Data Breach Notification

Is time played, payment name, adress etc accessible by others people than just the ggg team in NZ ?

How is this NOT on the front page... PISS POOR transparency from a shitty company that ONLY cares about Money. Stash tab sale is front page but a Data Breach is hidden in a sub forum.. You dont care about all of the locked accounts or your shitty email system thats full of bots. FIX your Unlock system.. its SIMPLE ill help you out..

Make a Account.. Lock it.. then YOU try to use the unlock code that should be sent to the email used for the account, YOU will see that you NEVER get a unlock code email.... That means you have a backend problem with YOUR email system. I find it hard to believe you can make a game but cannot fix an email issue.

ggg you went way down hill. I used to think Blizzard was bad.. but GGG takes the cake.. Your support, your forum mods(bots) your upper management ALL suck and
[Removed by Support] lol. you can edit posts but not fix simple issues, GG

"

NoCryin#7743 wrote:

[Removed by Support] lol. you can edit posts but not fix simple issues, GG

ahahahahah

25 pages and not a single answer from GGG. They apparently shown interest just for censoring the point of view of the users.
YOU ARE EXTREMLY LAME!!

Nice of you to inform us with such details and clarity.
As always GGG takes itself & its customers seriously <3

"

ClumsyParasite#3060 wrote:

"

We have taken steps to ensure that there are more security measures around admin accounts so that this can not happen again. No 3rd party accounts are allowed to be linked to any staff accounts and we have added significantly more stringent IP restrictions.

I really look forwarding to 2FA available to the wider player base to bolster the security of the entire PoE community.

2fa is is just a placebo, most account steals are via session id's, 2fa more often locks the owner out then it ever does to protecting it from someone.

Ultimately the only true security is good passwords, different passwords for everything, don't download shit you can't verify yourself or hasn't been verified by trusted sources.

don't click links in your emails, always open the site the link is related to directly.

and just don'be be going to suss af websites. everyone of those above don't give 2 shits about your 2fa, they steal your sessions id cookie and bypass it

2fa is more like the lock on your bike, it just keeps honest ppl from stealing things. real criminals don't care about your shit lock.

"

Cyberlord15#3673 wrote:

Dear GGG, they are many IT guys who playing your wonderful RPG game; I'm one of them.
If you need us to develop 2FA, hire us and we gladly do it for you.
I'm a RHCSA holder and currently pursuing Azure and AWS cloud computing. I'm pretty much an intermediate in web services.

When can I share my resume?

lol if you were 'IT guy' you would know how little 2fa does to stopping account steals and how much it just gets ppl locked out of their account

"

NoCryin#7743 wrote:

How is this NOT on the front page... PISS POOR transparency

that trick almost worked, i would never think about checking sub forums, always open main page.
trying to hide something on the internet - really GGG?

"

Xypha#3760 wrote:

"

Cyberlord15#3673 wrote:

Dear GGG, they are many IT guys who playing your wonderful RPG game; I'm one of them.
If you need us to develop 2FA, hire us and we gladly do it for you.
I'm a RHCSA holder and currently pursuing Azure and AWS cloud computing. I'm pretty much an intermediate in web services.

When can I share my resume?

lol if you were 'IT guy' you would know how little 2fa does to stopping account steals and how much it just gets ppl locked out of their account

Alright. Explain further.
Implementing 2FA would be the first step for account security.
Later on, GGG can slowly more account security features.

If you better than me, please explain further. Let me learn from you.

"

Cyberlord15#3673 wrote:

"

Xypha#3760 wrote:

"

Cyberlord15#3673 wrote:

Dear GGG, they are many IT guys who playing your wonderful RPG game; I'm one of them.
If you need us to develop 2FA, hire us and we gladly do it for you.
I'm a RHCSA holder and currently pursuing Azure and AWS cloud computing. I'm pretty much an intermediate in web services.

When can I share my resume?

lol if you were 'IT guy' you would know how little 2fa does to stopping account steals and how much it just gets ppl locked out of their account

Alright. Explain further.
Implementing 2FA would be the first step for account security.
Later on, GGG can slowly more account security features.

If you better than me, please explain further. Let me learn from you.

info stealers, the most common malware affecting general population and gamers the most, steal session cookies, with the cookies and browser fingerprint 2fa is bypassed entirely along with any user or password.

Nothing but users being aware and not downloading and running random executables and having good and informed internet practices will stop this. 2fa is great for business, great for logins in the internet cafe that you ensure you don't check "remember me", but on a home pc where you save all them cookies and the majority of ways ppl play their games, it does nothing at all for 99% of todays ways the average gamer account gets hacked. which tbh, most of the ppl getting done this way deserve it as they probably were downloading cheating software/cracks/pirating which is the most common vector to having these session ids stolen

it also then adds a ton of overhead to the 2fa implementer (GGG in this case) to manage and maintain, as inevitably players get themselves locked out much more then it saves anyone from a hack, its overall not a gain to gaming applications other then false sense of security to the players, which if you are someone like say blizzard paying to appease might be worth, but if you are much smaller that gain is probably non-existant. If you get 2fa here, its 100% because GGG thought it cheaper to appease the masses, not because it makes you more secure, nothing but user habits and practices will reduce hacked accounts.

Edit: the overhead issue, is the fact to get your account back if you lock yourself out ivovles providing photo ID and alot of personal details that GGG don't need otherwise, but they now have to store and follow a bunch of new privacy requirements, writebusiness policies, and make sure they secure those too, and if they get hacked that could be available to a hacker if they do mess up, best way to avoid as a business, just don't have the info, ie dont implement s2fa

Can support stop asking me the same dozen questions and just unlock my account?? I may as well have given you my birth certificate!