Data Breach Notification

Why is so hard to enable 2FA for all of us?
I`m feeling less safer with this announcement.

I have to agree the urgency for 2FA and login session management has significantly increased.

While this is satisfactory informative note, it misses out on what commitment the team is investing in to help players secure accounts. There is some room for interpretation on some of the mentions especially on the 66 affected accounts. Have they been restored? Have you reached out to the original account holders? How does this potentially affect the millions of players?

Appreciate further comments on how this affects me. Thank you GGG!

GGG are legally obligated to disclose a data breach to authorities and their customers. In the US and Canada they must do so within 72 hours of knowing of the breach. The EU likely has similar requirements.
It gets worse because players were raising tickets weeks ago and yet there was no response from GGG, so they are way outside the 72 hour window.

It will be up to the authorities to determine what, if anything, they will require GGG to provide to customers in the form of things such as consumer protection services, fines against the company and other measures deemed appropriate, such as additional audits and reporting (their auditors should also be under the microscope) based on the scope of the breach.

By their own admission they did not have logging in place and certainly no alert notifications. They cannot tell exactly ow wide the breach is and if any other accounts have been compromised or there is an Trojan horse in place.

They've a long road ahead to regain trust and they better start communicating better to the player base.

So support blaming us for our passwords turned out be somewhat correct, it was GGG with the password issue.

Also stop with the "66" accounts. You might have noticed 66 notes deleted but it's WAY more than 66 compromised accounts

Where & when is POE1 next new league ?

Through this security breach GGG could lose millions of dollars as a result of potential processes opened by the community.
And I hope this is a wake-up call for everyone there at GGG.

Agreed 2 fa needed

Hopefully there's some accountability taken and you guys plan on reaching out to the affected parties involved about what information was taken and whats being done to remedy this. I know i would personally like to know if my information was compromised.

Man all those years of excuses for why we cant have 2FA really backfired huh. It sounds like you guys royally fucked up and didn't have good procedures to prevent it either. I would be surprised if we're getting the full story, there's likely more to this.

People typing paragraphs in here acting like GGG doesn't know how GDPR laws work is really funny, and acting like 2FA would have done literally anything when they had admin access.

Yes 2FA would be nice, still would have been completely useless in this situation.