Compromised PoE Accounts: Stolen Items and Hacked Accounts - Discussion and Leads

"

Crainus#7059 wrote:

especially since it can’t bypass 2FA even by stealing files. As I mentioned earlier, with a quick Google search, you’ll find that even with stolen session files, 2FA remains intact.

I've just tryed to copy all my Steam auth files as well as configs and registry records to my second PC, then used VPN to change my location and guess what - I was able to login into steam without 2FA requests at all, badabums.

"

Crainus#7059 wrote:

PoE's account system xD

but "haker" logged into your steam? aren't he? xD

i doubt that xD

"

Feel_Fried#1014 wrote:

"

Crainus#7059 wrote:

PoE's account system xD

but "haker" logged into your steam? aren't he? xD

if you read the post you would know they got into PoE then after some time i was also disconnected from steam, 1st PoE then Steam.

"

Crainus#7059 wrote:

if you read the post you would know they got into PoE then after some time i was also disconnected from steam, 1st PoE then Steam.

You was logged out from PoE cuz PoE is not allowing several logins at the same time.
You was logged out from Steam cuz haker logged INTO YOUR STEAM and then pressed "logout from all devices" button in Steam settings.
Conclusion - you got your STEAM account hijacked not PoE cuz PoE admin can't log you out from a god damn steam LOL.
https://store.steampowered.com/account/authorizeddevices - big red button at the bottom

Does PoE store payment information? And can an Admin check that payment information and/or other personal information that is stored?
If yes, can't the malicious user just check that and social engineer his Steam account via Steam Support aswell?

And if we take this further. He wouldn't need to create "notes" anymore to leave even less tracks.

Very curious about their news post
So far I only partially trust their explanation.

must say that getting hacked by (a) ggg (account) was less frustrating than getting locked and forgotten by ggg afterwards.

ggg, please add some resources to your unlocking team.

"

Feel_Fried#1014 wrote:

am... ok someone got access to old steam account of someone from GGG...
but OP got HIS steam account hijacked, it can't be done throught any GGG admin account, even all of them together, plus GGGs Steam account wouldn't grant access to CHANGE users passwords, that's not how DBs works LOL

The only real explanation - OP installed malware on his PC, or logged into steam through third party phishing site.

'ok so someone got access to an old steam account from GGG'

Uhh... So we not talking about that they don't have a company vpn or personel mfa to access their admin boards? Can anyone who hacks into an employees steam acces their boards, like wtf? We're still waiting on the legally obligated notice btw

Nah too busy victim blaming and bootlicking GGG.

A week before the official info there was a reddit post claiming that someone was selling or have access to the *admin panel* that having ggg worker (link somewhere in this thread). If you can unlink a poe account from one steam and link it to another, or use somethink like mail or SuperID (dunno wtf it is, this is from reddit pic post) for standalone client (even if you use steam - you still should have login or any hidden id to enter the game), so 2fa is not needed and not triggered.