Got scammed, any chance of help?

My brother got scammed by someone who used his email and password to login to his poe account, he now changed the email and the password. Our understanding is that someone just luckily got into his poe account, as it was some very ancient password (probably some online leak or so), he played using steam since it was introduced and we are wondering, if there is any chance that GGG can ban the account who transferred all the loot?

We are not expecting any loot back, but I believe we do have the right to know who logged in to the account and where did the loot go, so that the staff could take some action to prevent such behavior of at least this one individual.

So far GGG replied saying they can't help, but the data of who logged in to the account in the last 24 hours should belong to my brother and we should at least have some right to be able to view it?

Just seeking out for any help, so that it does not happen to others. Whatever was lost, is lost.

"

JC_GGG wrote:

I'm afraid we aren't able to assist with account-related issues via the forums. Your brother will need to continue correspondence with the team via email at support@grindinggear.com for further assistance.

If you're concerned about the security of your Path of Exile account I recommend ensuring that your account password is both unique and complex, and that you also have secured the email address associated with the account as well as any other connections your account might have (such as Steam or Epic Games) to have unique and complex passwords.

We did email, but response does not satisfy us in terms of the fact that we cannot do anything about the individual who did this and his account(-s) in particular. As stated earlier, no expectations towards the things which were transferred, but at least some form of justice.

See, the problem is that you do not provide any extra layer of security by allowing anyone to access an account as long as they know ID and password. Even if the bad actor did not have access to the mailbox itself, he was able to access the local poe account. As he was playing using steam for years now, it kind of never got to his attention, that the ID and password that was never shared could have been used for this type of abuse.

We believe that if you login from another location using a local poe account and this is considered as unusual behavior, there should be some sort of a mechanism to prevent the bad actor from getting their hands to an account that does not belong to them.

Anyway, I am just looking for an official statement, if you do provide with help in terms of taking any actions to punish the bad actor. If not, then we will save your and our time by not replying to the email thread anymore, as it looks like answer is quite generic and there's not much you are willing to do about such cases.

Ok, that gives some sort of a hope, because mailbox was not compromised and it has separate credentials, let's try our luck via email further.

Thanks for prompt responses.