Compromised PoE Accounts: Stolen Items and Hacked Accounts - Discussion and Leads
|
Really hope this isnt somehow another server breach, despite the announcement to the contrary, but mounting evidence is suggesting otherwise at this point.
Last edited by taosk8r#2478 on Jun 29, 2025, 12:10:45 PM
|
|
|
I'm just going to list some arbitrary words here. totally unrelated to anything else being discussed in this thread. yup.
full demi set (2 swords, 2 rings), plus all the alternates dozens of extra demi belts and rings alt art saffels frame alt art alphas howl alt art queen's decree various other smaller things, mostly related to the old race rewards one VERY nice retun proj sword crafted in settlers league RIP public profile (not anymore, though) standalone client password frequently changed and very long no emails about suspicious access "you are logging in from another location" upon logging in today definitely some backdoor admin access shenanigans NOONE IS SAFE remember: the above is just an arbitrary sequence of words. NOT to be interpreted as an official report or complaint requiring any action to be taken. I'm gonna go farm some maps in ruthless now... VERY IMPORTANT EDIT: i've just discovered that my steam account has been hacked. i can't log in to it anymore. although i did not ever (EVER) use steam to start or log in to poe, i DO have that steam account associated with this poe account in my "manage account" settings (suspiciously labelled as "Secondary Login"!) . i think i did this 6 or 7 years ago when poe/steam ran some free MTX promotion. but poe is not even listed in my games on steam. i don't understand how someone could use a hacked steam account to access a standalone poe client, but maybe... Last edited by Fightgarr#3134 on Jun 28, 2025, 6:39:52 PM
|
|
" Good idea, you dont want your account locked for weeks or more as an additional punishment. Multiple streamer victims offered this as advice, and it honestly baffles me why corporate would choose to disincentivize reporting in this manner, especially since in the cases where purchases of EA keys were made and sold, it was also too late by the time account locks were enacted, so Im not sure exactly how they are intended to be helpful with a multiple week (minimum) CS backlog. Last edited by taosk8r#2478 on Jun 28, 2025, 8:56:57 PM
|
|
|
I have gotten a reply from a reddit user that he both had 2fa enabled on steam, and never logged in with standalone. This is VERY bad news.
If anyone from GGG is paying attention here, I am happy to put you in touch with him if you wish to investigate his particular case further. Last edited by taosk8r#2478 on Jun 29, 2025, 1:14:59 AM
|
|
|
(This is Fightgarr from a few posts above, on an alt account)
OK so first of all, things have escalated, so now im officially saying that YES i got hacked earlier today. My hand has been forced. The first thing i did when i first discovered that i had been hacked was change my password, so if they were simply using my old password to access my account it wouldn't have worked for them any longer. However, I was just playing on the Fightgarr account some more (about 30 minutes ago now) and suddenly got logged out with the message "someone else has logged in to your account" or thereabouts. the bastards had returned for more! i tried logging back in, had to go through the email security code process, and successfully relogged, but 2 seconds later i was logged back out with the same "someone else has logged in" message. after sending an urgent email to ggg support asking them to lock down my account (which hopefully they see soon, but it's already 6PM for them), and not knowing what else to do, i repeated the login process several more times, each time getting kicked out in the same way, but eventually GGG locked the account and wouldn't let me try to log in anymore (which hopefully means the hacker is locked out as well but who knows). each time i was re-kicked from my login, it only took the hacker a few seconds (especially once they realized i wasn't going to give up, i guess... practically instant re-logs by them). so they are DEFINITELY not going through the normal login process. they certainly were not waiting for security emails from ggg to enter access codes like i was! hope this helps with the investigation, and pray for my remaining items guys... Last edited by FITEGARR#7635 on Jun 29, 2025, 4:12:26 PM
|
|
|
^To make it clear on the above post prior to edits I have asked him to consider, he has said they logged in multiple times AFTER he changed his password due to the initial hack in communications on my subreddit for collecting evidence.
There are now multiple streamers either removing or not restoring instantly automoderated comments related to the hacks edit: now carefully worded comments are sticking on one, direct comment replies not, but root comments are (so the streamer who infrequently posts content wont see it), but in the case of SirGOG the comment was up for multiple days before he posted more content, and then it was removed. It was a direct reply to one of his comments to insure he didnt miss it. Sad. Made another asking about it which is sticking. Edit: New content is up and the comment isnt removed this time. Feel free to follow this sub for further info: /r/GGGHackVictims Last edited by taosk8r#2478 on Jun 30, 2025, 2:24:48 PM
|
|
|
If anyone needs to collect their account purchase details prior to contacting support, you can do this the hard way by collecting screenshots, or the 'easy' way by using this script. If you fail to provide GGG support every detail, they may be unable to restore access to your account, however, and it may take several hours (it took someone else 6) to get through the entire email process, so you might want to insure you are well rested prior to beginning it, and that there are a good number of hours left in GGGs business hour time zone.
https://github.com/DanielTaranger/poeTransactionCounter Last edited by taosk8r#2478 on Jun 29, 2025, 4:46:29 PM
|
|
|
Fite has now scanned his system with the VERY strong Kaspersky and 'several other' AVs and found nothing. Pretty conclusive at this point that he didnt have a keylogger, IMO.
Not a whole lot of possibilities remaining as to what could be happening, considering, as mentioned, that he had multiple logins from the hacker AFTER he changed his password. Edit: IFL I cant imagine much new information that requires more investigation at this point. What needed to be known is known, my conscience feels pretty clear on that point. I struggle to imagine what it must feel like to lose so many race rewards as a closed Beta supporter (they basically cleaned out everything of value), and know you will never recover them. There arent enough Magebloods, Headhunters, or mirrors in the game to compare to such a loss. Honestly, if this was my company, this would be special exception time. Id make it so if he signed an NDA and agreed to have his account set to permanent private, and part of the NDA was he could never list returned items on trade (not that there is any chance he ever would), dupes of his lost items would start randomly dropping next league and continue until they were all returned. It would, ofc, be better if there was a way to set a flag on them to make it impossible to list them, but that might not be technically something that could happen. Now, some might say this wouldnt be fair to all the other victims, and I would answer that by pointing back to the previous paragraph. I also cannot comprehend the harm caused to the company when this happens to the host of a podcast which recently had a debut episode with 2 of the most well known streamers in the game, and a GGG employee that was also a former podcast host who the community has barely heard from since he joined the company (edit: uh, I might be completely mistaken on that point). He was considering scrapping the podcast entirely! While IDK where that stands, at least the community managed to encourage him to return to the game for now, but the mental toll on such a luminary of the community is extremely damaging and concerning. I sincerely hope this never happens again, hence the reason for my intense drive on the matter. Last edited by taosk8r#2478 on Jun 30, 2025, 6:10:10 PM
|
|
" PoE does not need to be listed on your steam profile, what matters is that you had your steam account listed on your PoE profile, as a secondary login. Seems like you got hacked thru your outdated Steam account info. Primary and secondary account login methods listed in your PoE profile act as backdoors to your account. Hacker's don't need access to your e-mail account, nor are they blocked by location, when using an outdated "preapproved" login method. They also don't care what your primary login method passwords are because they are using a secondary login method. Hypothetically, a primary login method using a 32 character password that changes every 10 minutes means nothing when there is a stagnant secondary login method on your account which is protected by the password "Password1". Just in case its not clear from above, you gave that steam account pre-approved access to your PoE account 6 or 7 years ago. That is how they got into your account despite you changing your password: 2 passwords were valid for your account. Your standalone password and your outdated steam password. I don't believe this is entirely your fault. I bet during the admin panel hack, they looked at your account and saw you had a steam account profile linked to it. Armed with your steam profile name and ID #, they were easily able to locate your forgotten (and outdated) password. Last edited by PoE#8983 on Jun 30, 2025, 12:52:04 PM
| |
" If your theories are correct here (and I would assume GGG knows one way or another by now), this begs the question: Is it even possible at this point to prevent it from happening in the future without something drastic like forcing pw resets on every account? Last edited by taosk8r#2478 on Jun 30, 2025, 2:39:37 PM
|
|
