Help and Information - PSA: Check Your PayPal — Found an Unauthorized Xsolla Charge on My PoE Account - Forum

Yesterday, the weirdest thing just happened to me, i got an email in chinese from Xsolla. I thought it was just some scam at first, i had no clue what that company even was, then i saw a notification on my phone that 30$ were paid to Xsolla for a poe2 supporter pack, i was surprised, especially that this purchase was ON my account with MY PayPal (which i found later, is a saved payment method on my account since 2020). Long story short i reached out to GGG support and they refunded it GGG told me that my accounts might be compromised, but then again.. what kind of hacker would do this?? who would hack my account just to buy a supporter pack for me, when i already have bought poe2 on steam? GGG informed me that I can get my account data from the website and so i did. Guess what? I think the culprit is Xsolla themselves. Now there are many clues to this, but the most concrete one is that the purchase was made without ANY website sessions or game logins.. It was purely through a Xsolla TW transaction directly without any user involvement or hacking activities to my account or pc. This is a serious matter... When i looked for similar cases on the internet, turns out I'm not the only one... Several cases from different games or websites claim that Xsolla made unauthorized purchases to their account also through PayPal. Check your accounts guys, remove ANY saved payment methods, if you used Xsolla on any other app or website also make sure to remove it. Xsolla is shady. Last bumped on Dec 11, 2025, 3:56:39 AM	Posted by Sosk#0844 on Dec 9, 2025, 2:47:22 AM Quote this Post
Thanks for the heads up. Haven't had trouble with any vendor on paypal myself (yet), but added 2fa. Did you check in poe2 to see if you actually received the thing?	Posted by AlvinL_#4492 on Dec 9, 2025, 3:05:10 AM Quote this Post
Yeah i had received everything, coins and all.. everything refunded now of course. Edit : Also i have 2fa, but Xsolla is basically a PayPal payment method, so they are authorized to do almost anything without verification. Last edited by Sosk#0844 on Dec 9, 2025, 3:12:10 AM	Posted by Sosk#0844 on Dec 9, 2025, 3:09:04 AM Quote this Post
" AlvinL_#4492 wrote: Haven't had trouble with any vendor on paypal myself (yet), but added 2fa. They're not compromising PayPal accounts; they're compromising Path of Exile accounts to buy Path of Exile 2 supporter packs using saved payment credentials so they sell the 'extra' keys. GGG do not offer first-party Technical Support. Free Technical Support guides are available here: https://www.poecommunity.help No ads, trackers, or other weird stuff.	Posted by Sarno#0493 on Dec 9, 2025, 3:10:24 AM Quote this Post
I never buy directly on the website, always via Steam. I guess you just learned your lesson. [3.27] Poor Man's Ward Loop: https://youtu.be/p5NA_Rf2TJU [3.27] Cheeto Chasers: https://youtu.be/f4feauaRxAk [3.26] Shaper Beam Totems: https://youtu.be/soG0-Y2pDDo [3.26] Gorilla Pop: https://youtu.be/JYGmntfn1ho [3.25] Lazy Susie: https://youtu.be/VlcH6tIBzkg	Posted by BaumisMagicalWorld#0673 on Dec 9, 2025, 7:44:20 AM Quote this Post
i just remove every autopay authorization from paypal hacker may able to still my HH or mirror, but not my real world money This is the start of forum signature: I am not a GGG employee. About the username: Did you know Kowloon Gundam is made in Neo Hong Kong? quote from the first page: "Please post one thread per issue, and check the forum for similar posts first" This is the end of forum signature	Posted by neohongkong#0222 on Dec 9, 2025, 7:58:31 AM Quote this Post
okey i did find this post 5min ago and it look pretty similar to my case which i did find about 15min ago x) msg on poe site that i did buy an early acces key (even trough i already had one) did look my mail about poe find a strange one in chinese about xsolla usa poe have transaction of poe 2 early access key on paypal about xsolla poe but no mail of weird connection nor on paypal or my own email address i wonder if that linked with the admin data leak poe2 had at this release, had some key claimed at that time even through i didn't send all of them	Posted by dfotok#0926 on Dec 9, 2025, 8:09:03 PM Quote this Post
" dfotok#0926 wrote: okey i did find this post 5min ago and it look pretty similar to my case which i did find about 15min ago x) I'll assume you already contacted support, make sure you tell them every detail. So many similar cases and hopefully if more start showing up in GGG inbox they will do something about it. My guess is it's a PayPal security problem not the other way round, the same thing happened to people from different website/apps/games that used Xsolla, from what you said, probably once you're in their system you're exposed to a data leak.	Posted by Sosk#0844 on Dec 10, 2025, 12:10:24 AM Quote this Post
" Sosk#0844 wrote: I think the culprit is Xsolla themselves. Xsolla is shady. I mentioned this in my own post I made recently, it's some sort of money laundering they are doing. I've yet to receive my refund, and I'm livid that they refunded yours so quickly when mine was vital to my fucking health, since the money got taken out on the day I needed my medications.	Posted by ixekun#5096 on Dec 10, 2025, 2:13:46 AM Quote this Post
" Sarno#0493 wrote: " AlvinL_#4492 wrote: Haven't had trouble with any vendor on paypal myself (yet), but added 2fa. They're not compromising PayPal accounts; they're compromising Path of Exile accounts to buy Path of Exile 2 supporter packs using saved payment credentials so they sell the 'extra' keys. Roger roger, better safe than sorry.	Posted by AlvinL_#4492 on Dec 10, 2025, 2:30:34 AM Quote this Post