Data Breach Notification

"

BesottedOrb#0064 wrote:

"

Crainus#7059 wrote:

how does this factor in the hacks this week + steam users getting hacked too without triggering steams 2fa ?

I'd take any post of supposed hacking without proof with a very big grain of salt. Especially on bot infested Reddit.

You mean the same reddit that made GGG go in and check there accounts to there "surprise" an admin account had indeed been hijacked :D

right ok, regardless of what you think of reddit, they brought this to light and forced GGG to do an internal check

So are you contacting the persons of the compromised accounts and providing them options on if/when they should secure their account. Will you be providing free credit checks/monitoring to those individuals as required by law?

That's why it's always better to play through steam directly.

The guy who want to steal my steam account needs to steal my phone irl

There's no 2FA in your admin tools either!? In 2024/5!?! Who does your pen testing?

The hacker used my purchased PoE2 Key (that I got from the bundle).
Will you refund me with a new key at least?
The missing items I know that is gone, and I'll have to farm again =/.

There are any number of questions to ask about this, but I want to know two things.

Why hasn't there been any mention of the data breach via social media channels?
Why doesn't the data breach announcement show up on the front page of the website?

Feels like you're trying to hide the announcement.

Wait, so for clarification: if the attacker was to reset the password by using admin tools it would have triggered the region code thing on login?
So the only users who were 'hacked' were those who were using passwords on PoE that were previously leaked and publicly available or shared in underground communities associated with the same mail address?

This happens, but I hope it will move the support of your team, which is responsible for maintaining accounts and websites. :)

"

ExplodingCoreq#4754 wrote:

Wait, so for clarification: if the attacker was to reset the password by using admin tools it would have triggered the region code thing on login?
So the only users who were 'hacked' were those who were using passwords on PoE that were previously leaked and publicly available or shared in underground communities associated with the same mail address?

potentially but thats not really the issue with all of this, they claim only 66 accounts had passwords reset but thats only going of there logs that are within the last 30 days but this "reporting" of hacked accounts goes back further, hell the guy on trade site selling stolen items is still on there :D

They also dont seem to mention that while passwords/emails can be on darkweb or pastebins breaches/leaks etc. thats assuming publicly known breaches. there could still be lists of data leaks from breaches that are not in public domain or on sites that be scrapped by darkweb searches from surfshark vpn or googles darkweb search tool for example.

What I mean by this is, your data might "not show" up on these searches but thats simply because it might not be "visible" to the scrapping tools that some services provide (like vpn providers or google)

So for them to only "assume" its known leaks in prior breaches is honestly ignorant and also not the full picture

as basic as this all is, they really should be forcing a password reset for all standalone accounts as bare minimum, they also have not been GDPR compliant at all in this "breach" going of the time frame, ive already reported this to the UKs ICO "information commissioners office" as a result

"

zer0gutter#1356 wrote:

There's no 2FA in your admin tools either!? In 2024/5!?! Who does your pen testing?

They misunderstood the assignment, but they do have enough working pens in the office until 2034 after the project was completed.