|
So is GGG doing nothing for the people that were affected by this?
|
|
|
what a shame.
Under KRIS this didn't happen.
And now that you have new owners and all the resources of the world, you let the Thief into your garden so easily.
But don't worry, relax, it's Christmas holidays right? Peace and love to all. (and dupes)
|
Posted bymbitsu#0616on Jan 14, 2025, 8:47:46 PM
|
"
So is GGG doing nothing for the people that were affected by this?
Do you want a mystiс box?
|
Posted bymbitsu#0616on Jan 14, 2025, 8:48:50 PM
|
|
I'm not affected but how are you planning on compensating the affected accounts after all this was your error.
|
Posted byXirav79#6285on Jan 14, 2025, 8:48:52 PM
|
"
"
Will people who have had their accounts lost or items stolen receive support in getting those back?
"
How is this a response?
What happens to the items they stole? This is on GGG.
You said they looked at a significant amount of accounts information.
How are we supposed to protect our accounts now that someone could possibly have all the information needed to recover the account through support.
"
For those accounts they got access to the following private information:
Email Address if the account had one associated
Steam ID if the account had one associated
IP Addresses that the account had used
Shipping address if the account had previously had physical goods sent
Past purchases
This is all the information needed for someone to recover an account through Support. What is anyone supposed to do if they were one of the people?
It was a support-admin account the attacker hijacked. The GGG support does not have your passwords. What the attacker could do is compare mails with known compromised account databases that use the same password everywhere.
GGG cannot fix people too lazy to use unique passwords.
Guys, please ...
Why are you telling nonsense to try to save GGG face from something they don't need to be saved? They said their own tools were used to reset passwords so they have nothing to hide.
The blame is on GGG and they don't need to hide it, so stop being a unempathetic person getting delight and pride from other's disgrace.
|
Posted byVanchelot#1368on Jan 14, 2025, 8:57:04 PM
|
"
I'm not affected but how are you planning on compensating the affected accounts after all this was your error.
you can't know if you were affected, hackers got all sorts of private information which GGG uses for e-mail change procedure for an unknown amount of accounts. Even if you change password, you still wouldn't know if you are safe or not. Because they didn't tell if they are going to inform people of their data being leaked.
|
Posted bycyfer.russia#1667on Jan 14, 2025, 9:01:23 PM
|
|
Please 2FA for everyone
|
Posted byBLASSTABOI#5179on Jan 14, 2025, 9:04:21 PM
|
"
what a shame.
Under KRIS this didn't happen.
And now that you have new owners and all the resources of the world, you let the Thief into your garden so easily.
But don't worry, relax, it's Christmas holidays right? Peace and love to all. (and dupes)
https://www.pathofexile.com/forum/view-thread/1874476
Uh huh
|
Posted byErionn#6306on Jan 14, 2025, 9:05:17 PM
|
Could someone clarify what this means?
"
It is probable that the attacker would be able to compare email addresses found using our portal against publicly available lists of compromised passwords from other websites in order to find accounts that shared the same password with their PoE account. If that was the case, they would have been able to bypass the region locking using the unlock code.
If the attackers already viewed unlock codes for some accounts then why do they need to find compromised passwords for other websites? How do other website accounts aid in bypassing a region lock? |
Posted bybilboreily#3998on Jan 14, 2025, 9:07:23 PM
|
"
Could someone clarify what this means?
"
It is probable that the attacker would be able to compare email addresses found using our portal against publicly available lists of compromised passwords from other websites in order to find accounts that shared the same password with their PoE account. If that was the case, they would have been able to bypass the region locking using the unlock code.
If the attackers already viewed unlock codes for some accounts then why do they need to find compromised passwords for other websites? How do other website accounts aid in bypassing a region lock?
??? The unlock code is only useful if they can already login to the account, it's bypassing the games built in 2FA when trying to log in from another IP(which doesn't always work). They are saying here that they could compare a list of emails to breaches from elsewhere on the internet and try to use those passwords, since people love using the same passwords.
|
Posted byErionn#6306on Jan 14, 2025, 9:09:07 PM
|
