Compromised PoE Accounts: Stolen Items and Hacked Accounts - Discussion and Leads

"

_N0ctus_#6387 wrote:

Yeah sure ... - glad that you are an expert
"gathering evidence" lol

You cant gather any evidence because you have absolutely no access to viable techical info. Also guess what 99% of ppl that fell for pishing etc. wont know because if they knew they wouldnt have fell for it in the first place. Good pishing also is made in a way that you dont know its pishing.

Honestly how do you think even in theory someone would know if his password is known or not or if he fell victim to pishing etc.?


Also - i dont work in IT support myself - but what i heard from ppl working there is rather unbelievable. Also most "Hacking" probably also isnt what ppl think it is - its mostly social-engineering not some guy creating programs and typing code.


Also:
https://en.wikipedia.org/wiki/Advance-fee_scam

This scam is probably even older than the internet and its still successfull.

Also these days scams are even on legit websites - there actually where scam adds on many popular platforms - i dont even get how that is even possible to happen.

We've long since passed this stage. People mention using programs and the lack of them. A hacker bypasses 2FA steam, standalone client - phishing links, rly? Items constantly appear on the same accounts. You might have known this if you'd read up on the topic a bit, but apparently you just decided you were a security expert and gave general advice like *computer doesn't work - maybe your monitor is probably off*

"

_N0ctus_#6387 wrote:

Yeah i dont think so and i also dont think you know as much as you think you do. Also most criminals arent criminal masterminds - if you want to get a bit of inside info just go to a criminal law court - in most countries the hearings are public.


But okay - what exactly indicates it not beeing a user error? And what supports it beeing a GGG issue? How do you know how reliable things are that random ppl write in a thread? And how are ppl supposed to know if they fell for pishing or not etc. - if you fell for pishing it obviously was made in a way that you dont notice. If you ask someone that got scammed and bought a fake watch chances is he also wouldnt know he even got scammed until anyone actually told him and showed him proof that the watch is fake.


Last but not least im helpful - ppl should check on their security and i also even stated that support needs to speed up a lot. And it would probably be more important for ppl if GGG does restore accounts with items etc.

how indicates it not being a user error??

idk how about several of these?
-people have reported that it bypassed steam log-in
-people being affected with 0 third party content on their PC
-Precedent being present that a similar situation as what most us are thinking is happening has HAPPENED in poe1 before
-evidence of various content creators
-evidence in this post and other places that no login's are detected when the only way of access for them was trough steam which has had 2FA on it.
-The fact all of the cases we have seen so far have only hit Trade players, not a single person so far has noticed the same suspicious activity on their account (being logged out randomly due to session being used for example) when they play SSF or HCSSF.
-The fact we have several accounts of people getting logged out and then logging in repeatable while seeing someone in their party.
-Several reports of this happening shortly after people did a trade (funnily enough usually with names with asian alphabetical characters but this can just be a facade since russian RMT'ers have done so in other games in the past)
-Precedent similar Session hijacking problems have existed in previous online live service games (archeage is a well known one in the MMO community for example)
-How about people resetting their password with passkey generators to have passwords that are resistant to most types of brute forcing.

like I could go on for you to grasp it but you are frankly speaking just stuck in your mindset of blame the user if you don't get it after this list.

if this was a situation where we see 1-2 users reporting it that they got hacked which was the norm on PoE1 sometimes we can think "yeah they used something stupid like overwolf or tried RMTing and got phished"

but when you see reports of several content creators, plenty of people in these forums but also general comments in other communities.

The chances of this being user error is so astronomically small when we have this list of factors to consider it's ridiculous to even imply that it is "HIHGHLY LIKELY" to be on the user side. it's not the first or last time data transferring between the server and clients when 2 users interact gets used maliciously we had one of the most problematic variants of this not even 1 year ago in league of legends where bad actors exploited a vulnerability in this connection to target DDOS specific lobbies in the Korean datacenter.

do we fully rule out user error no we don't do we mostly focus on there being a much higher likelihood that it is a exploitable vulnerability yes. Do I want to use the tools I have in my control to look further into it? yeah but as I mentioned before I do not wanna be flagged by GGG so I'm letting their security specialists look into it. If it was an actual security breach and not a vulnerability within the game we would have seen much graver concerns then peoples items only being removed considering a lot of people in this game have payment information saved.

The likelihood of some people being phished and having credentials be the same as their login's in PoE while also being tech savvy enough to use the standalone client instead of only steam and it's 2fa is a whole another case that could be argued for. but that goes much too far of the straight path.

Also just fyi we will never see items returned. since most of the gear etc being stolen will have been offloaded to other players for cheap and the divine's will have been likely RMT'd already so in the hands of others. People will get banned but items wont get returned due to items virtually being mandatory to be duplicated without pissing of even more people.

"

britnibrown1984#3108 wrote:

"

_N0ctus_#6387 wrote:

Yeah sure ... - glad that you are an expert
"gathering evidence" lol

You cant gather any evidence because you have absolutely no access to viable techical info. Also guess what 99% of ppl that fell for pishing etc. wont know because if they knew they wouldnt have fell for it in the first place. Good pishing also is made in a way that you dont know its pishing.

Honestly how do you think even in theory someone would know if his password is known or not or if he fell victim to pishing etc.?


Also - i dont work in IT support myself - but what i heard from ppl working there is rather unbelievable. Also most "Hacking" probably also isnt what ppl think it is - its mostly social-engineering not some guy creating programs and typing code.


Also:
https://en.wikipedia.org/wiki/Advance-fee_scam

This scam is probably even older than the internet and its still successfull.

Also these days scams are even on legit websites - there actually where scam adds on many popular platforms - i dont even get how that is even possible to happen.

We've long since passed this stage. People mention using programs and the lack of them. A hacker bypasses 2FA steam, standalone client - phishing links, rly? Items constantly appear on the same accounts. You might have known this if you'd read up on the topic a bit, but apparently you just decided you were a security expert and gave general advice like *computer doesn't work - maybe your monitor is probably off*

Yeah well we will see. I go with Occam's razor. Also as i stated what random ppl write isnt instantly a fact and most people obviously wouldnt even know the problem.

Some of my old passwords also seem to have been leaked but neither did i know they were leaked nor how. But just because i dont know isnt something i can use to spin an idea on how it happened and that it 100% wasnt my fault. I simply lack the means to even find out what happened and how it happened.


The only thing important is to secure data better even if it was something else and mainly that the damage is fixed fast and without any lasting damage.


Best case for ppl in this thread would be fast support that just restores their accounts and items.


If their support was faster they probably could also avoid the issues you described with rolling back.

"

_N0ctus_#6387 wrote:

"

rods03#0554 wrote:

"

_N0ctus_#6387 wrote:

Its pretty obvious that its not a GGG problem - otherwise there would be way more problems on a way larger scale.

Its probably a mix of pishing, generic passwords and in some very rare cases maybe a virus etc. that collects data.


Just one thing - the most important thing about a Password is its length.
Also never ever use the same password for Accounts and the Mail they are linked to.

Last but not least dont use the same password on every site - it makes sense to for example have a password for important things and a different one for not that important things.

One last tip:
If your account got hacked - consider that password unsafe and public. Change it wherever you use it and never use it again.




And yes the support is a huge problem/joke at the moment. Im also waiting since 28 Days - i cant even imagine how bad that must be when your account got hacked.

Why would the people doing this turn into a large scale issue?
With a quick google search, you can see how valuable a divine is (2$).

You hit about 10-20 people a day, you make sure you keep a list of all the famous people so you don't end up cleaning them out and bringing it more attention than you want.
So let's say you get about 200 divines per average on each person you hit (low estimate by the way), that's about 2000-4000 divines per day, they'd get 5000$ per day or more doing this, that's 150000$ a month, why would you want to risk this type of money by turning this into a big deal.

So instead of having widespread panic, you fuck over about 500 people per average in a month and with PoE 2 having millions of players, GGG doesn't have to put too many resources into this, and players like you end up becoming the support these hackers need to keep this going for as long as possible.

Because thats not how criminals work in most cases. Most want maximum profit as fast as possible.

Also you dont account for one simple thing - ppl want money fast and also want to distance themselves from something like this fast. If you constantly do this its probably way easier to be found out.
Last but not least - the info would be sold to others and chaos would ensure.

"In most cases" You are not even sure yourself of what you are talking about.

This ain't 2 guys on a scooter that stole a dozen phones of pedestrians and are trying to offload it as fast as possible, this is a million dollar operation we are talking about, you know what's the number one priority for operations like this? To not bring attention to what they are doing.
They want to run this for as long as possible and they need time to offload their divines, if they hit 20.000 people in a week and have a few millions divines to offload, they'd just get insta banned and not be able to sell 2% of it.

"

YungYdoc#4430 wrote:

Made a video to showcase the happenings of this hacking issue.

https://www.youtube.com/watch?v=X_s3uN6JOc8

The goal of this video is to showcase what's happening to the community and hopefully continue to shed light on this issue, motivating a response and action from GGG.

Nice video, and thanks for sharing it! That Reddit link from six years ago was interesting—it’s good to know there was once a way to bypass the login process. Not saying there’s anything like that now, but it’s important to keep all possibilities in mind while trying to figure this out.

"

_N0ctus_#6387 wrote:

"

lolepple#7866 wrote:

"

_N0ctus_#6387 wrote:

Its pretty obvious that its not a GGG problem - otherwise there would be way more problems on a way larger scale.

Its probably a mix of pishing, generic passwords and in some very rare cases maybe a virus etc. that collects data.


Just one thing - the most important thing about a Password is its length.
Also never ever use the same password for Accounts and the Mail they are linked to.

Last but not least dont use the same password on every site - it makes sense to for example have a password for important things and a different one for not that important things.

One last tip:
If your account got hacked - consider that password unsafe and public. Change it wherever you use it and never use it again.




And yes the support is a huge problem/joke at the moment. Im also waiting since 28 Days - i cant even imagine how bad that must be when your account got hacked.

I guarantee you, you'll see it differently when you get robbed out of your stuff.
Many people have been playing games for tens of years without ever being hacked, so I would assume they know how to take care of phising attempts & ensure safe passwords.

GGG messed up with sessionIds or whatever - I am so waiting for the day that we get confirmation.
Hope this will silence all those "jUsT uSe a sAfE pAsSwoRd".... so sick of it.

Obviously people will always look for someone responsible that is not themselves.

Yeah i dont think so. Think about it like this - this game suddenly is way more popular and has lots of new players and media attention. This also means more attention from people that want to take advantage of ppl.

Its not like i havent had issues of a similar type - but even when its your fault to some minimal extent - that doesnt mean its really your fault. Its the fault of some criminal that hopefully gets caught. It also doesnt matter who i think is at fault.

The only important things are:
1) ppl try to secure their data more (never a bad thing even if it wasnt hte problem)
2) ppl get support fast
3) ppl get their state of their account back prior to the incident
4) ppl dont have any financial damages

You clearly are not reading the hundreds of posts in this thread or on Reddit.

I can assure you this is not a password issue. This is not a third-party issue. This is not a hacked computer issue. It is an issue within the game's coding and an exploit.

You can see multiple people in this thread specifically say they don't use third-party apps. They don't use third party software. They don't use hack software. They don't do real money trading. All of their passwords are secure and not shared. The only thing in common is everyone is using Poe too and trading through the official website.

Now I highly doubt GGG takes any accountability for this. As to be honest with you, they don't need to all of their Poe fan base that hasn't been hacked is just blaming the people as if they did something wrong but clearly there's an exploit within the game.

Look at steam discussions.
People constantly posting gits of "fix crash"
"fix this fix that 100% working"

gits if you took a moment to see the file names are full of obvious viruses.

The amount of hacked people doesn't correspond to a data breach.

It's far more likely just lack of awareness.

"

Malejas#1960 wrote:

You can see multiple people in this thread specifically say they don't use third-party apps.

I dont buy it.

"

ex_IllusionisT#8571 wrote:

Look at steam discussions.
People constantly posting gits of "fix crash"
"fix this fix that 100% working"

gits if you took a moment to see the file names are full of obvious viruses.

The amount of hacked people doesn't correspond to a data breach.

It's far more likely just lack of awareness.

"

Malejas#1960 wrote:

You can see multiple people in this thread specifically say they don't use third-party apps.

I dont buy it.

It’s highly unlikely that experienced Path of Exile players—many of whom, like me, have been playing for over a decade and every league—would fall for obvious phishing attempts in Steam discussions. Personally, the only potential phishing risk I could imagine might come through something like Overwolf’s PoE2 app, recommended by a friend. However, since many of us avoid third-party software altogether and were still hacked, this clearly isn’t the culprit. Most of us are well aware of online risks and stick to trusted sources like official forums or Google for solutions—not random, unverified downloads.

The argument that hacks are primarily due to user error doesn’t add up. Numerous players report being hacked despite steering clear of third-party apps or suspicious links, pointing to potential vulnerabilities in the system itself. Experienced gamers are typically cautious, and attributing these incidents to carelessness undermines the seriousness of the issue.

"

_N0ctus_#6387 wrote:

"

britnibrown1984#3108 wrote:

"

_N0ctus_#6387 wrote:

Yeah sure ... - glad that you are an expert
"gathering evidence" lol

You cant gather any evidence because you have absolutely no access to viable techical info. Also guess what 99% of ppl that fell for pishing etc. wont know because if they knew they wouldnt have fell for it in the first place. Good pishing also is made in a way that you dont know its pishing.

Honestly how do you think even in theory someone would know if his password is known or not or if he fell victim to pishing etc.?


Also - i dont work in IT support myself - but what i heard from ppl working there is rather unbelievable. Also most "Hacking" probably also isnt what ppl think it is - its mostly social-engineering not some guy creating programs and typing code.


Also:
https://en.wikipedia.org/wiki/Advance-fee_scam

This scam is probably even older than the internet and its still successfull.

Also these days scams are even on legit websites - there actually where scam adds on many popular platforms - i dont even get how that is even possible to happen.

We've long since passed this stage. People mention using programs and the lack of them. A hacker bypasses 2FA steam, standalone client - phishing links, rly? Items constantly appear on the same accounts. You might have known this if you'd read up on the topic a bit, but apparently you just decided you were a security expert and gave general advice like *computer doesn't work - maybe your monitor is probably off*

Yeah well we will see. I go with Occam's razor. Also as i stated what random ppl write isnt instantly a fact and most people obviously wouldnt even know the problem.

Some of my old passwords also seem to have been leaked but neither did i know they were leaked nor how. But just because i dont know isnt something i can use to spin an idea on how it happened and that it 100% wasnt my fault. I simply lack the means to even find out what happened and how it happened.


The only thing important is to secure data better even if it was something else and mainly that the damage is fixed fast and without any lasting damage.


Best case for ppl in this thread would be fast support that just restores their accounts and items.


If their support was faster they probably could also avoid the issues you described with rolling back.

Please stop making lengthy responses to people. I legit thought you are on the team of the hackers and trying to waste GGG's time with your bs replies to people.

This hacking issue CAN be from insecure passwords and it usually is. It CAN be because of literally anything. Even if 3rd party programs didn't cause every hack, 3rd party programs could cause some of them. WE DON'T KNOW ANYTHING. There have been hacks that seem to have got through common security methods so it's at least worth giving the problem more attention than usual.

But I don't think we can solve the problem. It seems like literally anyone can get hacked, so the thread doesn't have much point. Just have to GGG fixes things and asks us for information when they aren't sure about something, instead of just saying everything is fine and assuming everyone else is wrong. There are clear mysteries like HOW CAN AN ACCOUNT BE UNLOCKED WITH NO ACCESS TO EMAIL BY THE HACKER.

"

ex_IllusionisT#8571 wrote:

I dont buy it.

No need. Let's say they use programs and lying about this (why for?). But two different trade programs, and one of them is open source from an author who has been developing and posting things on GitHub for a long time. Are both programs simultaneously hacked independently of each other? How's real it can be? Is it really more possible than data leak or security problem that already happened in 2018 (or whatever year)?