I...just lost my account.
|
Before I go on, I want to say that I AM NOT POINTING ANY FINGERS. I'M JUST TRYING TO FIGURE OUT WHAT HAPPENED AND WOULD REALLY LIKE SOME INPUT.
First some background information: I have not downloaded any unofficial software or visited any sketchy websites recently. (I use my mac for that...haha...) My email and game account use two completely different passwords. They are not related in any way whatsoever. They're also quite...unorthodox so I'm not sure how brute force-able they are... I highly doubt I was infected with a keylogger...but who knows. Here's the story: About 20 minutes ago, I checked my email and there was a "password reset" email in my inbox. I ignored it, and tried logging in to POE on the website - password wrong? I checked my email again and there was an email about someone accessing my account from China - so this time I requested a reset password link and reset my password. While patching POE, I checked the website and saw all my currency in my inventory instead of stash. I log in, and my currency is gone. While logged in, I changed both my email and account passwords (to different things, once again), tabbed in to see that I was logged out in-game. My password had changed again, and once I changed my password yet again and logged in, all my quality gems were gone. Throughout this entire time, the "reset password" and "access from china" emails were being systematically deleted from my inbox. EVEN after I changed my passwords on everything, my account email was then changed to a spam one. And I have no way of getting it back, short of contacting customer service. I guess I'll do that tomorrow...when I am feeling a little less frustrated. Again, I am really not looking to blame anyone but I just want to hear some possible explanations. I am adamant that I have not been infected, and so far this breach seems to only have affected my Path of Exile account and email... What I think happened: the hacker first obtained access to my email...then reset my POE password, bypassed the unknown/foreign access check, and continue changing my password until they took what they wanted and then changed the email to log in with. The scary thing is that I was logged into my email and game account basically watching it happen...It clearly wasn't a random email hacking too because my POE currency was their goal... Anyway I realize this is a lot and I would appreciate any insight. I'm probably off to do a scan of my computer just to be sure. |
|
|
The simple fact that your email and account continued to be accessed even after changing your passwords pretty much says that your PC is compromised and you most likely have a keylogger of sorts on there. Otherwise, once you changed the password, they wouldn't have the new password and wouldn't be able to log in as you.
Lemme dig up my copy/paste post for your information and hopefully it will help you out. |
|
|
If you've found your account compromised, probably the best thing you can do is clean your machine and then change your passwords (or change your passwords immediately, but only from a known-good system like your cell phone browser or something).
That goes for both your PoE password as well as your email password. Also make sure both passwords are unique (never been used before) and that they are not the same as each other (always make your passwords between systems different to prevent a full compromise if they gain access to one of the passwords). I'd also recommend that if you're using gmail to enable their 2-factor authentication system (called 2-step verification in the account security page) to better protect your email account. If you're not using gmail, then I recommend you create a gmail address, do what I mentioned above, then contact support at the email address in the Contact Support link at the top of this page and they'll be able to assist you in attaching the new email address to your account. They will not restore any items/characters as they have a zero restore/rollback policy. But if you have any microtransactions, those will remain on your account and can be used again, so you wouldn't have lost any real life money. Good luck. |
|
|
Thanks for the feedback. I am currently making sure my system is clean, and I changed my email password + added 2 step verification.
Now the thing is, I have literally downloaded nothing but powerpoint presentations and genuine/safe pdf attachments from my school email to study for finals. A quick look at my browsing history will show that I visit the same few sites daily, and I am quite sure they are safe. I totally get what you're saying, and everything is pointing to a keylogger...I am just having a hard time believing it. :\ This is a relatively new machine I'm using and over the years I've learned to be very careful with what I do online. But still, I'll take your advice to heart and make sure my computer isn't compromised. A quick malwarebytes scan came up empty and I'm running a full one at the moment. I really hope something comes up or otherwise I'm gonna be very very confused. EDIT: Currently in the process of getting my account back, customer support is prompt and helpful. I don't expect to see anything of value left on it but that's alright...wouldn't be terrible to start fresh I suppose. Last edited by whatjusthappenedtomyaccount#6921 on May 29, 2013, 12:55:18 AM
|
|
|
It's worth running MBAM in safe mode. I'd also suggest looking at either Zemana or Spyshelter anti-keylogging applications. I doubt they'll find anything, but I believe they both offer free trials and there's no harm done.. If you're a reasonably technical user, you should be able to discover the presence of a keylogger using something like netstat. I'd also recommend using a password manager, something like Lasspass or Keypass.
Last edited by Kellog#5737 on May 29, 2013, 9:00:04 PM
|
|
|
I will definitely look into your suggestions (especially those free trials), thank you!
EDIT: Full scanned with malwarebytes antimalware twice, once in safe mode. Nothing. Checked for suspicious established connections using netstat; nothing. Installed Zemana, no hits. Last edited by whatjusthappenedtomyaccount#6921 on May 29, 2013, 4:02:13 AM
|
|
|
There is no keylogger involved.
What happens is that if a 3rd party gains access to your email, even if you change the password they still have the opened email session. In case you use gmail, this is what you need to do is the following: 1. Change password as normally 2. Go back to Gmail Inbox, scroll all the way down and on the right you will see this: Last account activity: XX minutes ago Details 3. Click the Details 4. Click the "Sign out all other sessions" button <- what this is I think it to expire all cookies generated for your account except the one you are using on the current computer. The end result will be the hacker's session will be disconnected. You will not be put in this position again, due to the 2 step verification that you activated, but is good to know (also for all that are reading). |
|
" Thanks for the info! My wishlist: Hi-res digital artbook
Allow spaces in character names Vulkan and Linux support Opensource the game |
|
|
The simple explanation is that your email account/password was compromised and like kiorull said, they kept the inbox open once they gained access.
Keyloggers and the like are actually pretty uncommon things on the internet these days. Unless you're going to really dodgy sites with bad security, or you get suckered into a phishing scam it's far more likely that your password was either re-used from another compromised source e.g. you used the same password on some forum years ago (this is by far the most common way accounts are stolen) or if it's a really old password it may have been brute-forced. Unfortunately there's not much I can say other than make sure every website and account you use has a different password. If you send an email to support they will be able to restore the email address for access, but there's a good chance all of your items are gone. Your characters might still be there. IGN: SpudOfDoom | The Exiled - Path Of Exile's oldest clan Last edited by SpudOfDoom#5115 on May 29, 2013, 6:32:44 AM
|
|
|
Makes sense, very valuable lesson learned today... The good news is that losing all of my stuff is actually a little motivating to start fresh again.
Thanks for all of your help. |
|
