
Well, the 2nd password would have to be created. But this is only once.

- as you mentioned bigger workload for support
Nothing to be done about this.

- remembering 2 passwords
Yes, but the 2nd password isn't a real password, it would only be a 4 or 5 digit code. Which will usually be something players can easily remember.

- always having to type this password after every login (thats a absolut killer user experience wise)
Having to type this password once after every log-in isn't a huge deal in my opinion. Try to keep track of how often you log in/out. Maybe once every 3-5 hours, unless you happen to crash. Keep in mind though, you could play the game without even letting the game prompt you for the 2nd password, by not accessing your stash/inven/equipped items. Ofcourse when your inventory fills up, eventually you'd have to let it prompt you when you need to sell stuff from your inventory.

You are correct with your downsides though, so awesome feedback. Personally, I think the pro's heavily outweight the cons.
The true realistic cons for the player are having to create this code, remembering it, and typing it once every play session(usually at the very beginning).


What the hell is this crap. Do you ever travel? Or try to log into POE at work? It requires constant POE unlock codes being sent to your account email whenever logging in from a different location from your last login (every day I have to do this twice because I log in at work) and i hate it. I dont want 3 layers of security for a fking game, banks don't even care that much.

If our accounts were chosen for violation by would be hackers, they need to pick a account email, brute force the password, hack the email address associated with the account (or make it seem as tho they are logging in from the same location)

Maybe i'm just lazy, but that all seems like way way way too much work for a game account



Seriously, it's not that complicated... tie in the google authenticator or a similar 2FA solution and make it optional. Got a smart phone? Then you have 2 factor authentication. I'm not sure WTF OP was trying to do, but it's a seriously convoluted "solution" to a problem that's been solved for decades. Who you are, what you know, what you have. Pick two.

What I meant was a simple stash/inven/equipped gear password/code, that would basically have to be entered once after every log-in.

No need for two-way authentication and whatever else that would actually be a real hassle.

You did say something that peaked my interest though, GGG could make this 2nd password/code optional.

Also, as GGG said, the hackers could have gotten the ip-address for players along with the information(the other information included the account e-mail address). Pretending to be from another IP-address is actually quite simple nowadays. Which means they'd basically only have to brute force the password.

All in all, I truly think a short second in-game password/code to protect your in-game stuff is worth it. And as said before, GGG could make it optional. And like I said, this wouldn't be the first game to use this type of in-game code to protect your in-game items.
Last edited by sarannah101 on Mar 28, 2017, 11:20:43 PM
I was thinking about changing my password anyway... so I took the opportuniy gladly.

Joke aside, thanks for the transparency, you are still No1 concerning information politics... though not No1 in network security. ;)
this explains those failed login attempt-alerts on my email account during the past few days.
- Best Signature Ever -
Salted and Hashed.
In-Game Name: BLOOBERRY_
Mall/Shop: 800001 ---------- Magic-Find Build: 746000

[NUKE]
Thank you for being the company that transparently communicates quickly to everyone. Don't ever be the company that brings these issues up months down the road.

This means a lot.
What hashing algorithm do you use?
"
Can someone explain potentially why the attacker chose and attacked the GGG network?


Almost every single server that is connected to the internet is being attacked, so it is not strange that GGG servers also get attacked. However, it is unusual that an attacker gets through.

There really is no way of saying why GGG got hacked. Of course, GGG is a well-known company by now so they are a target.

Report Forum Post

Report Account:

Report Type

Additional Info