Announcements - Data Breach Notification - Forum

PoE 1 PC servers are restarting now. They should be back up in approximately 3 hours and 0 minutes.

PoE 2 servers are restarting now. They should be back up in approximately 20 minutes.

PoE 1 Xbox servers are restarting now. They should be back up in approximately 3 hours and 0 minutes.

PoE 1 Sony servers are restarting now. They should be back up in approximately 3 hours and 0 minutes.

PoE 1 PC servers are undergoing maintenance. Some features will be unavailable.

PoE 1 Xbox servers are undergoing maintenance. Some features will be unavailable.

PoE 1 Sony servers are undergoing maintenance. Some features will be unavailable.

PoE 2 servers are undergoing maintenance. Some features will be unavailable.

Don't bother asking questions because they apparently don`t answer them. 19 pages, with many legit arguments and questions and 0 responses from GGG support. This issue is way more important than the 0.1.1 patch. Last edited by bawaaji#1185 on Jan 15, 2025, 11:16:17 AM	Posted by bawaaji#1185 on Jan 15, 2025, 11:14:03 AM Quote this Post
" Genstein#2693 wrote: This needs to be pinned to the front page. +1	Posted by Joyee5500#8186 on Jan 15, 2025, 11:14:37 AM Quote this Post
Why is this not visible like other announcements? Why no social media postings, discord ping? Why are customers not being contacted individually, as mandated by GDPR?	Posted by what777#2651 on Jan 15, 2025, 11:25:27 AM Quote this Post
So, is there any compensation?	Posted by xiechao8555#2704 on Jan 15, 2025, 11:38:12 AM Quote this Post
Hello GGG, let me introduce you to our European friend called GDPR.	Posted by Hikara#7894 on Jan 15, 2025, 11:50:58 AM Quote this Post
" mbitsu#0616 wrote: " BowWizard#1239 wrote: GGG are legally obligated to disclose a data breach to authorities and their customers. In the US and Canada they must do so within 72 hours of knowing of the breach. The EU likely has similar requirements. It gets worse because players were raising tickets weeks ago and yet there was no response from GGG, so they are way outside the 72 hour window. It will be up to the authorities to determine what, if anything, they will require GGG to provide to customers in the form of things such as consumer protection services, fines against the company and other measures deemed appropriate, such as additional audits and reporting (their auditors should also be under the microscope) based on the scope of the breach. By their own admission they did not have logging in place and certainly no alert notifications. They cannot tell exactly ow wide the breach is and if any other accounts have been compromised or there is an Trojan horse in place. They've a long road ahead to regain trust and they better start communicating better to the player base. Where does all this pressure come from? Think about it.. the developers are working hard to make the game you play better. They have rework, tons of content to work on. And you're asking for some kind of compensation. Does the game work? Yes! Is there progress? Yes! Moreover, the problem is old and, as you can see, not critical. Do you want people to sit and dig through gigabytes of logs all day to help the victims? When the development itself is in full swing and deadlines are missed. Nevertheless, people working on POE also need to rest. So, say words of support and gratitude instead. Or do you want such minor problems to be responded to immediately? This never happens to anyone! Personally, I don't know of any project where such problems could be rolled back. Security breaches aren't minor issues - especially when the breach involves PII - personally identifiable information, so yes, I, and the government agencies that oversee such things, expect this to be a higher priority then game development.	Posted by BowWizard#1239 on Jan 15, 2025, 12:15:00 PM Quote this Post
Anyone involved in refusing to implement 2FA needs to be fired or removed from leadership/decision making processes. Accidents are forgiven, but intentional disregard for you clients/customers/employees combined with utter negligence is actually considered criminal in some industries (healthcare, finance, etc.). Your leadership should be ashamed and held accountable just like we would be at our jobs.	Posted by Arrcanos#7987 on Jan 15, 2025, 12:28:46 PM Quote this Post
" The attacker also viewed account information for a significant number of accounts through our portal. For those accounts they got access to the following private information: Email Address if the account had one associated Steam ID if the account had one associated IP Addresses that the account had used Shipping address if the account had previously had physical goods sent Current Unlock Code for unlocking accounts locked due to logging in from a different region Will you be notifying people directly if their account was accessed / private information was viewed?	Posted by Acidic#8375 on Jan 15, 2025, 2:23:34 PM Quote this Post
Anyone who falls under GDPR can file a claim against GGG if they like.	Posted by BruceAE#4780 on Jan 15, 2025, 2:33:29 PM Quote this Post
General Data Protection Regulation (GDPR) does not explicitly require 2FA (two-factor authentication), but it does mandate implementing appropriate technical measures to protect personal data, making 2FA a strong consideration for achieving robust security and demonstrating compliance with the "privacy by design" principle within the GDPR framework. I feel like adding 2fa might be in your guys' best interest right now.	Posted by Mqe#2759 on Jan 15, 2025, 2:58:49 PM Quote this Post