Data Breach Notification

"
I love how everyone and their mother is screaming "give us MFA", even if MFA would do nothing for an attack like this. Unless its implemented for GGG accounts first, which Jonathan clearly said it will be.

And at the same time there are people waiting for ages for locked account recovery - and thats exactly what will spread like epidemic, if MFA is forced on everyone.

Dont get me wrong, i fully support MFA everywhere, its easy to implement in 2025 - but it not so easy to cover with support in case anything happens...


Even if MFA wouldn't have stopped this specific breach, its absence is a microcosm of GGG's lackadaisical approach to security. If we lived in the timeline where they cared enough to already have MFA for users and employees they would have also been security-minded enough to not allow 3rd party connections to admin accounts in the first place.

While the specific request people usually repeat is for MFA, the larger implied statement is "take your security seriously," which GGG routinely ignored.
Please give us 2FA, it's past time you implemented that!
to anyone still defending ggg about delaying 2fa they said the same thing 6 months ago to Zizaran, this sounds alot like it will never get done.

Any compensations for victims? or are we just sorry that we ruined a ton of peoples holidays and now their accounts are locked for over a month?

there is zero communication going on, alot of us would have purchased a new early access keys if we knew our accounts are not gonna be unlocked for months
Appreciate the transparency. Hope 2FA comes very soon.
"
Beverice#3588 wrote:
Will people who have had their accounts lost or items stolen receive support in getting those back?


lol
if you nerf 10 gems out of 30, you automatically buff the other 20!
"
lol


We can’t verify, but it’s only 66 accounts so trust us!


New Zealand I don’t care how your laws work but this is [Removed by Support] country and you about to find out!


never laughed harder...
if you nerf 10 gems out of 30, you automatically buff the other 20!
Last edited by ShaunB_GGG#0000 on Jan 15, 2025, 2:02:30 AM
Will u email ans notify every account that was viewed by the attacker . Or it is to be assumed that we all got checked in one way or another
So i guess i think. If you want MFA just Start playing poe2 via Steam. They already have MFA and. I guess that GGG is Not able to provide with MFA in future, but i think ITS a good sign they are Not into Money making. I Just think they Cut of a lot of revenue for their company by Not realeasing a waypoint stashtab as well as one for breach which inwould have directly bought ... And we need better Portal MTX. The ones already releases i dislike and dont wanna buy a expensive supporter pack Just for a Portal.

https://www.pathofexile.com/forum/view-thread/1874476/page/1
When is the mext one? I'm asking because I had no popcorn ready for this one.
"
Offskee#9795 wrote:
Beyond the fact it happened.

What bothers me the most, is that beyond the hack, their own logging policy's weren't protected from editing...

ANY sys admin knows that logs need to be write only, never modify.

Like that actually blew my mind, how badly are you running your systems to fail logging 101.

They might be good at making games, but as sysadmins, this is a failing grade at the most basic stuff.

Attacker could not edit logs. At least read original message. Due to bug a specific action was logged in notes which can be edited instead of logs. So for that specific action they don't have a log, they only know how many times note has been deleted (which is logged).

Report Forum Post

Report Account:

Report Type

Additional Info