About getting the account stolen..

"

Morgawr wrote:

"

VoxelSquid wrote:

I think PoE is getting special attention from hackers and RMT party poopers right now simply because this game is new and there is alot of hype around it. If GGG's databases had been compromised, you would expect the hackers to go after people high up in the ladder with the most stuff to steal. This is evidently not the case, so I think it is really just bad luck on OP's part.

I'm level 60, I'm not very "high up" but I am not a lowbie either.
I don't really know what to say, regarding myself I have 0 chances of getting hacked as I always pay attention to security and I haven't logged in the game for weeks (as I stated already).

I don't really care overall, I've had a friend also mention that he got "hacked" (I can't vouch for him, so I don't know). Who knows what kind of security flaw these so-called "hackers" have used? Maybe it affects only some players, maybe they got some data from the GGG database, I don't really know.

All I'm saying is that this is EXTREMELY suspicious, I get a notice that I got hacked, I get to the forums and I see that there's a huge sticky (posted not-so-long ago) to calm down people claiming they've gotten hacked and stating that there's no security breach on their side.

It just smells very fishy to me.

Let me explain using RPG terms.

Everyone who uses the internet has a base chance of getting hacked. This chance can be increased or decreased depending on how careful you are, but it's impossible to reduce the chance to zero.

Whether or not you get hacked depends on whether you fail a "get hacked" check, which depends on the number of attempts made by hackers against you (# of dice rolled) and your chance to get hacked. Right now, due to the hype around PoE, the number of dice rolled by hackers against PoE players has increased. Even if your chance to get hacked did not change, your overall chance of failing the "get hacked" check is higher, because more hackers are trying.

"

jhorphear wrote:

i think you are an idiot.

Thanks, I appreciate it :)
Oh well, whatever guys... I just wanted to let you all know of the risk of a security breach. I don't really mind.

"

VoxelSquid wrote:

Let me explain using RPG terms.

Everyone who uses the internet has a base chance of getting hacked. This chance can be increased or decreased depending on how careful you are, but it's impossible to reduce the chance to zero.

Whether or not you get hacked depends on whether you fail a "get hacked" check, which depends on the number of attempts made by hackers against you (# of dice rolled) and your chance to get hacked. Right now, due to the hype around PoE, the number of dice rolled by hackers against PoE players has increased. Even if your chance to get hacked did not change, your overall chance of failing the "get hacked" check is higher, because more hackers are trying.

Classic Table Top D&D. Freaking awesome.

"

2) I didn't, I play this on linux, there's absolutely 0 chance of getting hacks, keyloggers or even trying to run user-made custom scripts and tools for PoE since they don't run on Linux
3) No phishing here, not a chance
4) See above, running Linux, not a chance.

Linux is not a panacea of account security. Linux systems can get viruses/malware/keyloggers just like everything else connected to the internet. Don't be so naive.

"

VoxelSquid wrote:

Whether or not you get hacked depends on whether you fail a "get hacked" check, which depends on the number of attempts made by hackers against you (# of dice rolled) and your chance to get hacked. Right now, due to the hype around PoE, the number of dice rolled by hackers against PoE players has increased. Even if your chance to get hacked did not change, your overall chance of failing the "get hacked" check is higher, because more hackers are trying.

I'm sorry, I don't really mean to be rude or anything but this is totally wrong on so many levels I can't even begin to explain it properly. At the moment there's a huge amount of security analysts, computer scientists and security engineers spinning in their graves (even if they aren't dead, yes) because of what you wrote. Be careful or they might create infinite energy amounts with these types of bullshits.

Unless these so-called chinese hackers are running a huge scale distributed system (see: something like folding@home or a massive bitcoin mining group) then there's no way they'd have enough computational power to bruteforce all these passwords like that.

Read up on cryptography, bruteforcing complexity and bruteforcing algorithms, you will then understand how wrong you are.

The most likely case is they got access to a database of clean text passwords (I don't really know) or what you guys are saying about non-unique passwords (which I find hard to believe considering this was a unique password by itself). I very much doubt they actually took their time bruteforcing at random every single user account.

lol

"

Ionio wrote:

"

2) I didn't, I play this on linux, there's absolutely 0 chance of getting hacks, keyloggers or even trying to run user-made custom scripts and tools for PoE since they don't run on Linux
3) No phishing here, not a chance
4) See above, running Linux, not a chance.

Linux is not a panacea of account security. Linux systems can get viruses/malware/keyloggers just like everything else connected to the internet. Don't be so naive.

Yes, I know, except I am aware of the software I have installed on my system, I read my kernel logs, I know what is running and pretty much every single detail regarding my system, there's 0 chances I'd be running compromised software... as long as the Debian repositories (signed packages by the way) haven't been compromised themselves.

Is your email password the same as your path of exile password?
Is your path of exile password the same as any other password?

The answer is yes. Yes it is. And that's how you lost it.

There are other holes, too. Do you use an ISP provided email? Sometimes the ISP employees can access your email password, or at least reset it temporarily.

But it's probably the first thing.

"

Punkonjunk wrote:

Is your email password the same as your path of exile password?
Is your path of exile password the same as any other password?

The answer is yes. Yes it is. And that's how you lost it.

There are other holes, too. Do you use an ISP provided email? Sometimes the ISP employees can access your email password, or at least reset it temporarily.

But it's probably the first thing.

uh... no? I already said the password is unique, my email hasn't been compromised (I use gmail, I checked the access logs with all the ips that accessed it, also a unique password yeah).

I already stated this but I can understand why you'd assume otherwise, I'm not a newbie when it comes to these things. That's why I find it *very* unlikely that it was my fault, I'm well versed with security and whatnot, I'm not just a "casual" user.

I think the issue is deeper then we realize. I have never seen so many get hacked in any game I've played unless there was some type of security compromise from the devs. Hacked threads are VERY rare in any online game except this one. Not saying it is one thing or another but something is very fishy.

"

Morgawr wrote:

"

VoxelSquid wrote:

Whether or not you get hacked depends on whether you fail a "get hacked" check, which depends on the number of attempts made by hackers against you (# of dice rolled) and your chance to get hacked. Right now, due to the hype around PoE, the number of dice rolled by hackers against PoE players has increased. Even if your chance to get hacked did not change, your overall chance of failing the "get hacked" check is higher, because more hackers are trying.

I'm sorry, I don't really mean to be rude or anything but this is totally wrong on so many levels I can't even begin to explain it properly.

The most likely case is they got access to a database of clean text passwords (I don't really know) or what you guys are saying about non-unique passwords (which I find hard to believe considering this was a unique password by itself). I very much doubt they actually took their time bruteforcing at random every single user account.

lol

My example was meant to be an extreme simplification. I wasn't trying to say that hackers are actually brute-forcing you, but that they are simply putting more effort into hacking PoE players, whether it's by stealing GGG's databases, using keyloggers, or any other method. Many of these methods don't even neccessarily involve the user being unsafe and using unsecure passwords. Because hackers are focusing their attention on PoE right now, all PoE accounts have a higher chance of getting hacked, no matter how careful the account owners are.