Compromised PoE Accounts: Stolen Items and Hacked Accounts - Discussion and Leads

Got my stuff stolen yesterday morning, without any "login from new location" or steam notifications. hardcore password, only overwolf downloaded (which like 5000000 not hacked people have too)

Pretty sure the theory about stolen idtokens on trade is the most believable, but I'm tired of clueless people who claim that "ITS JUST YOUR PASSWORD 1234 GOT LEAKED ON RMT SITE BRO :))"

And also ggg wont say anything even after fix most likely, just fix tradesite issue on side

"

suomynona#4854 wrote:

Got my stuff stolen yesterday morning, without any "login from new location" or steam notifications. hardcore password, only overwolf downloaded (which like 5000000 not hacked people have too)

Pretty sure the theory about stolen idtokens on trade is the most believable, but I'm tired of clueless people who claim that "ITS JUST YOUR PASSWORD 1234 GOT LEAKED ON RMT SITE BRO :))"

And also ggg wont say anything even after fix most likely, just fix trade side issue on side

Did you have any recent trades or friend invites that seemed strange?

"

waitingforunlock#4272 wrote:

"

suomynona#4854 wrote:

Got my stuff stolen yesterday morning, without any "login from new location" or steam notifications. hardcore password, only overwolf downloaded (which like 5000000 not hacked people have too)

Pretty sure the theory about stolen idtokens on trade is the most believable, but I'm tired of clueless people who claim that "ITS JUST YOUR PASSWORD 1234 GOT LEAKED ON RMT SITE BRO :))"

And also ggg wont say anything even after fix most likely, just fix trade side issue on side

Did you have any recent trades or friend invites that seemed strange?

I didn't accept any friend requests, but had like 20+ weird trades because I was actively corrupting and trading expensive things for a 5-7 days. Like A LOT of lagging Chinese no ascendancy people interacting with me
Well, didn't know that I should be scared of that, unlucky

"

suomynona#4854 wrote:

"

waitingforunlock#4272 wrote:

"

suomynona#4854 wrote:

Got my stuff stolen yesterday morning, without any "login from new location" or steam notifications. hardcore password, only overwolf downloaded (which like 5000000 not hacked people have too)

Pretty sure the theory about stolen idtokens on trade is the most believable, but I'm tired of clueless people who claim that "ITS JUST YOUR PASSWORD 1234 GOT LEAKED ON RMT SITE BRO :))"

And also ggg wont say anything even after fix most likely, just fix trade side issue on side

Did you have any recent trades or friend invites that seemed strange?

I didn't accept any friend requests, but had like 20+ weird trades because I was actively corrupting and trading expensive things for a 5-7 days. Like A LOT of lagging Chinese no ascendancy people interacting with me
Well, didn't know that I should be scared of that, unlucky

You shouldn't. No matter how suspicious someone is, they shouldn't get access to your account by doing weird stuff with you if you don't tell them your password or email.

Well, apparently I should, because obviously I didn't tell them my password and email, and IN THEORY even if I did, I would receive email from steam or ggg about someone trying to enter my acc from other place (which I did when I asked friend to do smth few years ago in poe1 on my acc)
Thats the thing, your password and email is most likely NOT required for hacker to steal everything

Using my gf's account since my main is still locked with Support nowhere in sight.

POE only has account security when logging into the game, not the website. If you know the password, you can get into any account on the site without being stopped. If you happen to login to the actual game, it will trigger security and an email will be sent out.

This is where the problem is.

If you have a linked payment (like paypal), there is NOTHING stopping a hacker from making purchases.

Its not at all likely that someone is going through your steam account to access the website. Way too many walls for that.

I recommend disabling all pay connections after each payment is processed. Its the only way to prevent money from being taken.

Unfortunately, unless you change your password weekly, there isn't really any security for POE.com.

I recommend connecting any service you can as to not leave any open for a hacker to hijack. For me, I dont use Epic but will make a dummy account just to have it linked so a hacker can't link their own.

"

suomynona#4854 wrote:

Well, apparently I should, because obviously I didn't tell them my password and email, and IN THEORY even if I did, I would receive email from steam or ggg about someone trying to enter my acc from other place (which I did when I asked friend to do smth few years ago in poe1 on my acc)
Thats the thing, your password and email is most likely NOT required for hacker to steal everything

Sorry it's hard to write in English what I mean that clearly. If the hideout sitting/trades are causing hacks, then that's the game's fault, not yours. Similar happened to me where there were a few weird trades getting cancelled and some expensive items from my stash were gone 3 days after those trades (I got an email about account lock and it did nothing).

First there was just a straight up scammer, seen those many times before already, puts low amount of currency on trade, accepts with my item and thinks I will press accept fast and leaves regardless of trade going through or not.

But also another suspicious trade after that. He doesn't start my first trade. I thought he forgot currency so I start another one without asking further. Then it starts (he didn't move to get more currency so maybe just slow loader). The guy got me to accept a trade that looked normal. But instead of accepting it himself he took away his currency and cancelled trade, no trade happened with him after that. Btw I've never seen someone take away currency from trade like that, like what is the point? I still got replay of what happened. It sounds crazy so no one will believe it but maybe GGG will do a proper investigation at some point if they feel like the burden on their support is too much, and at that point this will help them. Maybe it's not the best place to discuss what happened because it could lead to more hackers trying it but if GGG won't take it seriously then who cares.

"

ex_IllusionisT#8571 wrote:

2. Want their shit back.
3. Put the blame on GGG so they get their shit back.
4. If they even mentioned they used Third party then they're disqualified from getting their shit back.

anyone who played poe for reasonable amount of time know there is no refunds/rollbacks/item restore. both policy and common sense.

"

brzroman#1932 wrote:

"

ex_IllusionisT#8571 wrote:

2. Want their shit back.
3. Put the blame on GGG so they get their shit back.
4. If they even mentioned they used Third party then they're disqualified from getting their shit back.

anyone who played poe for reasonable amount of time know there is no refunds/rollbacks/item restore. both policy and common sense.

Yes, great common sense, that's how it would be in real life. You have something stolen, you go to court, and there, well, excuse me, common sense tells you that the offender should not return your losses))) meme

you really dont get how refunds can lead to infinity curr/gear abuse cases?