Account Security and Theft Policy - READ THIS

"
Kortak wrote:
"
i got hacked recently because i was stupid enough to check out that maphack ( yes i know own damn fault ) well i learned my lesson, now i was wondering is ther anyway to check if the keylogger is still in my system, i already changed my pw twice so then cant use my old pw anymore, thx for all help upcoming.


cheater...hope they ban you


well i think i been already punished enough that everything i owned b4 has been removed, also i never used the maphack i downloaded it and opened it, that was my fatal mistake, so i had to start all over again. btw is ther anyway to check if i still have a keylogger in my system ?
Well this is great heads up, chris, i m sure there are lots of ideas on how to protect users items, gems, and characters. But some times its just a simple feature that is needed, like if a player wants to delete a character they have to type answer a question that only they would know when they set up the account. i.e. the mothers age, or mothers name. simple but it works. as for items and gems, it would seem that another level of security would be needed to a)allow users to MAC address lock their accounts they would only allow transactions dealing with items to only be done from a pc with the matching Mac address. i m sure these have already been said, but it seems logical to add them as another step or layer of security.

keep up the great work. thx
one method to prevent getting hacked is using different poe accounts for website and game client.

it gives some security on public computers but a virus on my gaming pc could still steal my configfile with the game login information.
offline
I can understand where GGG is coming from, but if this is the policy and I ended up getting hacked with my characters emptied, I would probably just stop playing. As a company they have to do what the deem necessary to preserve the community and I think they do a good job, but I have no interest in starting over. That being said, If I do get hacked its probably my own fault to begin with.
Last edited by slavikemperor on Feb 13, 2013, 12:21:08 PM
I might recommend some kind of authenticator system. Guild Wars 2 uses Google Authenticator, which is available on a wide range of devices.

A security tip for some people is to also take advantage of email aliases if your email provider allows them. Gmail allows this, not sure of any other provider though.
Path of Exile in Eyefinity: https://www.pathofexile.com/forum/view-thread/1320584
"
Panda413 wrote:
"
Chris wrote:

Don’t enter your password anywhere except the official site and the game client. Make sure the site says "Grinding Gear Games Limited" when you click the lock icon next to the address.


What about these vendor/inventory chrome extensions whose author's claim are GGG approved and won't steal your password?


I am also curious if this chrome extension is GGG approved or potentially a free access to my account/password.
As it is mentioned in the FAQ and sticky on this forum I guess it is safe. A comment with yellow borders would be nice, though.

Regards!
Last edited by Name_Exists on Feb 14, 2013, 8:32:20 AM
Hey, 25 minutes ago someone stole my account, deleted all my characters and took my items from stash. I think someone knew my account pass from app for chrome (i tried get some info about exchange rate of orbs and I download app, it didn't works so I ignored that). Please support could you try check database and if it's possible restore my characters? I had 55 or 54 shadow with nick Esgreal, shadow 51 ChiefSushi and other. I would be grateful for some info about that. That app names "poe 0.11" or something like that.
Ps. I knew that was stupid but ironically, I didn't want to get robbed trading items.
"
Unfortunately, we cannot restore any items lost to theft. One of the most important things about Path of Exile is its online economy, and if we performed restorations on demand then the economy would be flooded with duplicated items. We've seen this in other games (where the game companies restore compromised items and create a massive economic problem in the game).


So for the first time in 15 years, I had a problem with a game account. A scan of my system with a different AV revealed some 'possible' issues but nothing overly suspicious. Regardless of the details, let's talk:

This approach is fundamentally flawed. There's no need for there to be duplicated items: the items that were transferred off the account can either be removed from the place they were transferred to (which should be done to find out the account used in association with hacking anyway) and restored. This is fundamentally an unsound justification for a policy that hurts customers.

Second, there's a need for two-factor auth. It's standard issue when anything of value is concerned, especially in video games. More disturbing: if a second person logs in while I'm active, *I* get kicked. That's *INSANE*. If someone else tries to log into my account while I'm playing, they should be blocked and I should get an email saying someone else tried to log in.

Third, there should always be some sort of location-based authorization. Steam requires you to validate when you log on via a new computer, some games require verification when the IP address changes. That something like this isn't in place is disturbing.

This "great pain" felt by GGG simply *will* cost customers in the long-term. I like the game so much (spent a ton of money supporting with silliness and I've only been playing a few days) that I'm willing to tough it out & see if this happens again, but other people likely won't be as forgiving.

As a developer, I'm sure you understand that you can design for a world in which things never go wrong, but you have to have tools in place when that fails.
Last edited by cabiz on Feb 15, 2013, 3:59:04 AM
"
cabiz wrote:

Third, there should always be some sort of location-based authorization. Steam requires you to validate when you log on via a new computer, some games require verification when the IP address changes. That something like this isn't in place is disturbing.

every feature which is able to lock out customers is generating thousands of support requests which need to be handled by the 8-10 support people over at ggg.

after they got some money chris said they try to increase the support team but the first priority always was to get the game up and running smoothly and stable then open it to the public.

i never saw any report about account theft in closed beta, the issue has just risen recently and i'm sure ggg will handle it if the number of hacked accounts goes up to a certain limit.

offline
"
cronus wrote:
every feature which is able to lock out customers is generating thousands of support requests which need to be handled by the 8-10 support people over at ggg.

1) That's just not true. Yes, it will generate some support requests. But the lack of these tools *also* generates support requests.

"
i never saw any report about account theft in closed beta

There are a lot of reasons it wouldn't have been an issue in closed beta, that are irrelevant to the current security problems.

Report Forum Post

Report Account:

Report Type

Additional Info