"
Dude, I have a strong password and a Steam 2 level authentication. Even if it were 1234, you have to confirm on the Steam app on your smartphone if someone logs in from another PC/location. It's impossible to just hack it like that. And no there are not 5 people on Reddit. Take a closer look, there are really a lot of people who are affected. That's a pretty big deal. All YouTubers and streamers have also reported about it. I drop an expensive item, sell it on Poe Trades and a few hours I'm empty? And all those affected were people who had valuable accounts? This isn't just any coincidence. Seriously, don't downplay the problem just because you don't seem to be affected
People who talk it down like it's nothing, I wish they could experience it themselves... To be honest. I wouldn't wish that on anyone, but someone who laughs at others because of it and belittles them should feel the pain themselves when they lose everything in a game that they've put a lot of heart and soul into and that they love.
(1) only valuable accounts affected makes it seem like it is NOT a data leak, as i had been saying. (2) none of the youtubers i follow have talked about it and i think i caught all the big poe creators. people like to dramatize and spin stories. im not downplaying anything but at this point no one knows why your account was hacked and i have no reason not to trust GGG.
Last edited by Roquefort720xTreme#7938 on Jan 4, 2025, 9:25:50 AM
|
|
"
"
Dude, I have a strong password and a Steam 2 level authentication. Even if it were 1234, you have to confirm on the Steam app on your smartphone if someone logs in from another PC/location. It's impossible to just hack it like that. And no there are not 5 people on Reddit. Take a closer look, there are really a lot of people who are affected. That's a pretty big deal. All YouTubers and streamers have also reported about it. I drop an expensive item, sell it on Poe Trades and a few hours I'm empty? And all those affected were people who had valuable accounts? This isn't just any coincidence. Seriously, don't downplay the problem just because you don't seem to be affected
People who talk it down like it's nothing, I wish they could experience it themselves... To be honest. I wouldn't wish that on anyone, but someone who laughs at others because of it and belittles them should feel the pain themselves when they lose everything in a game that they've put a lot of heart and soul into and that they love.
(1) only valuable accounts affected makes it seem like it is NOT a data leak, as i had been saying. (2) none of the youtubers i follow have talked about it and i think i caught all the big poe creators. people like to dramatize and spin stories. im not downplaying anything but at this point no one knows why your account was hacked and i have no reason not to trust GGG.
Okay, I don't watch that many English YouTubers. But the Germans had almost all reported on this wave of hackers. As I said, it's not just a small thing, it actually doesn't just affect 4-5 people. There are a lot more. In any case, I know that there is no mistake on my part here. I accessed POE Trades via Steam Login and the game itself only via Steam with 2 levels of authentication. And there was no third-party access to Steam, Steam support told me that and even reset everything they could, they said the problem must be with GGG. I was only logged in via my PC and my IP. I know 2 other people who experienced the same thing and where the factors were the same. Something like this shouldn't be downplayed, but rather we should ensure that it can't happen again. People who make fun of things like that because of shitty passwords hahahahaha I wish I could experience that myself after they've put a lot of time into their account.
|
Posted byEsukho#3565on Jan 4, 2025, 9:33:24 AM
|
"
"
This makes me very wary about people who I trade with staying in my hideout after trading. Is there a way to boot players from your hideout? I tried googling it, and the only answer I found was to choose a different hideout option, which resets your hideout. If that's the only option, fine, whatever. But is there a different, better way of doing so?
I also often had people standing in my hideout and walking around for an hour. Yes, it surprised me too, but I didn't think much of it because how are they supposed to hack someone? I wouldn't know how now. But it's certainly strange!
I'm now looking forward to an answer from support. I talked to steam and the gap can only be with GGG. On steam, no external access from another IP or anything else was proven... I don't wish that on anyone, I can only recommend perhaps not trading anything extremely valuable on Poe Trade because that seems to be the case One of the factors is making yourself a target. But it's not a final solution, the gap has to be closed...
From what I gather they aren't stealing your login information and logging in that way so there is no two factor authentication to go through. Instead the reason they need to be in your hideout is to steal your Session ID which doesn't refresh until you login after logging out. The Session ID remains active while your logged out to keep everything else running while your gone and they use that to trick the game into believing that they are you as you never actually "logged out".
I could be wrong, but the biggest piece of advice I've seen is as soon as the player leaves your hideout logout and log back in to refresh your Session ID.
|
Posted byXerxezBreak#3933on Jan 4, 2025, 9:43:00 AM
|
"
"
"
This makes me very wary about people who I trade with staying in my hideout after trading. Is there a way to boot players from your hideout? I tried googling it, and the only answer I found was to choose a different hideout option, which resets your hideout. If that's the only option, fine, whatever. But is there a different, better way of doing so?
I also often had people standing in my hideout and walking around for an hour. Yes, it surprised me too, but I didn't think much of it because how are they supposed to hack someone? I wouldn't know how now. But it's certainly strange!
I'm now looking forward to an answer from support. I talked to steam and the gap can only be with GGG. On steam, no external access from another IP or anything else was proven... I don't wish that on anyone, I can only recommend perhaps not trading anything extremely valuable on Poe Trade because that seems to be the case One of the factors is making yourself a target. But it's not a final solution, the gap has to be closed...
From what I gather they aren't stealing your login information and logging in that way so there is no two factor authentication to go through. Instead the reason they need to be in your hideout is to steal your Session ID which doesn't refresh until you login after logging out. The Session ID remains active while your logged out to keep everything else running while your gone and they use that to trick the game into believing that they are you as you never actually "logged out".
I could be wrong, but the biggest piece of advice I've seen is as soon as the player leaves your hideout logout and log back in to refresh your Session ID.
Ya this is probably good advice, I'd also say to login, go to another zone as well like temple of chaos etc. just to be sure. I had to do that to flush out trade bugs, so that might be related to session ID.
|
|
|
Stop RMT-ing and don't download third party programs. The last one especially goes for a "new popular game".
And no, session IDs don't work like that. Your session ID is for access to the Trade-API. They would need your login and password OR have full remote control over your computer to clean you out.
|
Posted byarknath#4740on Jan 4, 2025, 9:56:58 AM
|
"
Stop RMT-ing and don't download third party programs. The last one especially goes for a "new popular game".
And no, session IDs don't work like that. Your session ID is for access to the Trade-API. They would need your login and password OR have full remote control over your computer to clean you out.
I never use RMT and Never use Third Party Programs so what ?
|
Posted byEsukho#3565on Jan 4, 2025, 11:11:04 AM
|
|
Don't RMT = account safe.
Of course people won't admit they are RMTing but this tends to be the cause. I myself made a post warning people about the potential issue but i'm more than 50% on it being people RMT'd and got their account compromised in that manner. We will see soon enough.
Step 1 is to self reflect.
|
Posted byRKxZlcLUUF#5704on Jan 4, 2025, 11:34:34 AM
|
|
Something else has to be going on. I find it extremely hard to believe that someone can hack into my account just because they were in my hideout.
|
Posted byN3vangel#0037on Jan 4, 2025, 11:58:57 AM
|
"
Don't RMT = account safe.
Of course people won't admit they are RMTing but this tends to be the cause. I myself made a post warning people about the potential issue but i'm more than 50% on it being people RMT'd and got their account compromised in that manner. We will see soon enough.
As I already said, I didn't use RMT, third party programs or anything else. Only POE Trade via Steam login and Poe itself via Steam login...
Last edited by Esukho#3565 on Jan 4, 2025, 9:57:15 PM
|
Posted byEsukho#3565on Jan 4, 2025, 9:56:50 PM
|
|
As a hobbyist developer, I understand that it is extremely difficult to enable 2FA on both websites and in a game client. It's even harder when you design said session to use both username, password, a ToTP, and then create a hybrid session token using both the client-side and server-side (using Redis).
It is extremely difficult, I mean, it takes me about 15 minutes to get it all set up.
|
Posted bysaviornt#2187on Jan 4, 2025, 10:09:47 PM
|
