Potential User Data Breach
MFA?
Settlers master craft service Settlers My IGN TreeOfDead
https://www.pathofexile.com/forum/view-thread/2037371 Vouch Settlers veiled crafting all service all crafts mods Settlers SC master craft service Settlers SC craft mod! Veiled crafting Service Settlers craft PM: TreeOfDead |
|
| |
First: thanks a lot to GGG for letting us know.
Unbreakable security does not exist, you can only hope to make it "strong enough". Everything that's connected to the internet is at risk. But it shows great convictions/morale/strengh of character to admit a security breach: GGG is an example on how to do it right (Yahoo is a great example of why covering up is bad). " Salted means they mix your plaintext password with something (their secret salt) that is unique to your account and hashed means they recalculate/encrypt the password before storing. This is security best practice 1-0-1. Never store plaintext passwords. This means that breaking those passwords is going to be long and difficult for the thieves, and hopefully they will not succeed: that's why long/difficult passwords are important, the longer and more weird symbols your password has, the more difficult it will be to reverse engineer them. If you cannot remember those long complicated passwords, use a tool like KeePass. To the people asking for second passwords and such: Second passwords don't add more security, that's why security people advocate 2FA/MFA. The idea behind this that you need to hand over 2 different things for authentication. passwords = something you know code sent to your mobile/mail = something you have fingerprint = something you "are" (biometrics) Stealing 2 passwords is easier than stealing your password AND access to your mail account. Hence why it is so important to have different passwords and different mails for different things. __________________________ " We don't know if they did a bit-by-bit copy of their systems before wiping. Assuming things when we don't have intel is pointless/fear-mongering. It would be counterproductive to the investigation if they were telling us any details: I don't know about NZ law, but EU law would require that you leak NO information about an ongoing investigation/prosecution (that's lawyer 1-0-1). As the specialist you claim to be, you should know that all companies need to weigth risk vs. reward. In this case: risk of erasing breach-intel vs reward of catching the hacker (worldwide, extradition, ...) and getting compensation (Blizzard? Russians/NSA? Script-Kiddy? Aliens?). Risk of loosing customers due to service being down, vs reward of restoring quickly to keep the business running and apologizing to customers. __________________________ Something that worries me a lot after reading all of these posts is: nearly everybody seems concerned about their gaming experience... hacked PoE/Steam accounts, loss of items, characters, ... The hackers might well not care about our virtual pixels in a free game that finances through a bunch of cosmetic microtransactions. Another possible use of potentially leaked informations, is identity theft and phishing. If a falsified mail is sent to you, by pretending to be your bank, trying to look authentic/trustworthy by telling you some personal data (spear phishing) and asking you log into forged websites to steal your online banking access. A lot of gamers need to wake up and realize that their characters in a game are not as critical as personal data that could be the first stage to the theft of their bank account! Last edited by SpectralVortex on Apr 2, 2017, 9:37:45 AM
|
|
" For some of us there is more to lose on our PoE account than our bank account. Just saying. Carry on my waypoint son, there'll be peace when maps are done.
Lay your portal gem to rest, don't you die no more. 'Cause it's a bitter sweet symphony this league. Try to make maps meet, you're a slave to the meta, then you leave. | |
" That's obvious that concatenated words are the "key feature". =) Interestingly enough, the more words combined in such a password are UNrelated, the more they are unique and easier to memorize. Imagination is the limit. | |
" Never ever copy and paste passwords! That completely negates the safety of a long password! Most harmful software will be viewing/sending the clipboard first of all which will hold your precious password if you do that. Things like keyloggers will also get it when you type. There is a way around most of those by using an on-screen keyboard. :P Carry on my waypoint son, there'll be peace when maps are done.
Lay your portal gem to rest, don't you die no more. 'Cause it's a bitter sweet symphony this league. Try to make maps meet, you're a slave to the meta, then you leave. | |
Hey Chris, have you looked into Blockchain tech and how it might help you with this situation?
PoE-TradeMacro - https://github.com/PoE-TradeMacro/POE-TradeMacro/
ExileTrade - http://exiletrade.github.io/ |
|