Data Breach Notification
|
Some people will say this is great transparency but the truth is the incident itself is absolutely ridiculous, and the implications for our general account security - which was always suspected to be shaky to begin with - are damning. On broader terms, it's also another in a sequence of grotesquely amateur back-end mistakes over the last few months, only matched by the amateurism from Steam - but this ain't the Steam forums. And why isn't this on the front page? Not that transparent after all, I guess.
| |
|
This is insanely bad and is being downplayed like crazy as to how significant this actually is.
You admit that the attacker viewed information for a significant number of accounts, yet they only chose to access/modify info for 66 of them? You also said your logs don't keep track of anything after a month, so you truly have no idea how much was actually accessed, correct? This is an absurd statement on the matter and pretty damning. Two-factor auth could have solved this but you refuse to implement such basic security measures. You're not a "small indie company" anymore, do better, ggg. Last edited by Pallumx#4803 on Jan 14, 2025, 9:44:43 PM
|
|
" If they do implement 2FA, it better be optional. Mandatory 2FA sucks and has pushed me away from products in the past. |
|
|
It's interesting that people decided to play the game DESPITE the fact that there is no 2fa, and now they are complaining that there is no 2fa.
Should there be 2fa? Yes, at this point, there should be.(worth noting 2fa is basically irrelevant in this scenario) But by deciding to play the game anyway, knowing there was none, that is a risk we all chose to make. So all this talk about compensation is a little unwarranted. Update your passwords, check your bank accounts, and be vigilant. Then, either keep playing or wait for 2fa. Either way, live and learn. |
|
" The attackers compromise an admin account, so even if we as simple users had 2fa enabled, the attacker still could see our info from the admin panel. So at this point is 100% GGG fault for this. Last edited by bawaaji#1185 on Jan 14, 2025, 9:50:30 PM
|
|
|
Until PoE 2 supports YubiKeys it can't be considered a next-generation game.
|
|
" ? in your universe semi-open personal information and an admin tool that ignores all protection. is this one and the same? and the word "Potential" doesn't bother you? |
|
" Where does all this pressure come from? Think about it.. the developers are working hard to make the game you play better. They have rework, tons of content to work on. And you're asking for some kind of compensation. Does the game work? Yes! Is there progress? Yes! Moreover, the problem is old and, as you can see, not critical. Do you want people to sit and dig through gigabytes of logs all day to help the victims? When the development itself is in full swing and deadlines are missed. Nevertheless, people working on POE also need to rest. So, say words of support and gratitude instead. Or do you want such minor problems to be responded to immediately? This never happens to anyone! Personally, I don't know of any project where such problems could be rolled back. |
|
|
whew got me real scared of more malicious stuff happening, happy it was "just" an support account hijacked.
|
|
|
Really sad to see this news, but appreciate that it was explained here. The optics of a post like this however makes it appear as if GGG knew that an admin account was compromised but waited to tell the playerbase until they had finished an investigation. Please be more prompt in disclosing hacks like this in the future even if you do not have 100% knowledge of who/how/what/where/why.
|
|
