Compromised PoE Accounts: Stolen Items and Hacked Accounts - Discussion and Leads

Got hacked last night, playing standalone account and after this incident i have since changed my password.

I was amused how they managed to log into my account.. about mirror worth of equipments and stash currencies and highly valued div cards all gone. Checked my email there was a request of path of exile data export and a link sent to my gmail (which i did not request).

I use:
1) wealthy exile
2) poe regex
3) awakened poe trade
4) neversink loot filter
5) poe ninja

WHAT HAPPENED THAT I REMEMBER:
1) Before i done playing there is a invite to party or friend request then i clicked decline without taking notes of the name, i guess that hacker is checking whether i am online or not before trying to attempt to hack into my account.

2) I listed a quiver for 100div on async trade (not sure weather it really worth that just trying luck and list)

3) I use poe trade and bought forbidden flesh and flame for escape artist and instant buy (about 90div total)

4) woke up today and login and found my character naked.

5) -changed path of exile password,
-changed google password,
-set account privacy to all private,
-revoked poe ninja access to prevent in game wealth exposure,
-at path of exile game main page, untick 'Save Login Details' because I notice if i stop gaming, as long as I never shut down or restart my pc, i still can login without entering password.

I hope this information can help.. although not sure it's helpful or not.

Please let know if I can better protect my account from being hacked.

**TO THE HACKER IF YOU ARE READING THIS, YOUR PARENTS HAVE TAUGHT YOU WELL AND IS PROUD OF YOU THIEF. KARMA WILL HIT.

"

Hilbert#4232 wrote:

Was informed by ABVT#0013 last year , that my account was affected, they took a lot of time to go through hundreds of remove only tabs.

I only checked because I received an e-mail about a data request I never requested. But I also received another unlock code e-mail on 4th Jan 2025.


So here are my 2 cents. There was an earlier breach to 2024/2025 where the attackers acquired login tokens. I received an e-mail years ago that my account has been locked when I haven't logged into the Path of Exile since some Cutthroat Race that was before Act 4 was released. Checking the stashtabs I noticed some things missing already.


This time(2025) they moved pages, suddenly I have jewels in the inventory of a HC racecharacter moved to SC.

I believe there was a database breach in 2017. If you did not change your password since then, I think they were able to decipher it years later. With email/password combo they are able to login into the site and request a data file which logs your ip. Together with a vpn they are now able to log into the game client without the system sending a verification code to your email address. In most cases these hackers don't have access to your email.

Of course people get hacked but it does not mean they will be targeted through the same attack vector that is why the reports are all over the place.

There is a vulnaribility in the case of not having 2fa for loggin into the site or playing the client without changing region. There is also the matter of the fact that it is questionable to make it possible for players to download ip data through your account.

If in the case you have a unique email (with cellphone 2fa), a unique 'military' grade poe password and you do not play with any game plugins and you still get hacked, then it is GGG's fault and their security is failing. No other way around that.

"

Hilbert#4232 wrote:

I don't play the game but TBH this is a major screw up. If GGG had any itemstransactionlogs they should use those. Not a single item I received as race reward has ever been traded. They were rotting in remove only tabs aside from the Beta Demis those were in a stash page. GGG should essentially ban all the first transaction log accounts including IP ranges and wipe the items.

For those playing: Feel free DM me if you see the Season 2 Demigod somewhere I want to play with the breacher and RMTer prior a bit. :)

RMT has been a bane of this game since closed beta and TBH I GGG should automatically change alt arts into their regular version and change them to a skins to kill their value. The only way to combat RMT is to render those items worthless.

Recently some asynch shop were filled with the following items and there is no way they were obtained legit. Just as reference Condemned and Kripparian were top racers with over 1000 points in a season and only got 6-7 alt art Shiverstings. This account is featuring 25-30. Condemned was hacked and after some time his alt art Hrimnor's Resolve with unique quality number resurfaced at the account who shall not be named.



It is easy to find out which accounts these are. You could track the path of those items and check anything suspicious happened with old accounts who might be hacked.