Data Breach Notification
|
Hoo, boy. Hope the guy whose account it was has his resume dusted off. That's an instant termination in just about any job in this field. I know if I was their security admin, I'd be demanding as much.
|
|
|
so here's my problem with the post.
reports from people that claim their account was hacked, yet their password was unchanged. - their password hadn't been leaked to any online database (that is searchable by the public, i.e. hibp etc.) - they used the password/email comb only for the poe account - they were not using 3rd party software apart from the generally accepted price-checkers - only poe2 account was affected, not bank account, not poe1 the fact that in the statement theres mentions of "The attacker set random passwords on 66 accounts" and "No passwords of password hashes were viewable through the customer service portal." plays completely against that? Unless theres a way for a customer support person to "log into someones account without using email/password" the post - for this group of people - is completely worthless. Why didn't you touch on that? |
|
" do you think all people are complete honest with their use of account data what so ever and tell the truth about it? i dont think so... |
|
|
Please use this as a wake-up call to finally add 2FA authentication.
Some people have been playing this game for over a decade and have thousands of dollars invested into their accounts. Even the most bog standard websites these days have 2FA, game accounts have it, and this game should be no exception. People who only use Steam to login can already rely on Steam's 2FA, but anyone using PoE's own login system is reliant on only email + password, which is simply outdated in this day and age. Anyone using both because of account linking has effectively sabotaged account safety by now having to rely on the weakest link in the chain. |
|
" In the post, they firstly mention that 66 accounts had their passwords resetted. In my opinion, that doesn't even cause any harm to the customer so I don't know why they would mention it as the first issue if they aren't hiding anything. In fact, based on this post I would be cheering if they reset my password because that implies they cannot get access to my account. Also, they don't say anything but that the amount of accounts affected by other parts of the breach was "significant", even though they should know the number at this point. Last edited by nigelf#2779 on Jan 15, 2025, 5:32:42 AM
|
|
" 2FA. I don't care if it's inconvenient for GGG to make happen. Other companies with less resources are able to do it, so GGG is as well. We need it yesterday. |
|
|
This doesn't add up.
What about the reports that people who got their in-game stuff stolen reported that attacker invited 3rd character to party which joined the hideout instance and then they proceeded to clear out the inventories. There has to be some kind of session identifier leaking in the game memory which allowed attackers to hijack the session and empty inventories of the victims in real time using the game client. 2FA won't help with that exploit. |
|
|
At this point we all should be aware of this:
need to reset the passwords and use a complex type one need to change your account associated email need to enable 2fa for that email pray! |
|
|
This is absolutely unacceptable.
I hope that you all plan to have 2fa soon and I guess I'll be switching my steam details since it seems like you are saying the details required to recover my steam account might be leaked. Wtf |
|
|
very nice very nice, now can be my account be unlocked? its been almost a fucking month
|
|
