Data Breach Notification
" Welcome to the club buddy. Also i dont worry anymore, i just bought new key with 300 points (it's enough to play) if they still dont unlock my account before next league or economy reset i just play from new one, GGG support is messed up so bad. Last edited by derilzdota#2658 on Jan 15, 2025, 12:03:45 AM
|
|
|
We need 2FA!
|
|
|
no i understand they are overwhelmed but even if they cannot clear tickets fast enough, efficiency would be the most important here? part of my work requires me to handle customer service online so i know what it feels like on the other end to a certain extend. after our last email exchange idk what more i need to show or proof. im also so fed up and tired from work, the last thing i need to worry about is my outlet for fun
|
|
" Yea, I dont buy the bug explanation either. I do massive and widespread data logging for my job, windows logs, msq logs etc etc. This screams "someone forgot to set to write only and left it as modify/full control." I've seen far to many complacent admins set up services then forget to apply the proper security polices/GPOs like that. Last edited by Offskee#9795 on Jan 15, 2025, 12:11:49 AM
|
|
|
lol
We can’t verify, but it’s only 66 accounts so trust us! New Zealand I don’t care how your laws work but this is [Removed by Support] country and you about to find out! Last edited by ShaunB_GGG#0000 on Jan 15, 2025, 2:00:41 AM
|
|
|
As a tech professional of 20 years, I think I've earned the right to say that its not really acceptable for a company as big as GGG, who makes as much money as they do and hire many many engineers as they do - to not have 2 factor authentication set up by now.
This is the bread and butter of web security: 2FA is the bare basics. (Happy to come work for you if you would only change your silly "work from office" policy. This is turning away all the best engineers, by the way). I've been in companies of only a dozen engineers who still served a product to millions of users and it only cost us money NOT TO have 2FA set up. Maybe GGG is about to learn this lesson too. Hard way to learn it... Corner cutting usually doesn't pay off in tech. Its best to be very risk-averse. All the best with your upcoming security sprint, GGG engineers. I see you, I know its probably not your fault (its always some manager saying "No time for that! We gotta get this other release out TONIGHT: I've promised the shareholders!!!"). Don't be too hard on the engineers, Exiles. They're almost certainly our allies here. Shareholders? Not so much. They'll ruin the whole damn world for a payday, and are. Last edited by evilstarship#1007 on Jan 15, 2025, 12:29:21 AM
|
|
|
Hi GGG,
Can you answer my email? You confirmed in this post that the user could see messages. My POE2 additional keys were redeemed in this breech, and I can confirm the person I shared it with, did not redeem it. |
|
|
I love how everyone and their mother is screaming "give us MFA", even if MFA would do nothing for an attack like this. Unless its implemented for GGG accounts first, which Jonathan clearly said it will be.
And at the same time there are people waiting for ages for locked account recovery - and thats exactly what will spread like epidemic, if MFA is forced on everyone. Dont get me wrong, i fully support MFA everywhere, its easy to implement in 2025 - but it not so easy to cover with support in case anything happens... |
|
|
Its GG
|
|
|
"The PoE account in question was linked to an old steam account that was created by a developer for testing a long time ago, and didn't have any purchases on it. The compromise occurred when the attacker was able to supply enough information to steam support to steal the account."
I can't wrap my head around this, how can a hacker have access to this information? How can they find your old admin Steam account, how can they provide your admin information to Steam and take over the account? |
|
