Help and Information - Compromised PoE Accounts: Stolen Items and Hacked Accounts - Discussion and Leads - Forum

Hi everyone, Like many of you, I was recently hacked, and I’m trying to gather more information about what happened. My Steam account was accessed without triggering 2FA. When I checked my account activity through this link: https://steamcommunity.com/discussions/forum/7/1815422173041523009/ I noticed logins from locations like Canada, the USA, Russia, and Berlin (most likely through a VPN). Due to the number of similar posts I’ve seen about hacks like this, people logging in and losing all their items. I decided to create this forum post so we can properly discuss what might have happened. Hopefully, by pooling our information, we can identify some common patterns and uncover leads on the case. If your account was compromised in a similar way, please share your story. If you check your Steam account activity, can you confirm where it was accessed from? Any insights, advice, or observations would be greatly appreciated! Here’s the information we’ve aggregated from the replies so far: 1- The hack seems to bypass or circumvent Steam 2FA and/or PoE login verification. Some users do not receive an email notifying them of a login attempt from another location. Others do receive a notification, but the hacker still manages to log in. 2- There seems to be no definitive connection to PoE2 3rd-party apps. While many of us were using tools like Overwolf, Sidekick, Exile Exchange, etc., some users were not, which makes it difficult to draw a conclusion about their involvement. 3- Locked accounts or losing PoE2 EA access could be related. --- Extra Findings & Extra Info --- please read if you are looking for extra clues or info regarding this issue Extra Findings -provided by unlockWhen#2461 Potential User Data Breach on Mar 29, 2017 https://www.pathofexile.com/forum/view-thread/1874476 Database Bug on Nov 28, 2018 https://www.pathofexile.com/forum/view-thread/2253250 Database and account system change for PoE2 on Nov 18, 2024 https://www.pathofexile.com/forum/view-thread/3587079 -provided by rizzn2k#1267 & nfb04#2789 https://imgur.com/h0N9R1Y - seems to show something similar to the Nov 28, 2018 Database Bug, no confirmation yet its True or reproducible Extra Info Clarification on Account Unlock Process https://www.pathofexile.com/forum/view-thread/3675157 Question Regarding Account Security Layers https://www.pathofexile.com/forum/view-thread/3673854 Last edited by Crainus#7059 on Jan 4, 2025, 3:32:09 PM Last bumped on Jan 4, 2025, 3:34:09 PM	Posted by Crainus#7059 on Dec 26, 2024, 11:42:42 PM Quote this Post
On the 23rd, I was disconnected from PoE2 and couldn’t log in. After about 30 minutes, I was also disconnected from Steam. After contacting Steam support and having my password reset, I was able to log back into PoE2, only to find that all my items and currency had been stolen. Additionally, all my Divines and Chaos from PoE1 (Standard League) were also stolen. I have been using Overwolf’s PoE2 trading addon. My email was not compromised; however, my Steam account was. On my email, there was no 2FA mail from Steam or PoE.	Posted by Crainus#7059 on Dec 26, 2024, 11:51:53 PM Quote this Post
The hacker's nickname is known, yesterday he posted new items every hour, and new topics appeared on the forum, but his nickname was edited every time by forum team.	Posted by britnibrown1984#3108 on Dec 27, 2024, 1:01:35 AM Quote this Post
So my main account got locked. And I received the following information: "Unfortunately, as Chris states in his posts, we are unable to offer rollbacks or restore items stolen by other players. I am truly sorry about this, as we know how frustrating it can be to lose all your hard work due to a compromised account. We have been actively investigating all reports of compromised accounts, and we're tracking down these hackers as quickly as possible and banning their accounts. We have locked your account to prevent any further damage while you take the above security steps. Please let us know when you are ready to go through the verification process, so we can look into restoring account access back to you." Tl;dr: - You wasted your time - You won't get your items back - The hacker is still not blocked/banned. - Change your passwords - Scan for Malware (I did find nothing) - Do not use any 3rd Party software (overlay, exile exchanged, etc) - Do NOT contact support if you want to keep playing. Now I'm waiting until support starts the unlock process (which I read takes several weeks apparently) Hope this helps.	Posted by kebap#3699 on Dec 27, 2024, 3:01:38 AM Quote this Post
Hey there, I'm sorry to hear that. Unfortunately we cannot directly respond to account issues on the forums but please email us at support@grindinggear.com and we can look into this matter for you. If you have already contacted us at support@grindinggear.com, we will respond to you as soon as we can. We are currently working through a large number of support requests, but please rest assured we will get back to you as soon as possible.	Posted by Edmund_GGG#4844 on Dec 27, 2024, 3:51:02 AM Grinding Gear Games Quote this Post
Add 2FA, it's soon 2025 c'mon	Posted by Leihjir#7366 on Dec 27, 2024, 5:31:07 AM Quote this Post
I'd be curious to know what 3rd party apps the victims are running. Damn shame either way. Silver lining it be happening during ea.	Posted by AlvinL_#4492 on Dec 27, 2024, 5:41:51 AM Quote this Post
" AlvinL_#4492 wrote: I'd be curious to know what 3rd party apps the victims are running. Damn shame either way. Silver lining it be happening during ea. I'm one of people who had shit stolen - for PoE2 i haven't use any yet.	Posted by Simsons2#7280 on Dec 27, 2024, 5:49:33 AM Quote this Post
https://www.youtube.com/watch?v=xDmLQL7JhMc finally a small content creator got hit too, let's see if they start caring about this issue or not	Posted by Jixxxy#5952 on Dec 27, 2024, 6:10:15 AM Quote this Post
They won't.	Posted by kebap#3699 on Dec 27, 2024, 6:12:43 AM Quote this Post