The Hacking of accounts has not subsided

As title suggest, it seems that the hacking is still going on in Path of Exile 2 as i was a victim in the past 14 hours, couple of points:

- This was effectively the second time my account was hacked as during the first time i received e-mail invitation from Grinding Gear Games about someone else attempting to access my account from different location, when i did receive such e-mail i was able to quickly prevent it by fighting over the access to account by logging in and being kicked out of the game repeatedly and hackers attempt subsided as soon as i changed the password
- First hack attempt happened over 2 weeks ago
- This time i received no e-mail notification about anyone access my account from different location, neither from Steam or Grinding Gear Games at all
- I've changed my PoE Account password 2 times now, first time after first hack attempt and second, well, after second sadly successful hack
- I play Path of Exile 1 using the same account since the Legacy league and NEVER been hacked at any point in time
- I am using Steam exclusively to access both Path of Exile 1 and Path of Exile 2 accounts, my Steam has 2FA and all that Jazz sort of security, never ever have i had issue with Steam security myself
- The only 3rd party apps for PoE2 i was using was Path of Exchange 2 which is open source and Path of Building from the official LocalIdentity1 GitHub page, neither unlikely to be the cause as both would take a huge hit to their reputation if they were the case
- None of that Overwolf shenanigans, never used anything close to it, the 2 above tools were the only tools i've ever used and verified their source to be legit
- I wrote to support and awaiting their response although judging from other people accounts i don't anticipate any of this will be reverted
- I never did participate in RMT in any shape or form neither as seller or as buyer, i don't even visit such sites be it out of curiosity and/or downloading .pngs and anything in between. That would be stupid of me to self report as these would be easy to determine by the Support
- I've also checked my authorized apps and trusted devices on both Path of Exile account and on Steam and none of them show anything suspicious.

If the 'CS Admin Access' breach was the real cause it seems that the person doing it is still at large and regardless whether you've changed passwords or not you might be at risk when you least expect it.
Hackers stole anything that wasn't bolted to the ground including Jewels (has 98% adorned, 3 x Grand Spectrums, fairly decent Against the Darkness and multiple costly magic jewels for Adorned Setup), equipment including Astramentis, very costly rings and 78% corrupted Ingeuinty, 4% IAS, 1-12 Lightning HowA etc.) very costly gear, upwards of like 600-700 divines atm, probably more, all farmed myself over the course of 600hours i've played PoE2 despite people thinking it's impossible to earn that much money solo, flasks (melting Maelstrom), Divines and Perfect Jeweller's orb (of which if i remember correctly i've had 2 in my stash so not that much).
Hackers left on my account Exalts, Chaos Orbs etc. Essences, Instilled Emotions, basically everything in my Publice Sale tabs (even items i've had priced at 75 Divines) and all active Alva listings.
I've also had like over 2k shop points on my account and thankfully none of them were touched in any way.
Beware everyone as it seems the hacking attempts have not subsided and we need real 2FA required each time you press log in as soon as possible, because gear and divines are one thing, but if you are buying points off the shop using real money your billing address information might be at risk as well.

What about Filterblade or the other integrated filter sites?

I was wondering which API theyre using to allow that integration directly into the live game.

Though its likely safe. Filter sites probly store data segregated by an account ID, and the game probly polls for it so they never directly access the game.

But, was just a thought I had last night.... anyways, I would love them to share more details on how certain they think they are that this is resolved.

Ive also read that 2FA is not as glorious as it used to be. It has issues as of late in general. So perhaps Steams 2FA has a hole somewhere?

"

PlatypusMuerte#1096 wrote:

What about Filterblade or the other integrated filter sites?

I was wondering which API theyre using to allow that integration directly into the live game.

Though its likely safe. Filter sites probly store data segregated by an account ID, and the game probly polls for it so they never directly access the game.

But, was just a thought I had last night.... anyways, I would love them to share more details on how certain they think they are that this is resolved.

Ive also read that 2FA is not as glorious as it used to be. It has issues as of late in general. So perhaps Steams 2FA has a hole somewhere?

That's even less likely than Path of Building, especially since i believe NeverSinks is at least occasionally working for GGG directly or indirectly by providing the game with very basic loot filters. Taking that much of a risk for couple of Divines would be incredibly stupid.

Losing your stuff sucks. Sorry.

But seriously, 600 hours on a game that has been out for a bit over a month? That's unhealthy. The hacker might have done you a favor.

"

PlatypusMuerte#1096 wrote:

What about Filterblade or the other integrated filter sites?

I was wondering which API theyre using to allow that integration directly into the live game.

Though its likely safe. Filter sites probly store data segregated by an account ID, and the game probly polls for it so they never directly access the game.

But, was just a thought I had last night.... anyways, I would love them to share more details on how certain they think they are that this is resolved.

Ive also read that 2FA is not as glorious as it used to be. It has issues as of late in general. So perhaps Steams 2FA has a hole somewhere?

Filterblade uses Oauth2, which means they have no access to your sessionID, just account name to push the filters to the correct place. It's the same tech they use with Twitch/EGS/Sony/Xbox/Steam integration.

cui bono?

Any thoughts on doing a fresh Windows/OS installation? Is it possible you have a Keylogger installed on your computer and everytime you change your password it's just logging the new password for the hacker to get into your account?

I find it unbelievable that GGG does not implement 2FA. It is 2025 and any serious service has implemented it already. The excuse during live stream about account recovery was just... Lame. It is solvable and has been solved multiple times.

sorry to hear that.

stripping the character(s), skills, jewels and divines whilst leaving the rest untouched is exactly the same pattern from the hacks around christmas.

be aware that -if you included your acc name- your account will get locked once they read your email, and the unlock process takes forever. some of us are waiting for over 40 days.

hello guys i guess we are back to this, keep bumping this post

https://www.pathofexile.com/forum/view-thread/3667200

with the info you can provide, in the mean time i'll update it accordingly + me and "my team" will try and find info if any of has CS backgroud and wants to help feel free to contact me via PM