"
1. Change your password - make it unique(as in never used before). Go for 24+ characters.
2. Don't do RMT. Those responsible for this campaign are very likely RMT traders. Don't go to the websites, click on the links, talk to them, don't do any such thing.
3. Try to stay away from open-source software like trade macros and such for the time being, unless you know how to read the source code, check for vulnerabilities, or very much trust the dev.. This is not to accuse the devs of these apps of being malicious, nor to say they aren't, but these may not be safe.
4. Try to stay off of any PoE related third-party content sites for the time being. Including sites popular for build guides and such wikis.
these sites could be vulnerable to numerous exploits(XSS, CSRF, etc). Try to stay off of anything that could be leveraged against you in a Watering-Hole type of attack.
(You can use something like https://www.browserling.com which will give you a browser window in a virtual machine, so your machine is not exposed).
5. If you have been compromised, reset your browser to its default settings, removing any and all cookies and extensions. Delete any accounts or software you've made/installed before you were breached, go back to step 1.
----------
Hopefully this is just ppl being hacked b/c they are clicking on ads for RMT, or re-using/using weak passwds. Hopefully there was no data breach at GGG or anything.
The rest is up to GGG, they must implement modern security best practices as soon as possible.
Stay safe, Exiles.
one of the big sites got hit recently. Many people from albion got hacked who were buying some of that secret sauce. Not only will you likely get banned, youll also likely get hacked. just play the game like the rest of us.
Step 1 is to self reflect.
|
Posted byRKxZlcLUUF#5704on Dec 31, 2024, 1:32:22 AM
|
|
Well, it looks like it was in fact an account takeover and an admin acc for GGG was compromised.
They mentioned the threat actor was deleting the log after changing users passwords.
Hopefully GGG will implement some alerts for and better manage their admin accounts. If the account wasn't in use it should have been disabled, the steam account should have been unlinked, etc.. They know.
I hope the employee who maybe had some PII leaked elsewhere, as Jonathon suggested, (which was the info the threat actor used for verification to take the account with steam support) is OK and didn't suffer too bar.
GGG, I think still you should add support for MFA.
|
|
|
Change your password is the only actual advice. Everything else you said is irrelevant.
|
Posted bykamiknx#1162on Jan 13, 2025, 3:14:45 PM
|
"
Change your password is the only actual advice. Everything else you said is irrelevant.
I don't think so. This was good advice for an unknown situation.
None of this advice would have stopped any accounts from being compromised, not even changing the password. The Threat Actor wasn't taking passwords, they were reseting them, then deleting the log, according to Jonathon.
|
|
"
"
Change your password is the only actual advice. Everything else you said is irrelevant.
I don't think so. This was good advice for an unknown situation.
None of this advice would have stopped any accounts from being compromised, not even changing the password. The Threat Actor wasn't taking passwords, they were reseting them, then deleting the log, according to Jonathon.
The devs literally explained what happened. And if people change their passwords there's nothing the hackers can do anymore.
|
Posted bykamiknx#1162on Jan 13, 2025, 5:29:37 PM
|
"
The devs literally explained what happened. And if people change their passwords there's nothing the hackers can do anymore.
You misunderstood something.
The person(s) had access to one of the GGG Admin accounts. Therefor they did not need any password for the player accounts that got "hacked".
They simply used an admin tool from GGG to set a new password for a player account and then delete the log entry for that change. Players changing their password would have done nothing in this particular case.
|
Posted byAvaricta#4758on Jan 13, 2025, 6:44:03 PM
|
