Compromised PoE Accounts: Stolen Items and Hacked Accounts - Discussion and Leads

I believe it has something to with your session ID from the looks of it. You do a trade with the hacker and the moment they join your hideout, they get the session ID and muling the items from the hacked account through someone that joins the hacker. Seems to be its either that or something is broken with the game itself that they are exploiting through the same means. I doubt this has anything to do with third party software at all since going that route will mean that they still have to bypass 2FA which is impossible unless they have direct access to your other credentials such as an authenticator be it steam or others.

I just got hacked. They stole my 150+ div worth equipments. I had 250 hours ingame =( I have no idea how that happened too. I hope GGG address this.

"

Sunhallow#4117 wrote:

"

_N0ctus_#6387 wrote:

Its pretty obvious that its not a GGG problem - otherwise there would be way more problems on a way larger scale.

Its probably a mix of pishing, generic passwords and in some very rare cases maybe a virus etc. that collects data.


Just one thing - the most important thing about a Password is its length.
Also never ever use the same password for Accounts and the Mail they are linked to.

Last but not least dont use the same password on every site - it makes sense to for example have a password for important things and a different one for not that important things.

One last tip:
If your account got hacked - consider that password unsafe and public. Change it wherever you use it and never use it again.




And yes the support is a huge problem/joke at the moment. Im also waiting since 28 Days - i cant even imagine how bad that must be when your account got hacked.

we have several content creators and users in this post clarifying no use of third party apps, only playing trough steam and having refreshed passwords recently.

it's hard to even argue that it is likely a "Its probably a mix of phishing, generic passwords and in some very rare cases maybe a virus etc. that collects data." More than likely there is an unfound exploit that people are abusing. to hijack a existing session. as one of the more recent posts also mentioned being booted constantly and seeing a random person in their party without any verification process triggering.

There is a million ways:
- clicking on a link that pretends to be from pathofexile without noticing it
- refreshed password doesnt mean safe password


Sorry but use ockham's razor.
Sorry the chance of this beeing an actual GGG issue is 0,0001% - if it was the forum would be full.



The "random person in party". Is probably just the awful group system. For example if you join an public group and everyone leaves - the group suddenly is yours etc ...

"

rods03#0554 wrote:

"

_N0ctus_#6387 wrote:

Its pretty obvious that its not a GGG problem - otherwise there would be way more problems on a way larger scale.

Its probably a mix of pishing, generic passwords and in some very rare cases maybe a virus etc. that collects data.


Just one thing - the most important thing about a Password is its length.
Also never ever use the same password for Accounts and the Mail they are linked to.

Last but not least dont use the same password on every site - it makes sense to for example have a password for important things and a different one for not that important things.

One last tip:
If your account got hacked - consider that password unsafe and public. Change it wherever you use it and never use it again.




And yes the support is a huge problem/joke at the moment. Im also waiting since 28 Days - i cant even imagine how bad that must be when your account got hacked.

Why would the people doing this turn into a large scale issue?
With a quick google search, you can see how valuable a divine is (2$).

You hit about 10-20 people a day, you make sure you keep a list of all the famous people so you don't end up cleaning them out and bringing it more attention than you want.
So let's say you get about 200 divines per average on each person you hit (low estimate by the way), that's about 2000-4000 divines per day, they'd get 5000$ per day or more doing this, that's 150000$ a month, why would you want to risk this type of money by turning this into a big deal.

So instead of having widespread panic, you fuck over about 500 people per average in a month and with PoE 2 having millions of players, GGG doesn't have to put too many resources into this, and players like you end up becoming the support these hackers need to keep this going for as long as possible.

Because thats not how criminals work in most cases. Most want maximum profit as fast as possible.

Also you dont account for one simple thing - ppl want money fast and also want to distance themselves from something like this fast. If you constantly do this its probably way easier to be found out.
Last but not least - the info would be sold to others and chaos would ensure.

Anyways - i hope GGG gets their support working soon and hopefully they can undo the issues ppl here got.

And seriously if you are affected:
1) change passwords
2) do a virus scan
3) be extra carefull with links etc.
4) dont login on other PCs etc.



In theory it should be easy for them to restore your account - the question is do they do that?

"

_N0ctus_#6387 wrote:

"

rods03#0554 wrote:

"

_N0ctus_#6387 wrote:

Its pretty obvious that its not a GGG problem - otherwise there would be way more problems on a way larger scale.

Its probably a mix of pishing, generic passwords and in some very rare cases maybe a virus etc. that collects data.


Just one thing - the most important thing about a Password is its length.
Also never ever use the same password for Accounts and the Mail they are linked to.

Last but not least dont use the same password on every site - it makes sense to for example have a password for important things and a different one for not that important things.

One last tip:
If your account got hacked - consider that password unsafe and public. Change it wherever you use it and never use it again.




And yes the support is a huge problem/joke at the moment. Im also waiting since 28 Days - i cant even imagine how bad that must be when your account got hacked.

Why would the people doing this turn into a large scale issue?
With a quick google search, you can see how valuable a divine is (2$).

You hit about 10-20 people a day, you make sure you keep a list of all the famous people so you don't end up cleaning them out and bringing it more attention than you want.
So let's say you get about 200 divines per average on each person you hit (low estimate by the way), that's about 2000-4000 divines per day, they'd get 5000$ per day or more doing this, that's 150000$ a month, why would you want to risk this type of money by turning this into a big deal.

So instead of having widespread panic, you fuck over about 500 people per average in a month and with PoE 2 having millions of players, GGG doesn't have to put too many resources into this, and players like you end up becoming the support these hackers need to keep this going for as long as possible.

Because thats not how criminals work in most cases. Most want maximum profit as fast as possible.

Also you dont account for one simple thing - ppl want money fast and also want to distance themselves from something like this fast. If you constantly do this its probably way easier to be found out.
Last but not least - the info would be sold to others and chaos would ensure.

you have 0 clue about how this works based on this comment please just get out of this thread if you are not going to be helpful to people or helping with gathering evidence.

"

lolepple#7866 wrote:

"

_N0ctus_#6387 wrote:

Its pretty obvious that its not a GGG problem - otherwise there would be way more problems on a way larger scale.

Its probably a mix of pishing, generic passwords and in some very rare cases maybe a virus etc. that collects data.


Just one thing - the most important thing about a Password is its length.
Also never ever use the same password for Accounts and the Mail they are linked to.

Last but not least dont use the same password on every site - it makes sense to for example have a password for important things and a different one for not that important things.

One last tip:
If your account got hacked - consider that password unsafe and public. Change it wherever you use it and never use it again.




And yes the support is a huge problem/joke at the moment. Im also waiting since 28 Days - i cant even imagine how bad that must be when your account got hacked.

I guarantee you, you'll see it differently when you get robbed out of your stuff.
Many people have been playing games for tens of years without ever being hacked, so I would assume they know how to take care of phising attempts & ensure safe passwords.

GGG messed up with sessionIds or whatever - I am so waiting for the day that we get confirmation.
Hope this will silence all those "jUsT uSe a sAfE pAsSwoRd".... so sick of it.

Obviously people will always look for someone responsible that is not themselves.

Yeah i dont think so. Think about it like this - this game suddenly is way more popular and has lots of new players and media attention. This also means more attention from people that want to take advantage of ppl.

Its not like i havent had issues of a similar type - but even when its your fault to some minimal extent - that doesnt mean its really your fault. Its the fault of some criminal that hopefully gets caught. It also doesnt matter who i think is at fault.

The only important things are:
1) ppl try to secure their data more (never a bad thing even if it wasnt hte problem)
2) ppl get support fast
3) ppl get their state of their account back prior to the incident
4) ppl dont have any financial damages

"

Sunhallow#4117 wrote:

you have 0 clue about how this works based on this comment please just get out of this thread if you are not going to be helpful to people or helping with gathering evidence.

Yeah sure ... - glad that you are an expert
"gathering evidence" lol

You cant gather any evidence because you have absolutely no access to viable techical info. Also guess what 99% of ppl that fell for pishing etc. wont know because if they knew they wouldnt have fell for it in the first place. Good pishing also is made in a way that you dont know its pishing.

Honestly how do you think even in theory someone would know if his password is known or not or if he fell victim to pishing etc.?


Also - i dont work in IT support myself - but what i heard from ppl working there is rather unbelievable. Also most "Hacking" probably also isnt what ppl think it is - its mostly social-engineering not some guy creating programs and typing code.


Also:
https://en.wikipedia.org/wiki/Advance-fee_scam

This scam is probably even older than the internet and its still successfull.

Also these days scams are even on legit websites - there actually where scam adds on many popular platforms - i dont even get how that is even possible to happen.

"

_N0ctus_#6387 wrote:

"

Sunhallow#4117 wrote:

you have 0 clue about how this works based on this comment please just get out of this thread if you are not going to be helpful to people or helping with gathering evidence.

Yeah sure ... - glad that you are an expert
"gathering evidence" lol

considering I work in the tech field and deal with security issues on the regular as well as make sure we follow various security norms as well as having started to do pen-testing for work recently as an addition to harboring security, yeah I am inclined to say that I'm more qualified regarding this then you are.

you don't even grasp the fact that RMT'ers that breach accounts will not breach too much at once to maximize profit. due to extending the duration they have to avoid putting maximum exposure on them. It's why people like fubgun,etc have not been hit yet. If any of these big content creators get hit the criticality level of this issue will go up by miles in GGG's office.

But no, go on keep going off on other users who have been hacked that it's 99.999% chance it is their fault and defending GGG while shoving the blame to users when almost everything we have seen so far indicates it not being user error.

to make it clear to you :

You. Are. Not. Being. Helpful

"

Sunhallow#4117 wrote:

"

_N0ctus_#6387 wrote:

"

Sunhallow#4117 wrote:

you have 0 clue about how this works based on this comment please just get out of this thread if you are not going to be helpful to people or helping with gathering evidence.

Yeah sure ... - glad that you are an expert
"gathering evidence" lol

considering I work in the tech field and deal with security issues on the regular as well as make sure we follow various security norms as well as having started to do pen-testing for work recently as an addition to harboring security, yeah I am inclined to say that I'm more qualified regarding this then you are.

you don't even grasp the fact that RMT'ers that breach accounts will not breach too much at once to maximize profit. due to extending the duration they have to avoid putting maximum exposure on them. It's why people like fubgun,etc have not been hit yet. If any of these big content creators get hit the criticality level of this issue will go up by miles in GGG's office.

But no, go on keep going off on other users who have been hacked that it's 99.999% chance it is their fault and defending GGG while shoving the blame to users when almost everything we have seen so far indicates it not being user error.

to make it clear to you :

You. Are. Not. Being. Helpful

Yeah i dont think so and i also dont think you know as much as you think you do. Also most criminals arent criminal masterminds - if you want to get a bit of inside info just go to a criminal law court - in most countries the hearings are public.


But okay - what exactly indicates it not beeing a user error? And what supports it beeing a GGG issue? How do you know how reliable things are that random ppl write in a thread? And how are ppl supposed to know if they fell for pishing or not etc. - if you fell for pishing it obviously was made in a way that you dont notice. If you ask someone that got scammed and bought a fake watch chances is he also wouldnt know he even got scammed until anyone actually told him and showed him proof that the watch is fake.


Last but not least im helpful - ppl should check on their security and i also even stated that support needs to speed up a lot. And it would probably be more important for ppl if GGG does restore accounts with items etc.