Compromised PoE Accounts: Stolen Items and Hacked Accounts - Discussion and Leads

They have revealed one issue with a social engineering hack, there is seriosuly more than 66 affected individual accounts, (yes they only know that logs were deleted on 66 account and not if more was affected), on this forum alone there is more than 100 threads about hacked accounts in the past month alone. Steam has a whole bunch and then there is hacked individuals who dont play anymore who doesnt know, hacked people who did not write posts.
Either the damage from this hack is a lot bigger than they know or the more likely scenario, that there is atleast a 2nd / 3rd hacker party who is doing stuff, people have already shown that they accidentaly logged into others accounts.. All im saying is, this isnt the only issue.

I still dont have answer after they asking provide information for restore acesss to account. I did provide first payment's since dec19 they never answer. Guess im on the list with deleted account logs... Hope they restore acess before new economy reset in PoE2 or league in PoE1, it's allrdy takes almost 30 days...

"

derilzdota#2658 wrote:

I still dont have answer after they asking provide information for restore acesss to account. I did provide first payment's since dec19 they never answer. Guess im on the list with deleted account logs... Hope they restore acess before new economy reset in PoE2 or league in PoE1, it's allrdy takes almost 30 days...

I've been waiting for a response from support for 20 days. Haven't played since then. And it's certainly not just 66 accounts that were hacked, that's just 66 accounts where they recognized it from deleted notes... In any case, I'm not starting at 0 because of their mistakes. If he don't even try to make amends even though the fault is yours then that's it for me.

"

Feel_Fried#1014 wrote:

"

Crainus#7059 wrote:

if you read the post you would know they got into PoE then after some time i was also disconnected from steam, 1st PoE then Steam.

You was logged out from PoE cuz PoE is not allowing several logins at the same time.
You was logged out from Steam cuz haker logged INTO YOUR STEAM and then pressed "logout from all devices" button in Steam settings.
Conclusion - you got your STEAM account hijacked not PoE cuz PoE admin can't log you out from a god damn steam LOL.
https://store.steampowered.com/account/authorizeddevices - big red button at the bottom

yeah he entered my steam without triggering 2fa xD which is not something which is normally possible thats exactly my point, even if overwolf stole the files you are talking about with kernel lvl access steam checks for PC specs + location so its impossible not to trigger 2fa. it cant be overwolf + stealing some files belive me that makes no sense xD

The major German gaming media is finally reporting about it openly :)

https://www.gamestar.de/artikel/path-of-exile-2-hacker-items-gestohlen,3425821.html

GGG posted it but hidden from main page news:
Data Breach Notification
https://www.pathofexile.com/forum/view-thread/3694333
so they are telling that hackers got an unknown amount of private information which could be used for email reset procedure later -_-

The post basically explains every single hack through standalone that happened before the admin acc was reset.

They had access to your account name, email address, IP address, current unlock code and the ability to change your password.

If you had a re-used password, theres a chance that your associated email was found on a leak-list (together with the password) - and together with the acc name, IP and unlock code the hacker could just get in (apparently without triggering the location email, which isnt bound to your hardware).
If you used a strong, unique password (the "66 accounts") - well, he just changed it. Same result.


Nothing on the user side could have been done to prevent this hack, he just got too much power from GGG. It wasnt just 66 accounts, the number is way higher - they just didnt have to change the password in those cases.

What happened to those that had no standalone account, or got hacked recently, is still unclear.

Actually, the ones that got hacked recently - the hacker doesnt have access anymore, but could have stored all the data. If your password is reused, theres a chance that youre still getting hacked.

Make sure to change your passwords.

Sooo its definitely a ggg problem at this point second account ive had stolen divines and im on xbox with zero trades zero friends zero add ons.. Jst basic provided stuff. Yet they still steal my stuff definitely a ggg problem waisted over hundreds of hours played through with several characters to level 80 and now im just sorta like f this game atm

"

Wrath 3k#8246 wrote:

Sooo its definitely a ggg problem at this point second account ive had stolen divines and im on xbox with zero trades zero friends zero add ons.. Jst basic provided stuff. Yet they still steal my stuff definitely a ggg problem waisted over hundreds of hours played through with several characters to level 80 and now im just sorta like f this game atm

your the second case we hear about on xbox. how do you login into PoE ? what info could they have acessed ?

"

justanotherlockedaccount#3122 wrote:

What happened to those that had no standalone account, or got hacked recently, is still unclear.

A week ago, my friend got robbed. He played only through Steam, didn't link his email. After he got robbed, he went into his account settings and found out that hes account had been linked to an email he didn't know.