Data Leak and Stolen Accounts

"

saviornt#2187 wrote:

As a hobbyist developer, I understand that it is extremely difficult to enable 2FA on both websites and in a game client. It's even harder when you design said session to use both username, password, a ToTP, and then create a hybrid session token using both the client-side and server-side (using Redis).

It is extremely difficult, I mean, it takes me about 15 minutes to get it all set up.

At first I was going to object, but after reading to the end, the joke succeeded and I totally agree with you.

"

XerxezBreak#3933 wrote:

"

Esukho#3565 wrote:

"

Draelik#3433 wrote:

This makes me very wary about people who I trade with staying in my hideout after trading. Is there a way to boot players from your hideout? I tried googling it, and the only answer I found was to choose a different hideout option, which resets your hideout. If that's the only option, fine, whatever. But is there a different, better way of doing so?

I also often had people standing in my hideout and walking around for an hour. Yes, it surprised me too, but I didn't think much of it because how are they supposed to hack someone? I wouldn't know how now. But it's certainly strange!

I'm now looking forward to an answer from support. I talked to steam and the gap can only be with GGG. On steam, no external access from another IP or anything else was proven... I don't wish that on anyone, I can only recommend perhaps not trading anything extremely valuable on Poe Trade because that seems to be the case One of the factors is making yourself a target. But it's not a final solution, the gap has to be closed...

From what I gather they aren't stealing your login information and logging in that way so there is no two factor authentication to go through. Instead the reason they need to be in your hideout is to steal your Session ID which doesn't refresh until you login after logging out. The Session ID remains active while your logged out to keep everything else running while your gone and they use that to trick the game into believing that they are you as you never actually "logged out".

I could be wrong, but the biggest piece of advice I've seen is as soon as the player leaves your hideout logout and log back in to refresh your Session ID.

Are you sure it works like that in POE2? I am not, as when you crash you relog and you're instantly at the point you logged out. Your maps are still there, portals are there. If it were a fresh session ID wouldn't all those portals be gone? Like it is the case in POE1?

What Happened to Me:
Like many others, I was using Steam's 2FA and never shared my account details or used any third-party tools. Despite this, my account was compromised, and I lost everything. The common pattern among all affected players seems to be that we traded expensive items via the official Path of Exile Trade website (POE.Trade).

The Session ID Theory:
Here’s what I think might be happening:

When you trade with another player, they enter your Hideout, and you complete the trade as usual.
Some players reported that certain "buyers" remained in their Hideout for a long time, even after the trade was finished.
In Path of Exile 2, it appears that session IDs remain active for up to 15 minutes after logging out. This is likely intended for convenience—so if you crash or disconnect, you can resume your progress seamlessly.
Hackers might be exploiting this 15-minute window. By staying in the Hideout, they could be waiting for the player to log out and somehow hijack the active session to gain access to the account.
Alternatively, the issue could be tied to the POE.Trade website, as it also uses active session IDs after logging in with 2FA. If this system is compromised, it could explain how hackers are bypassing additional security measures.
Why Only Wealthy Players?
Another notable pattern is that the victims are not chosen randomly. Hackers seem to target players who recently traded rare or expensive items. In my case, I had just sold a valuable gem worth 100 Divines, and shortly afterward, my account was cleared out.

What Needs to Be Investigated:

Are session IDs being hijacked either in-game or through the trade website?
Why are only certain players being targeted, and how are their accounts identified?
Is there a security flaw in how session IDs are managed during trades or on POE.Trade?
To the Community:
If you’ve experienced similar issues or noticed suspicious behavior, please share your experience. We need to raise awareness and ensure this reaches GGG's attention.

To GGG:
I’ve always supported Pa

Thank you for reading, and I hope this helps others avoid falling victim to the same problem.

"

Esukho#3565 wrote:

they could be waiting

They can also not wait, but crash your client with Mahuxotl bug. Happened with my friend today.

feel free to compare your experience to those on this post, i would also recommend posting here what happened and your opinions so GGG can take a notice and try and help

https://www.pathofexile.com/forum/view-thread/3667200

if you go to the extra info you can find that GGG does restore items but only if they have a proven vulnerability

"

Crainus#7059 wrote:

feel free to compare your experience to those on this post, i would also recommend posting here what happened and your opinions so GGG can take a notice and try and help

https://www.pathofexile.com/forum/view-thread/3667200

if you go to the extra info you can find that GGG does restore items but only if they have a proven vulnerability

Thanks, I replied to you in your post.

I really hope that GGG does something and speaks out about it and doesn't ignore the fact that there was never a security gap, etc. The people who lost everything and the others who are afraid the same thing could happen to them deserve an answer .

There doesn't have to be a security breach on GGG's side, however PoE is so poorly designed in few angles that players are pretty much forced to use a 3rd party software to have some basic QoL.. such as PoB, Awakened Trade, Loot filter and more.

GGG has the funding to solve these QoL things ingame. Honestly QoL to the difficulties they created in the first place by game design. I find this quite annoying from a company of this scale as GGG.

"

Sargoth_CZ#3391 wrote:

There doesn't have to be a security breach on GGG's side, however PoE is so poorly designed in few angles that players are pretty much forced to use a 3rd party software to have some basic QoL.. such as PoB, Awakened Trade, Loot filter and more.

GGG has the funding to solve these QoL things ingame. Honestly QoL to the difficulties they created in the first place by game design. I find this quite annoying from a company of this scale as GGG.

Neversink loot filter is the only one I used. So apart from the Poe Trade website and Poe2 itself

Just came back to game and saw all my Divines were gone. This game will lose players extraordinarily fast if they can't fix this.

"

overt1me#0812 wrote:

Just came back to game and saw all my Divines were gone. This game will lose players extraordinarily fast if they can't fix this.

Sorry for you :/ I'm about 125 Divines worth of gear gone. Support hasn't contacted me yet either. I wrote a ticket 7 days ago