English Português Brasileiro Русский ไทย Deutsch Français Español 한국어
Path of Exile
Forum Index»Announcements»View Thread
View Staff PostsPost Reply

Data Breach Notification

Thanks for the transparency, It's always the unexpected that gets you eh?

The severity of this is ofc lessened by the fact that you are dropping the "We'll get there" attitude about 2FA and pushing it up to be launched at once.

Part of the process of the 2FA is likely also that you won't be asking users for complete transaction histories from their banks punishing long time users compared to new users since you ask for bank statements that predate the logs that banks keep, making account recovery impossible for long time fans.

Oh wait... none of this is happening is it?
Avatar
Posted by

on Jan 15, 2025, 3:42:23 AM
Harbinger Supporter
Abyssal Lich Supporter
Alpha Manticore Supporter
Shadowstalker Supporter
Master Undertaker Supporter
Sunspire Supporter
Assassin Supporter
Cult of Apocalypse Supporter
Elder Darkseer Supporter
Master Spellblade Supporter
Delve Core Supporter
Primordial Dread Supporter
Forgeguard Supporter
Vaal Serpent-God Supporter
King of the Faridun Supporter
Quote this Post
So what will this mean for the massive GDPR breach?

Will you guys get fined millions or lawsuits or something?

This is a big oof.
Avatar
Posted by

on Jan 15, 2025, 3:45:19 AM
Abyssal Lich Supporter
Redeemer Supporter
Harbinger Supporter
Minotaur Supporter
Alpha Manticore Supporter
High Council Supporter
Shadowstalker Supporter
Dread Forge Supporter
Master Undertaker Supporter
Master Soulstealer Supporter
Sunstone Supporter
Doomcrow Supporter
Blood Guardian Supporter
Sanctum Supporter
Divine Benevolence Supporter
Abyssal Imp Supporter
Eyrie Supporter
Ancestral Lithomancer Supporter
Eldritch Supporter
Quote this Post
What this post does NOT say is, how we all should react now to ensure our steam account safety. I mean... they say so themselves:

"
The attacker also viewed account information for a significant number of accounts through our portal.

For those accounts they got access to the following private information:

Email Address if the account had one associated
Steam ID if the account had one associated
IP Addresses that the account had used
Shipping address if the account had previously had physical goods sent
Current Unlock Code for unlocking accounts locked due to logging in from a different region

...

In addition there are some accounts where the attacker looked at transaction history which would have shown a list of previous purchases.



E-Mail Adress, SteamID, Shipping Adress... maybe even paypal-mail-accounts in the list of previous purchases? Even with 2FA on steam, that could be more than enough information to reset an account... I'm honestly sick to my stomach right now in fear of getting my Steam Account stolen with that information.
Avatar
Posted by

on Jan 15, 2025, 3:48:24 AM
Sunspire Supporter
Assassin Supporter
Eyrie Supporter
Insatiable Malice Supporter
Harvest Core Supporter
Imperial Sun Supporter
Primordial Dread Supporter
Annihilator Supporter
Voidborn Supporter
Vaal Serpent-God Supporter
Thaumaturge of the Vaal Supporter
Quote this Post
GDPR called, they want stored personal data.

Probably someone else also, about not informing us directly and instantly.
Avatar
Posted by

on Jan 15, 2025, 3:51:10 AM
Quote this Post
A lesson to learn from. Never let login in admin account or access administrative functions from any IP except corporate VPN IP. Also 2FA on top of this.
Last edited by haones#7707 on Jan 15, 2025, 3:56:50 AM
Avatar
Posted by

on Jan 15, 2025, 3:55:37 AM
King of the Faridun Supporter
Quote this Post
This entire situation is just one thing after another including how its being handled

Not even a global email? A forum post is how people find this out?

Honestly would rather just get a refund and go on my way at this point
Avatar
Posted by

on Jan 15, 2025, 4:09:41 AM
Liberator of Wraeclast Supporter
Quote this Post
"
I really look forwarding to 2FA available to the wider player base to bolster the security of the entire PoE community.


Has nothing to do with this
Avatar
Posted by

on Jan 15, 2025, 4:12:36 AM
King of the Faridun Supporter
Quote this Post
"
A lesson to learn from. Never let login in admin account or access administrative functions from any IP except corporate VPN IP. Also 2FA on top of this.


Did you even read the post? Social engineering has nothing to do with VPN or 2FA. You people are lost
Avatar
Posted by

on Jan 15, 2025, 4:13:21 AM
King of the Faridun Supporter
Quote this Post
"
topsen_#5879 wrote:
"
A lesson to learn from. Never let login in admin account or access administrative functions from any IP except corporate VPN IP. Also 2FA on top of this.


Did you even read the post? Social engineering has nothing to do with VPN or 2FA. You people are lost


Only one being lost is you.
If Staff account login is only possible with a specific IP from Corp only VPN everything could have been avoided.
Even if you got the login data+PW you can't login with that Staff account (and in best case that account will be autolocked) since your IP doesn't match one of the expected ones.
Avatar
Posted by

on Jan 15, 2025, 4:18:48 AM
Stalker Supporter
Sunspire Supporter
Annihilator Supporter
Quote this Post
Hoo, boy. Hope the guy whose account it was has his resume dusted off. That's an instant termination in just about any job in this field. I know if I was their security admin, I'd be demanding as much.
Avatar
Posted by

on Jan 15, 2025, 4:23:33 AM
Devoted Disciple Supporter
Shackled Immortal Supporter
Quote this Post

Report Forum Post

Report Account:

Report Type

Additional Info


View Staff PostsPost Reply
Forum Index»Announcements»View Thread

Home

Game

Forum

Events

Trade

Shop

© 2010 - 2025 Grinding Gear Games Terms of Use, Privacy Notice and Cookies Notice - Contact Support - Developer API
7198e05ea84dac937ca467ff833f3779