Show me a game noone has ever been "hacked" at....

Yeah, thats no evidence, thats hear-say so far id say.

Might be true, might be complete BS....who knows...

who knows indeed ! i dont like anecdotal evidence either and i definitely dont trust people, but theres just so many of them so im inclined to believe them also doesnt help that ggg hasnt said anything about this and the forum thread is almost 30 pages..

my intuition says ggg is lying

Isn't it like 30 pages of that same 10 people though?

Just thinking about this logically, something like a trade extension would probably have easier access to your local IP information compared to "going to someones hideout", which would make it 1000x times easier to spoof and bypass the 2fa.

I'm a random guy though, don't work in IT or networking etc., so maybe this just makes way more sense to my uneducated mind

I did see a post or two about logging into someone else's account when trying to login to their own - guy said he'd maybe start recording, so let's see if he does. Still don't know that this would be more likely than people literally handing over their private information to a random dev though, let's be real. The poe community is so lazy, and most think they are really smart, so it would make sense that an actual smart person would phish their info without even really needing to phish lmao, just make a basic trade tool extension and then ez money.

This post was edited by Commm on Jan 5 2025 03:17pm

--

This post was edited by Commm on Jan 5 2025 03:15pm

I hope for your sake that they don't get you.
As someone affected, I can tell you it feels like shit.

Poe currency robbing Drama much more exciting than actual endgame in poe2

I sympathize with you man. I think scammer/hackers are honestly scum of the earth.

You gotta think this through though - do you want the truth, or do you want to just blame GGG regardless of what makes the most sense?

If it was something as stupid as hideout spoofing, which sounds like an absolute bullshit idea, and to be blunt, would have probably have been discovered by the public by now, then why wouldn't they target OBVIOUSLY rich people? There are stories of people losing 1 divine. Sorry, but if you could just spoof by getting an invite, don't you think, and just hear me out here, you would target obvious rich players ONLY? Seriously, why the fk would you waste the time taking 1 divine? Granted I think they scripted what to take, and let it autorun itself which is why exalts etc. weren't taken, and why 1 divine was taken. I think we can agree that this is a moronic theory - if not, then please, explain to me why they would bother with 1 divine accounts when they can easily search for things like mirrors, kalandras touch, astramentis, large amounts of divines etc., and just go there?

Alternatively, let's say that it was just a leak on GGG's end and they all of a sudden had access to 10,000 accounts. The odds of them hitting multiple 100+ div accounts would be unrealistic, and also doesn't explain by-passing 2fa. "But people logged into random accounts before" - again, the odds of having this hit 100+divine accounts would be miniscule, especially at that point in time, and again, if it were "targeted", why would they waste time with an account with 1 divine. And lastly, this theory assumes this data breach ALSO included enough information to spoof.

A more logical theory is that the chrome extension or an overlay was compromised (personally chrome extension sounds guilty af, but I dunno I'd just personally never trust that lol), or possibly released with this exact intention; to gain access to accounts. This would give not only your login info, but potentially your IP information as well, thus being able to spoof, and BYPASSING 2FA. This is just a theory, but unfortunately, makes infinitely more sense than any of the scenarios above.

For the record I had over 200 raw div on my account at the time of this drama, as well as various GOOD items listed for 20-30 div which have all sold. I'm not saying I'm a great target, there are far wealthier players, but I would make a lot more sense than a random 1 div-ass-having noob. If they had ANY control over who's accounts they could go after, I hate to break it to you man, but I doubt they'd pick you.

Either way, I hope we eventually find out what actually happened.

This post was edited by Commm on Jan 5 2025 08:36pm

yeah its like 10 people posting on every page, but theres also new people every day. i assume theres also those that are afraid to post because if you report, ggg locks you for like a month (all while removing the hackers name in less than 30 seconds if someone posts it on the forums). and im also a random and not in the field so im assuming a lot as well

ive read many of those posts and they just *feel* legit and i would definitely take them as evidence. i saw some post that says ggg actually isnt to blame but how theres a hacker chain, but that one actually feels fake af as it doesnt say pretty much anything except that ggg isnt to blame (post #3 on this page: https://www.pathofexile.com/forum/view-thread/3667200/page/29). looks like a glowie 4chan post if you ask me

I fully agree with everything youre saying. Unfortunately I’m not too much of an IT expert that I could in detail understand how they are doing it - allegedly.
I fully agree that the likelihood of people inputting their login data somewhere is the far more likely option. Yet, GGG has fucked up on this end before so im not yet convinced that they didn’t mess up this time again. I guess we will see

I can only say for myself, I have not downloaded or logged in to any programs that would require email / password / sessionID and all of my credentials are and have always exclusively been used for Poe.
I have played online games for years and never managed to get hacked - so I’m rather confident that this time is no different.
In the end I am afraid that GGG has messed because it would really massively impact my view of them as a company.

I guess we’ll see … maybe we can get a statement on it within the next couple of days.

E: lost more than 700 div, so while I see your point on why would they target low value accounts… yet most of the reports / complaints I have seen are of people with significant wealth

This post was edited by Epple on Jan 6 2025 10:17am

Unlikely that this was an issue of session ID hijacking, but it remains to be seen.

The much more likely explanation here is that they entered credentials/other info into a shady website or resource related to the game and had their information stolen.
When a game is hyped like this, people are rushing to find anything that will help them get an edge and forget about the basics of security.

- Do not trust everything you see (addons, overlays, etc) or go linking your PoE account all over the place.
- NEVER reuse passwords, especially between game accounts, emails, and finance accounts (bank, retirement, etc).