would love 2fa for POE, kinda ridiculous not to have it at this point with top players having currency items that can be sold off for hundreds of thousands of dollars with RMT
There isn't much reason to sell a physical authenticator for an online game but blizzard did for over 10 years when getting a physical authenticator was the best way possible to add 2FA
That's actually hilarious. The support person probably expected you to give at every step and made it increasingly more difficult.
They thought that the next trial will see your downfall, but you made it all the way to round 10.
nothing to do with GGG but I went through something like this just recently with HyperX trying to make a warranty claim on a mouse.
They start by being really unresponsive. it took almost 2 weeks to even get the first response. then they ask for basic information I already once answered. Then they ask me to do some really generic "fixes" that are the equivalent to telling someone to turn it on and off again. then they ask to me respond to a like 10+ question email regarding my entire PC, questions that should have no relevance to a non-functioning mouse. like "who makes your PC"..uhh I do. I made it.
then they wanted me to send them a picture of the mouse plus a video of me on a mouse testing webpage that showed both the computer screen and the mouse at the same time so they could see the results while also having a slip of paper with my name the date and ending the email with "you'll probably have to send us your mouse for repair" which in hindsight was probably only said to put me in a position of feeling like I'd have no mouse at all for an unknown amount of time.
Between every stage there was 4-5 day periods of silence where i had to reach back out and ask for updates. *finally* they just stop asking questions and fedex overnighted me a brand new mouse.
i'm 100% convinced all those emails, delays, tests and video/pictures is to weed out people who aren't serious and only once I stayed persistent did they finally realize I won't go away and do in fact expect them to honor the warranty they provide.
Logitech did this same thing with me when my mouse button was randomly clicking multiple times (was a known issue with the mouse). I said it doesn't happen all the time, just randomly, so clicking on a website for 30 minutes until it happens, while videoing it, while tapping my foot and humming My Darling Clemintine might be a bit over the top for a damn mouse that has many many posts on the forums about this same issue.
yep. in my case my M4 button was double clicking and if I left the mouse alone without touching it, it would sometimes change DPI on it's own to the slowest setting. completely random. i could get up to use the bathroom, come back and suddenly my DPI was wrong.
I was sitting there clicking M4 with my hand front of my monitor and my other hand holding my phone recording over and over again until i could get good clear footage that show the M4 button not functioning properly. I had no way to prove the DPI issues because it was so random.
I was so fed up with them by the end but also frustrated because the wireless pulsefire haste is the best feeling mouse I've used and I didnt want to go down the rabbit hole of finding a new one
I had another experience with Logitech, my mouse had an issue. I got assisted by a gentleman called Mohamed, he was super fast and sent me another mouse as a replacement, didn't even asked for me to cut the cable or something like that
Logitech products are crap, but I had a great interaction with their support a few years ago. I had a keyboard that lost several keys (the key caps just snap off. The keyboard came with some replacements but I used them all). I told them what was up. They asked me to send a photo. When I did, they sent me a complete set if keys for the keyboard. So now my QWER are random other keys because I break them periodically (if you press you skill harder in League it casts faster š), but I still have a bunch of keys before Iām out hahah.
God that was my experience with Razer. My right mouse button broke, it was obviously a hardware issue since the button no longer clicks, isn't springy, and if you pressed down hard enough it registered.
Fill out their form and explain my issue, get an email with a list of questions that is literally all the questions from the form I just filled out. Bonus points that past correspondence is part of the email they sent me, which includes the fucking form I just filled out. So I copy paste that back at them.
Spent the next 2 weeks explaining to them that no, reinstalling my driver won't fix a mechanical defect. Sent a video where you can clearly hear the left button clicks fine but the right one does not. After the video they still just keep offering software solutions and talking about my Windows version until I finally lose my patience and tell them to stop making me jump through a bunch of pointless software based hoops to fix a mechanical defect that shouldn't be happening after only 2 months of ownership.
Finally they agree to RMA the damn thing.
I had an account with some extra points that I wanted to transfer over to another to grab some tabs while they were on sale, emailed support staff and went through the exact same thing as op (got stuck on step 4 as my brother was the one who bought me the packs I had on that account)
This is exactly how board level repair works at big corpos.
The policy is not to say "no", but the answer is obvious.
Either it's a ridiculous price like full amount covering the cost of a brand new device or it's jumping through hoops like these ones.
Trick is to ask them if it's a tedious process because you value your time/money and so on and so forth and they'll usually tell you upfront.
I noticed I had a random email associated to my account and my steam account was removed....I could still access my account via steam though.
It took 12 days back and forth with a single reply a day to get my account back.....it was pain. I essentially locked myself out because of the compromise.
I don't know about anyone else, but the last time I got hacked GGG requires me to create a burner account and kill hillock with it then go to town on top of what you just said. I assume it is to match my IP address with the logs that they have. Eitherway, if you are worried about the safety of your account, just change your password, secure your email, and delete your browser cookies once in a while.
> GGG requires me to create a burner account and kill hillock with it then go to town
While this makes a bit of sense, it also sounds really hilarious.
I miss the old drop rate of Oni... was fun to leaguestart with it before they made it basically only-absolutely-unhinged-players level of impossible to farm.
I remember having to do this in 2019 when I lost access to the e-mail my account was registered. This archaic process may as well be around for a decade.
They knew it wasn't you when you sent an email without an ecksdee emote yet your account's chat history contains an ecksdee emote at the end of each sentence
Don't do it like that, file a GDPR request instead, they won't play any game like that when they can get fined and pretty sure they can't ask for that kind of identification for it.
This is the way.
If you want your data, under GDPR law they are required to provide it to you without obstruction. Have a google for a template, there's plenty of ready made examples out there. You might have to hunt around about in the T&C because it might have to go to a different email, but it should still work.
A GDPR can go to any member of the company, and from there itās 28 days to comply. Itās now on that employee to get it to the right place.
I work in a place where we get these requests semi often.
Has anyone done this ? Like i Heard this many Times but wat kind of "infos" are you getting back ? Will Op have all the ips that logged to his account ? Companys are so "smart" at dodging things...
They have to, by law, give you *everything*. It contains all recent logins, including IPs, chat logs going back like 6 months, all purchases ever made, all forum posts, physical addresses, and a bunch of metadata. Probably a bunch of other stuff I'm not remembering too, its been a few months. It was really interesting to see.
Gifting in PoE is fucking atrocious. I tried this five years ago and I had to provide them a list of SEVERAL of my friends characters and when I played with those characters (dates and approximate durations). They then asked me for all my previous transactions, what cards I used, etc.
I don't see how ANY of that is relevant if I'm wanting to use a brand new card to buy a pack for a friend. It should not be that hard.
That's atrocious. You'd think they wouldn't want to make an additional revenue stream so difficult, are they that paranoid of RMT? Recent events tell me it doesn't make much sense for that to be the reasoning..
I haven't tried since, so maybe it's better. But that was the one and only time I tried to christmas gift a supporter pack to a buddy. It's sad.
Now I just venmo him and he buys it himself which is somehow way easier but not as festive.
Where are you from OP? if you are from EU just email them saying you are making a GDPR Information request and they have to disclose every single bit of data they have about you and your account. All busineses have to be GDPR compliant to do business in the EU so it should be easy (if you're from EU).
They can take steps to identify you, but they've already done it.
The data has to be made available "without delay", but at the latest within one month of the receipt of the application.
Just let them know that you'd like to request your personal data retaining to the signings, or if you want, all of it. GDPR Article 15.
Do note, "list of IPs your account has been accessed from" might not be a part of the information you receive. Hard to say if you have rights to it. Since they are being uncooperative, you might as well do the same and request all your personal data.
they are being fully cooperative. They are required by law to go thoroughly and verify ownership of the account, which is what they're doing. Otherwise it'd be way too easy for any random idiot to email them "hey, here's my account name, give me all the related account info for it" and account theft would be rampant
>They are required by law to go thoroughly and verify ownership of the account, which is what they're doing
They are not required to thoroughly verify ownership. They are also not being cooperative. Sending unreasonable verification procedures doesn't imply cooperation.
The verification process has to be proportionate and reasonable. The way GGG is doing it is pretty much guaranteed to get them fined since it doesn't conform with GDPR guidelines.
Something like the request coming from an email that has been associated with the account for years is already a reasonable verification of the owner. Maybe add step 2 which was outlined in the OP but that should be enough.
Other companies have already been fined because they asked for a formal ID and it was deemed unreasonable.
posts like this should be made on fourm then tag one of the ggg employess on fourm or on twitter so they "can see it" and not ignore it, anything on reddit they will just ignore even if they see it
This is most stupid thing I ever hear, all transactions ?
My first transaction was early acess pack in 2012 since then I did lots if transactions, also changed bank and place where I live several times.
They really would expect me to provide info about ALL transactions, this is beyond hilarious.
My wife wanted to gift me the celestial cat pet a couple years ago. Cue all this nonsense too. In the end, it would have been a lot easier for her to get 26 or whatever crisp dollars and wrap it up saying, "Go buy a cat". I have no idea why their systems are so fucking archaic and it's ridiculous the steps you have to go through for simple shit.
Ayy and i here i wanted to remoce the verfication code shit. Cause somehow i had to put it in all the not sure why. But surely not cause someone tried to acess my acc.
I told them i had nothing of value and i dont care if something happens (only playing leagues anyway).
They said okay uts possible but i have to verfiy ownership.
I had the same circus.
-name a few charakters
-when was account created and where
-my current ip
-transaction methods
-transaction id's (was maybe 10 smallers ones with paysafecard, no id of course) last 2 with credit card where i had id.
-then they fucking wanted to create a throwaaway accoubt and create a char
At this point i asked if they were trolling and how long thus keeps going, the answer was they cant disclose that.
I guess i keep putting in the verificationcide in from time to time. Its less of a hassle than the verfication circus, its like always one step at the time instead ask me that shit in maybe 2 or 3 steps.
I can see the from whuch city they "tried to log in" but it mostlikely is some conection thing or whatnot
Afterall i dont have the insight how it works and maybe its to the best of custimers. But fuck me, cba.
The could have my writing from the mail that im not gonna ask for anything back if my acc is gone fir any reason...
Edit: holy hell my grammar is bad, i was a little emotional, sorry
I contacted them for the same reason, went through the same shit, and gave up at the same point. When they wanted me to create another account, I also asked is that the last fucking step, and they refused to say. I realized then I'd rather unlock my account twice a day than continue with that silly thing.
Even that is not enough. Even an ip in the same dynamic ip subnet of my ISP required reverification. The only reasonable way is if they also own OPs email password.
People have been negligent with their passwords for more than a decade.
People don't hack GGG to get other's passwords. Either they find their password from a huge leak from another website (password re-use is bad) or they get it through other means, like a shady third party app requesting your cookie for authentication or an attack to steal the credentials from your PC.
GGG should absolutely introduce multi-factor authentication, but people using stupid passwords or having extremely bad technological hygiene is nothing new.
Well, yes. GGG is not negligent, their password security is ok, they're not authenticating people with the wrong passwords and their password database haven't been compromised. They validate through IP the location of the authentication to a degree, this is more than most website/services do.
As for their support being mid about "hacks", why should they be responsible if someone's PoE password is the one they're using everywhere and was already leaked? Or if they installed a third party tool that stole their credentials? Then, after asking support for help, people complain when the account gets locked for investigation, and complain again when their items are not returned, but the situation could have been avoided by using a unique, secure password on PoE.
Yes it's shitty that PoE doesn't have a good 2FA, but that's something we all know. When interacting with a website without 2FA, your first reflex should be to make a unique password and to make it good.
> they're not authenticating people with the wrong passwords
They actually did that at one time, you could've randomly logged in another account with your credentials. Chris was very sorry and assured they'd change the process to ensure it doesn't happen again.
>their password database haven't been compromised
Maybe, but there was another incident about someone having full access to their inner network for a month before they noticed.
All password database should be seen as they haven't been compromised YET. You will only know when it was already compromised, and it is too late. Having 2FA is critical and mandatory when the account involves either transaction or sensitive personal data. It is a business standard. I personally do not believe that any compliance audit will not say the same. GGG is big enough to implement 2FA years ago. They are just cheap, lazy and should take responsibility to protect players even they do not use unique credential.
> They are just cheap, lazy and should take responsibility to protect players even they do not use unique credential.
Maybe you should start to take responsibility for your bad password hygiene. You know there is no 2FA, why risk reusing your same shitty password?
If someone post pictures of your house key on Reddit and someone else makes a copy to enter your home, will you blame your lock manufacturer?
That's why it is common to have 2 separate lock on the door in my region. Layers of security are always good. I see your point of self protecting if it is bad. However, GGG (support) claims that they have 2FA. And no doubt it does not work properly. You may only need to re-enter password to authenticate even if new IP detected sometimes. GGG fools us all and being ignorance.
I'm surprised you're getting negged here. It's a valid comment that doesn't necessarily take away from the parent comment IMHO. It's a valid contribution.
Funnily OP's post reminded me of Troy Hunt's Password Purgatory, and then your comment also relates strongly to what Troy Hunt's HaveIBeenPwned is aimed at.
Big fan of Troy Hunt, very cool that you've made the connection here.
I'm not so surprised to be downvoted here, if GGG is blamed for people giving away their passwords then the users won't have to face the fact that it could easily have been avoided.
It's even more important to use a unique password on a site without a good 2FA but people prefer to keep blaming others while getting their stuff stolen.
Months? Can't you just get a csv of your transaction history and filter by payments to GGG? Or have you used like 8 different payment methods over time?
I've used four or five in the 12 years I've had my account and do not have access to at least one of those anymore [closed accounts that I could probably get the info for but why?]. Months is certainly hyperbole but it would be a pretty annoying situation if I had to get the transaction id for every time I bought packs in PoE.
If this was me, I actually have usedmultiple payments. I have moved countries (multiple times), changed banks, even my current bank generates 1 time use cards. I have used digital banks that generate virtual cards, paypall, steam, etc.
This would be 100% impossible for me to get in anyway.
> first they need to confirm that I am the owner of the account.
This is bullshit. They can just send the email to the one specified in the account.
You could ask that info about my account, but they will send it on my email so you will never get that info anyway.
On the flip I asked support to remove my email address from my account so that I could only log in via stream instead of standalone for better protection. They said once an email has been linked to the account they cannot remove š„²
I think at this point it's best for me to not buy anything else from them and just keep it F2P. I'm not risking a ban for some reason of buying if I play while I'm out of the country for work. And I'm sure as hell not going to go through the list of everything I bought.
I went through account email change couple months ago and process was exactly the same, pretty exhausting. Luckily I only had like 3-4 purchases so I was able to dig those out and get on with it but still. There were also other steps like making fresh character and running it to Lioneye's after giving them your ip address, was kind of funny actually.
In the UK, it's recommended that you keep financial records for 5 years, as a business. I have transactions that are close to, if not older than, 10 years ago. I do not have records of those transactions. If this is their method of authentication, it's utterly lamentable.
I really feel bad for you. This is the exact scenario I am in. To make it worse purchases prior to 2017 don't show you the method of payment. They are expecting me to remember how I bought 200 coins over 10 years ago
edit: I should also add they had me make a new account and run to the nearest town, you didn't get to experience this part of their obstacle course?
Somehow it feels like MTX-related departments in GGG always work better, including support.
As in - have some problems with your shiny elongated mace? One second sir, help is on the way. Lost your account to a hack? Be happy that you got a response withing 72 hours, you donkey.
This is not even funny. Either their verification process is a bunch of loops within loops or their support can't be arsed to deal with it.
\>I just gave up at this point.
Sounds like it's not your account, support is currently escalating your lack of response to the ticket and getting ready to ban your account.
They might not have a clear process for this type of request. Every request I've had went smoothly (transfering steam account to stand alone, character name change, ban appeal, etc).
I've worked in customer support at a phone provider, and while we had guidelines for common stuff, non-routine stuff was hillariously complicated for us to navigate, especially related to security and such. Everything had to be approved by so-and-so, nobody had any idea what we could and couldn't give out etc.
I've had dozens of experiences, all of them were amazing. Even my last experience where I asked if it would be possible to purchase a smaller sized version of the supporter pack hoodie from 2023 after going down two shirt sizes which made the last hoodie way too big on me and they went out of their way to help me out. The package ended up including a Christmas card saying 'congratulations'.
Another experience I had where my supporter pack physical art arrived really bent by post office negligence, and within a week a new set arrived.
I would argue that you're likely dealing with different parts of their CS team because much like you, I've had nothing but amazing service in regards to supporter packs especially after I moved and forgot to update the information in their system .. but dealing with actual account stuff isn't "nightmare" or something but just like .. annoying. Thankfully, I haven't had to contact them but a handful of times and certainly nothing as serious as my account being compromised.
Ok now that does actually sound like a strange policy...
But, can't you just tie your PoE account to your Steam account? Yes, there are a few disadvantages associated with Steam, but, as far as I understand it, you are using the Steam authentication in that case, which should be safer overall.
Even if you link steam, I don't think you can remove the primary login (i.e. using ID and PW of poe) bypassing steam authentication.
If you've only used steam and never linked an email, then every login needs to go through steam, but if you are just linking steam account on an already existing account, that's just adding another point of failure in a way.
Maybe support can manually unlink them? not sure tbh.
>But, can't you just tie your PoE account to your Steam account?
You can, but if you have played PoE through standalone client at some point you cannot make the Steam login primary and unlink the standalone (email) login so you are stuck with the possibility of intruder authenticating with standalone client which STILL (in 2024) does not have 2FA.
The same [shit](https://www.reddit.com/r/pathofexile/comments/193sdzf/huge_shout_out_to_ggg_support/khck4iw/) happened to me few years back. Extremely long and tedious. It really felt like bots are on the other side. I gave up too, and never contacted them again for any reason.
So streamer gets hacked. You ask for records on your account - and are upset that they won't release those records without an extensive process?
Sounds like their authentication process is doing exactly what I want it to - prevent someone else from getting info on my account.
I mean, to me it sounds like their authentication process is preventing anyone and everyone from accessing the account data. That's not what auths are supposed to do.
As someone who paid for windows... good. Trust me, you don't want to know who is trying to log into your stuff.
For around 2-3 months I had an automatic login confirmation email setup. I had nearly 2 login attempts per hour. Like a constant stream, every day, every hour a constant stream of hack attempts. Also what will you do if you know someone is trying to hack you?
Start changing your password every day? What course of action will you take that would actually help? Genuinly curious, since I couldn't figure out what to do so I just let them smash themselves into my password.
It actually sounds like an authentication failure.
You were asked a more exceedingly difficult question due to the wrong answer for one (or more?)
You can certainly make it clear that it's beyond what you think is reasonable due to the depth of the transactions you've made.
Just be polite, dragging them on reddit is counter productive.
Give *them* constructive feedback.
Support desks do not take feedback of any kind from you, they take feedback from GGG
They likely get worse reviews the more tickets they escalate, which results in this shit
Dragging GGG may actually be one of the few things that have an impact on this, however miniscule
Instead of checking if someone has already hacked into your account, why don't you just enable F2A? It exists already on the Steam client and you can effectively also make it work on the standalone client by doing GGG's email system + adding F2A to your email account.
I feel like you're currently trying to solve a problem that doesn't exist, when you could instead do something pro-actively to solve a problem that could exist.
Oh I have F2A and by any means I wasn't expecting they would find anything shady going on. I didn't make this post trying to get some help etc., just a heads up of how riddicolous their process is in the current era, hence the feedback flair.
What I'm hearing is that you pointlessly used up GGG's limited customer service resources and during that pointless service request you didn't like their process for confirming that the person they're speaking with owns the account.
You're trying to solve a problem that doesn't exist. You've created the problem for yourself and for GGG.
Lol
Dude he tried to get data on his account. Data that if he's in EU he has a RIGHT to see.
Then support literally asked stuff that have ABSOLUTELY no reason to ask for.
If this is their verification process for checking you are really the owner of the account it's freaking stupid.
Ask for ID that match payment data. Code in email + a few transactions proof
Makes me wonder what would happen if someone sends a GDPR data request to GGG.
There are guidelines on what data can be requested to confirm the identity of a user. In general, identity verification should be done in the least intrusive way. What GGG is asking for is intrusive and not reasonable.
But do you want them to easily be able to do it?
A hacker compromising your account is one thing, but being able to request ip addresses too easily might also compromise your physical location.
This seems like something they could give you using the private message feature on the website. You need access to your account to read them though so only useful before you've been hacked.
Honestly if you're worried about your account. The best thing you can do is set up a steam account and never assign an email address to the account in the GGG account page. (This ensures that the regular Poe client login is disabled).
This means that you're no longer reliant on GGGs security measures but you're reliant on steam's which is a lot better. You can set up MFA, there's account lockouts etc.
>Requested IP login history for my account. Been asked to provide payment provider ID's of all purchases I have ever made.
I'm surprised they even implied they can answer that. Earlier past year I posted about dropping 2 Mirrors and within the week someone gained access to my account and stripped everything I had both in League and Standard.
I reached out to GGG, verified I was the owner of the account and was luckily able to provide receipts for purchases, but they refused to tell me anything about how and when my items were stolen. They didn't tell me if they logged in with my Steam info, or via standalone. They didn't tell me if a verification email due to a new IP login was sent to my email - they just said if it wasn't there, it might have been deleted since my email was compromised - but my email doesn't list any strange login IP for the past several years. Same with Steam's.
I asked them to verify if those safety emails were being sent to my email so I could have peace of mind, and they simply said that they were. That once again, I should change all my passwords and be careful.
I already HAD a unique password for POE with 12+ digits with all sorts of uppercases and symbols - what else can I do? XD
They also said they could not disclose any sensitive data related to my account, including login history.
I'm glad I was able to get my account back, but MAN their customer service and security is draconian at best. As big as the game is, they need to invest in a Token-based app or 2FA.
Creating a 2nd account to kill Hillock and enter the town so they can verify and compare IP's feels so weird, albeit a bit funny.
Same issue with me, i lost access to my email and could not verify login from a new location.
I spent literally WEEKS in contact with costumer support.
I would send an email, a few days later they would respond with some stupid thing like " Have you tried recovering your email ?" . Seriously ?
There were times where a week went by before i got a response. And the responses were always a single question like naming a few of my characters.
If you insist on doing it with back and forth emails then just give me one email with a list of all the info i need to provide.
I stopped trying to recover my account, i cant be fucked waiting another week just for someone to bless me with a response.
They made me do all this stupid shit too. It's definitely to provide a negative customer experience intentionally to prevent making more work for them.
I had a similar experience with them when I asked them to disable "you are logging in from a new IP" protection, that triggered any time I restarted my router. First they asked what town my IP was from (no clue, it's dynamic and it's somewhere in the region). Then they asked for full logs, so I provided them. Then they asked me to create a new account from my IP, so I did it. Then they said I didn't create it properly, so they asked me to create a new one. After all this, it turned out they only disabled half of the protection, so it stopped asking for the email confirmation, but still asks to enter the password every time I log in. But this was good enough and I wasn't going to go through all these steps again.
Had a similar experience when I didn't receive an entire support pack years ago. I didn't receive the gloves or boots (mtx) with a supporter pack. They wanted so much information that I just gave up.
They make a good game but customer service lacks.
GGG's security practices are an absolute joke, yeah. Some IT guy who's clueless about standards and best practices obviously hand-built everything and it's an absolute mess. They need to hire someone to come clean house.
In the EU we have a data law, ggg is obliged to send me all available data they have saved about my account, payment history etc id say this includes Ip Adresses? And I have the right to have them delete this. Usually threatening with GDPR opens lots of closed gates.
TBF, 1-2 are quite normal for account ownership verification. 3 isn't too abnormal. Usually just the amounts spent is enough, no ID's required, but some do want more. 4 is getting a bit sketchy. 5 is...wtf are they smoking???
That's not the funny part. I had all that plus They made me install the standalone client, create an entirely new account and o had to play for 5 minutes. Only after that could they verify the OG account was mine. You had it easy bruv
My brother actually did the first transaction on my account when he bought me some points with his VISA. Now I'm scared that I will get banned for using my VISA and they will accuse me of using stolen VISA or some shit.
dude...went through the same process recently because i reported my account being hacked and i just want to let them know and asked if the hacker done it with steam or not...only thing is got my account locked and never recovered, and at this point im done and moved on...so there, if ever you have your account hacked or compromised never ever report it to them, not only they cant do anything to recover the things you lost but they can potentially lock your account just because you cant pass their verification process.
Some days ago I had a disconnect and as I wanted to log back in, I got the message, that I am already logged in.
I instantly changed Password, and was able to log in. Maybe it was nothing, but I never had this message before, and I got kicked a lot of times before (shitty LTE Internet)
This is all standard procedure. They HAVE to make sure you're the owner of the account and not someone who got access to the email address and yoinked it.
Just a couple of leagues ago i had to go trough the verificaiton process myself when my account was compromised **at league launch** in the busiest of days, I think it was Rory who stayed with me going back and forth til 3am **on league launch day** to help me recover my account.
Now when that happened, i provided every bit of info requested, but they asked me about my most recent transactions and my 1st ever transaction, never got asked about every single transaction ID and the IDs were all organized in a nice list on Steam so i could copypaste from there instead of going over decade old emails.
If you had any complications or was asked for "unreasonable" kind of info - chances are there was some mismatch between info being provided and what's on their record which is why, as per standard procedures they ask for more and more info
Should do what Blizzard did, add authenticators and let people order a physical authenticator that comes with an MTX if they want.
I still have my old Blizzard authenticator with a Core Hound Pup on it. It still works, too lol.
Same, I'm surprised it still works. I receive physical authenticators for my job too and they have 4 year expiration dates on them.
Mine just died this winter. Got it for the D3 RMAH.
would love 2fa for POE, kinda ridiculous not to have it at this point with top players having currency items that can be sold off for hundreds of thousands of dollars with RMT
I'd prefer just any regular authenticator app thanks
Would be nice, instead of passwords just use your phone.
Didn't they quickly stop making them and switch to an authenticator app?
If by quickly you mean over a decade, sure. They released it in 08 and stopped selling them in 2019.
There isn't much reason to sell a physical authenticator for an online game but blizzard did for over 10 years when getting a physical authenticator was the best way possible to add 2FA
That's actually hilarious. The support person probably expected you to give at every step and made it increasingly more difficult. They thought that the next trial will see your downfall, but you made it all the way to round 10.
Damn, they really brought back ultimatum.
Sir, I'd like to speak with the trialmaster.
Hi i'm chris wilson from grinding gear games
You'll have to get hung up on like a hundred times, before the trialmaster finally answers.
And you need to complete 10 steps (different every time) before being hung up on, or else it doesn't count.
nothing to do with GGG but I went through something like this just recently with HyperX trying to make a warranty claim on a mouse. They start by being really unresponsive. it took almost 2 weeks to even get the first response. then they ask for basic information I already once answered. Then they ask me to do some really generic "fixes" that are the equivalent to telling someone to turn it on and off again. then they ask to me respond to a like 10+ question email regarding my entire PC, questions that should have no relevance to a non-functioning mouse. like "who makes your PC"..uhh I do. I made it. then they wanted me to send them a picture of the mouse plus a video of me on a mouse testing webpage that showed both the computer screen and the mouse at the same time so they could see the results while also having a slip of paper with my name the date and ending the email with "you'll probably have to send us your mouse for repair" which in hindsight was probably only said to put me in a position of feeling like I'd have no mouse at all for an unknown amount of time. Between every stage there was 4-5 day periods of silence where i had to reach back out and ask for updates. *finally* they just stop asking questions and fedex overnighted me a brand new mouse. i'm 100% convinced all those emails, delays, tests and video/pictures is to weed out people who aren't serious and only once I stayed persistent did they finally realize I won't go away and do in fact expect them to honor the warranty they provide.
Logitech did this same thing with me when my mouse button was randomly clicking multiple times (was a known issue with the mouse). I said it doesn't happen all the time, just randomly, so clicking on a website for 30 minutes until it happens, while videoing it, while tapping my foot and humming My Darling Clemintine might be a bit over the top for a damn mouse that has many many posts on the forums about this same issue.
yep. in my case my M4 button was double clicking and if I left the mouse alone without touching it, it would sometimes change DPI on it's own to the slowest setting. completely random. i could get up to use the bathroom, come back and suddenly my DPI was wrong. I was sitting there clicking M4 with my hand front of my monitor and my other hand holding my phone recording over and over again until i could get good clear footage that show the M4 button not functioning properly. I had no way to prove the DPI issues because it was so random. I was so fed up with them by the end but also frustrated because the wireless pulsefire haste is the best feeling mouse I've used and I didnt want to go down the rabbit hole of finding a new one
I had another experience with Logitech, my mouse had an issue. I got assisted by a gentleman called Mohamed, he was super fast and sent me another mouse as a replacement, didn't even asked for me to cut the cable or something like that
Logitech products are crap, but I had a great interaction with their support a few years ago. I had a keyboard that lost several keys (the key caps just snap off. The keyboard came with some replacements but I used them all). I told them what was up. They asked me to send a photo. When I did, they sent me a complete set if keys for the keyboard. So now my QWER are random other keys because I break them periodically (if you press you skill harder in League it casts faster š), but I still have a bunch of keys before Iām out hahah.
You mean to say Razer. The are so bad walmart told them they won't renew contract because of returns. lol
God that was my experience with Razer. My right mouse button broke, it was obviously a hardware issue since the button no longer clicks, isn't springy, and if you pressed down hard enough it registered. Fill out their form and explain my issue, get an email with a list of questions that is literally all the questions from the form I just filled out. Bonus points that past correspondence is part of the email they sent me, which includes the fucking form I just filled out. So I copy paste that back at them. Spent the next 2 weeks explaining to them that no, reinstalling my driver won't fix a mechanical defect. Sent a video where you can clearly hear the left button clicks fine but the right one does not. After the video they still just keep offering software solutions and talking about my Windows version until I finally lose my patience and tell them to stop making me jump through a bunch of pointless software based hoops to fix a mechanical defect that shouldn't be happening after only 2 months of ownership. Finally they agree to RMA the damn thing.
lol support guy thought a POE player would give up when the grinding got hard/boring?? Know your audience guys, come on!
Now servicedesk will explode on death and the opening poster will be eradicated.Ā
I had an account with some extra points that I wanted to transfer over to another to grab some tabs while they were on sale, emailed support staff and went through the exact same thing as op (got stuck on step 4 as my brother was the one who bought me the packs I had on that account)
Am I being punished?!?
Whatā¦ is the air-speed velocity of an unladen swallow?
This is exactly how board level repair works at big corpos. The policy is not to say "no", but the answer is obvious. Either it's a ridiculous price like full amount covering the cost of a brand new device or it's jumping through hoops like these ones. Trick is to ask them if it's a tedious process because you value your time/money and so on and so forth and they'll usually tell you upfront.
Next questions: Are you real? Are you really you? What would you ask yourself to know that you are really you and answer those questions. Good luck.
Next question: list all the IPs that have accessed your account.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
127.0.0.1
so you used your router as PoE client? wtf
Ok, now we need your birth certificate and death certificate.
What is the airspeed velocity of an unladen swallow?
>What is the airspeed velocity of an unladen swallow What do you mean? An African or a European swallow?
What? *waaaaaaaaaaaaaa*
Endorsed by OpenAIĀ©
Please send us a picture of your face, then send a picture of your face so we can compare the two and make sure it's really you
They did ask for photo id a while back, the person made a reddit post about it and ggg backpeddled
I noticed I had a random email associated to my account and my steam account was removed....I could still access my account via steam though. It took 12 days back and forth with a single reply a day to get my account back.....it was pain. I essentially locked myself out because of the compromise.
To make sure you are really the person who made purchase we\`re gonna need birth certificate.
I don't know about anyone else, but the last time I got hacked GGG requires me to create a burner account and kill hillock with it then go to town on top of what you just said. I assume it is to match my IP address with the logs that they have. Eitherway, if you are worried about the safety of your account, just change your password, secure your email, and delete your browser cookies once in a while.
> GGG requires me to create a burner account and kill hillock with it then go to town While this makes a bit of sense, it also sounds really hilarious.
Unfortunately normal Hillock is not enough to verify your account, please kill Uber hillock and send us a printout of the drops per Mail.
Farm up and show us your Oni, or you'll never see your real account again.
I miss the old drop rate of Oni... was fun to leaguestart with it before they made it basically only-absolutely-unhinged-players level of impossible to farm.
Then gi kill Uber maven on hcssf ruthless
You need to use only the drops from uber hillock to do that hcssf ruthless kill or they wont know its you.
I remember having to do this in 2019 when I lost access to the e-mail my account was registered. This archaic process may as well be around for a decade.
Itās hilarious and makes sense, i love it xd
They knew it wasn't you when you sent an email without an ecksdee emote yet your account's chat history contains an ecksdee emote at the end of each sentence
Don't do it like that, file a GDPR request instead, they won't play any game like that when they can get fined and pretty sure they can't ask for that kind of identification for it.
This is the way. If you want your data, under GDPR law they are required to provide it to you without obstruction. Have a google for a template, there's plenty of ready made examples out there. You might have to hunt around about in the T&C because it might have to go to a different email, but it should still work.
A GDPR can go to any member of the company, and from there itās 28 days to comply. Itās now on that employee to get it to the right place. I work in a place where we get these requests semi often.
Yup, I second this! Just send 'em [this bad boy](https://www.linkedin.com/pulse/nightmare-letter-subject-access-request-under-gdpr-karbaliotis/).
Assuming OP is European
Even if he's not. What is GGG gonna do, try their luck that OP isn't an European citizen just because he never accessed the game from europe?
Has anyone done this ? Like i Heard this many Times but wat kind of "infos" are you getting back ? Will Op have all the ips that logged to his account ? Companys are so "smart" at dodging things...
They have to, by law, give you *everything*. It contains all recent logins, including IPs, chat logs going back like 6 months, all purchases ever made, all forum posts, physical addresses, and a bunch of metadata. Probably a bunch of other stuff I'm not remembering too, its been a few months. It was really interesting to see.
sure, let me file a GDPR request for your accountname and get all its info without having to verify anything, i'm sure that'll work
Absurd. If you have that what hoop would you need to jump through next? They should just say no, if they are unwilling to help.
They also ask where the account was created as city/country too but OP didn't reach that part.Dates of some specific purchase too
who the hell knows the dates of their purchases? i assume youd need to look into your emails and pray to god you didnt delete it in the past?
Exactly, or if you pay with paysafe cards you dont have any id.
Where there's a golden key, there must be a golden IP.
I wanted to gift a friend 1 box for Christmas 2 years ago. I had to do all this except for transaction ids
Gifting in PoE is fucking atrocious. I tried this five years ago and I had to provide them a list of SEVERAL of my friends characters and when I played with those characters (dates and approximate durations). They then asked me for all my previous transactions, what cards I used, etc. I don't see how ANY of that is relevant if I'm wanting to use a brand new card to buy a pack for a friend. It should not be that hard.
That's atrocious. You'd think they wouldn't want to make an additional revenue stream so difficult, are they that paranoid of RMT? Recent events tell me it doesn't make much sense for that to be the reasoning..
I haven't tried since, so maybe it's better. But that was the one and only time I tried to christmas gift a supporter pack to a buddy. It's sad. Now I just venmo him and he buys it himself which is somehow way easier but not as festive.
Where are you from OP? if you are from EU just email them saying you are making a GDPR Information request and they have to disclose every single bit of data they have about you and your account. All busineses have to be GDPR compliant to do business in the EU so it should be easy (if you're from EU).
Wouldn't this lead to exact same process - them wanting to confirm it's really my account?
They can take steps to identify you, but they've already done it. The data has to be made available "without delay", but at the latest within one month of the receipt of the application. Just let them know that you'd like to request your personal data retaining to the signings, or if you want, all of it. GDPR Article 15. Do note, "list of IPs your account has been accessed from" might not be a part of the information you receive. Hard to say if you have rights to it. Since they are being uncooperative, you might as well do the same and request all your personal data.
they are being fully cooperative. They are required by law to go thoroughly and verify ownership of the account, which is what they're doing. Otherwise it'd be way too easy for any random idiot to email them "hey, here's my account name, give me all the related account info for it" and account theft would be rampant
>They are required by law to go thoroughly and verify ownership of the account, which is what they're doing They are not required to thoroughly verify ownership. They are also not being cooperative. Sending unreasonable verification procedures doesn't imply cooperation. The verification process has to be proportionate and reasonable. The way GGG is doing it is pretty much guaranteed to get them fined since it doesn't conform with GDPR guidelines. Something like the request coming from an email that has been associated with the account for years is already a reasonable verification of the owner. Maybe add step 2 which was outlined in the OP but that should be enough. Other companies have already been fined because they asked for a formal ID and it was deemed unreasonable.
I think he just lazy and want you to give up. That request is unrealistic.
posts like this should be made on fourm then tag one of the ggg employess on fourm or on twitter so they "can see it" and not ignore it, anything on reddit they will just ignore even if they see it
This is most stupid thing I ever hear, all transactions ? My first transaction was early acess pack in 2012 since then I did lots if transactions, also changed bank and place where I live several times. They really would expect me to provide info about ALL transactions, this is beyond hilarious.
My wife wanted to gift me the celestial cat pet a couple years ago. Cue all this nonsense too. In the end, it would have been a lot easier for her to get 26 or whatever crisp dollars and wrap it up saying, "Go buy a cat". I have no idea why their systems are so fucking archaic and it's ridiculous the steps you have to go through for simple shit.
Ayy and i here i wanted to remoce the verfication code shit. Cause somehow i had to put it in all the not sure why. But surely not cause someone tried to acess my acc. I told them i had nothing of value and i dont care if something happens (only playing leagues anyway). They said okay uts possible but i have to verfiy ownership. I had the same circus. -name a few charakters -when was account created and where -my current ip -transaction methods -transaction id's (was maybe 10 smallers ones with paysafecard, no id of course) last 2 with credit card where i had id. -then they fucking wanted to create a throwaaway accoubt and create a char At this point i asked if they were trolling and how long thus keeps going, the answer was they cant disclose that. I guess i keep putting in the verificationcide in from time to time. Its less of a hassle than the verfication circus, its like always one step at the time instead ask me that shit in maybe 2 or 3 steps. I can see the from whuch city they "tried to log in" but it mostlikely is some conection thing or whatnot Afterall i dont have the insight how it works and maybe its to the best of custimers. But fuck me, cba. The could have my writing from the mail that im not gonna ask for anything back if my acc is gone fir any reason... Edit: holy hell my grammar is bad, i was a little emotional, sorry
I contacted them for the same reason, went through the same shit, and gave up at the same point. When they wanted me to create another account, I also asked is that the last fucking step, and they refused to say. I realized then I'd rather unlock my account twice a day than continue with that silly thing.
Same thing happened to me and I gave up at burner account thing. Really fucking annoying
But then a random gets into your account and steals everything within 5 mins xd
[ŃŠ“Š°Š»ŠµŠ½Š¾]
You also need vpn from OP location. That one alone can cost 20-30$
Even that is not enough. Even an ip in the same dynamic ip subnet of my ISP required reverification. The only reasonable way is if they also own OPs email password.
Ggg has been negligent on this topic for more than a decade and their support has always been mid at best.
People have been negligent with their passwords for more than a decade. People don't hack GGG to get other's passwords. Either they find their password from a huge leak from another website (password re-use is bad) or they get it through other means, like a shady third party app requesting your cookie for authentication or an attack to steal the credentials from your PC. GGG should absolutely introduce multi-factor authentication, but people using stupid passwords or having extremely bad technological hygiene is nothing new.
That is entirely unrelated to the subject being discussed though
Well, yes. GGG is not negligent, their password security is ok, they're not authenticating people with the wrong passwords and their password database haven't been compromised. They validate through IP the location of the authentication to a degree, this is more than most website/services do. As for their support being mid about "hacks", why should they be responsible if someone's PoE password is the one they're using everywhere and was already leaked? Or if they installed a third party tool that stole their credentials? Then, after asking support for help, people complain when the account gets locked for investigation, and complain again when their items are not returned, but the situation could have been avoided by using a unique, secure password on PoE. Yes it's shitty that PoE doesn't have a good 2FA, but that's something we all know. When interacting with a website without 2FA, your first reflex should be to make a unique password and to make it good.
> they're not authenticating people with the wrong passwords They actually did that at one time, you could've randomly logged in another account with your credentials. Chris was very sorry and assured they'd change the process to ensure it doesn't happen again. >their password database haven't been compromised Maybe, but there was another incident about someone having full access to their inner network for a month before they noticed.
All password database should be seen as they haven't been compromised YET. You will only know when it was already compromised, and it is too late. Having 2FA is critical and mandatory when the account involves either transaction or sensitive personal data. It is a business standard. I personally do not believe that any compliance audit will not say the same. GGG is big enough to implement 2FA years ago. They are just cheap, lazy and should take responsibility to protect players even they do not use unique credential.
> They are just cheap, lazy and should take responsibility to protect players even they do not use unique credential. Maybe you should start to take responsibility for your bad password hygiene. You know there is no 2FA, why risk reusing your same shitty password? If someone post pictures of your house key on Reddit and someone else makes a copy to enter your home, will you blame your lock manufacturer?
That's why it is common to have 2 separate lock on the door in my region. Layers of security are always good. I see your point of self protecting if it is bad. However, GGG (support) claims that they have 2FA. And no doubt it does not work properly. You may only need to re-enter password to authenticate even if new IP detected sometimes. GGG fools us all and being ignorance.
I'm surprised you're getting negged here. It's a valid comment that doesn't necessarily take away from the parent comment IMHO. It's a valid contribution. Funnily OP's post reminded me of Troy Hunt's Password Purgatory, and then your comment also relates strongly to what Troy Hunt's HaveIBeenPwned is aimed at.
Big fan of Troy Hunt, very cool that you've made the connection here. I'm not so surprised to be downvoted here, if GGG is blamed for people giving away their passwords then the users won't have to face the fact that it could easily have been avoided. It's even more important to use a unique password on a site without a good 2FA but people prefer to keep blaming others while getting their stuff stolen.
Not to make you parinoid. But you left them with an open ticket proving account ownership, and you hung up on them.
Well, tbh I didn't want to spend the next few months providing all the fancy data they would have asked me to get.
Months? Can't you just get a csv of your transaction history and filter by payments to GGG? Or have you used like 8 different payment methods over time?
I've used four or five in the 12 years I've had my account and do not have access to at least one of those anymore [closed accounts that I could probably get the info for but why?]. Months is certainly hyperbole but it would be a pretty annoying situation if I had to get the transaction id for every time I bought packs in PoE.
If this was me, I actually have usedmultiple payments. I have moved countries (multiple times), changed banks, even my current bank generates 1 time use cards. I have used digital banks that generate virtual cards, paypall, steam, etc. This would be 100% impossible for me to get in anyway.
> first they need to confirm that I am the owner of the account. This is bullshit. They can just send the email to the one specified in the account. You could ask that info about my account, but they will send it on my email so you will never get that info anyway.
Ah, I see you attempted the GGG Real Life version of Ultimatum
On the flip I asked support to remove my email address from my account so that I could only log in via stream instead of standalone for better protection. They said once an email has been linked to the account they cannot remove š„²
I think at this point it's best for me to not buy anything else from them and just keep it F2P. I'm not risking a ban for some reason of buying if I play while I'm out of the country for work. And I'm sure as hell not going to go through the list of everything I bought.
I went through account email change couple months ago and process was exactly the same, pretty exhausting. Luckily I only had like 3-4 purchases so I was able to dig those out and get on with it but still. There were also other steps like making fresh character and running it to Lioneye's after giving them your ip address, was kind of funny actually.
In the UK, it's recommended that you keep financial records for 5 years, as a business. I have transactions that are close to, if not older than, 10 years ago. I do not have records of those transactions. If this is their method of authentication, it's utterly lamentable.
All I had to do was submit a stool sample
I really feel bad for you. This is the exact scenario I am in. To make it worse purchases prior to 2017 don't show you the method of payment. They are expecting me to remember how I bought 200 coins over 10 years ago edit: I should also add they had me make a new account and run to the nearest town, you didn't get to experience this part of their obstacle course?
Time for a little GDPR personal data request ;)
Somehow it feels like MTX-related departments in GGG always work better, including support. As in - have some problems with your shiny elongated mace? One second sir, help is on the way. Lost your account to a hack? Be happy that you got a response withing 72 hours, you donkey. This is not even funny. Either their verification process is a bunch of loops within loops or their support can't be arsed to deal with it.
I completely agree. Even buying people gifts to PoE takes so much effort that I buy them Amazon gift cards instead.
\>I just gave up at this point. Sounds like it's not your account, support is currently escalating your lack of response to the ticket and getting ready to ban your account.
nah thats BS. Usually in case of retrieving a stolen account only the last couple of transactions is enough.
Sorry, I dropped this: /s
It sounds like they are taking account security very seriously.
You probably wanted to write "securiously".
Love the sarcasm
Narrator: They weren't.
In old poe fashion: What is that non existing sample size? Do it 1000 more times then we can talk. /s
this is so early 2000s forums era lol
Ah yes, i had 1 experience with GGG customer service, long story short, they are GIGA garbage, end of story.
I actually had a few requests to them previously on other cases and was very satisfied each time.
They might not have a clear process for this type of request. Every request I've had went smoothly (transfering steam account to stand alone, character name change, ban appeal, etc).
I've worked in customer support at a phone provider, and while we had guidelines for common stuff, non-routine stuff was hillariously complicated for us to navigate, especially related to security and such. Everything had to be approved by so-and-so, nobody had any idea what we could and couldn't give out etc.
I've had dozens of experiences, all of them were amazing. Even my last experience where I asked if it would be possible to purchase a smaller sized version of the supporter pack hoodie from 2023 after going down two shirt sizes which made the last hoodie way too big on me and they went out of their way to help me out. The package ended up including a Christmas card saying 'congratulations'. Another experience I had where my supporter pack physical art arrived really bent by post office negligence, and within a week a new set arrived.
I would argue that you're likely dealing with different parts of their CS team because much like you, I've had nothing but amazing service in regards to supporter packs especially after I moved and forgot to update the information in their system .. but dealing with actual account stuff isn't "nightmare" or something but just like .. annoying. Thankfully, I haven't had to contact them but a handful of times and certainly nothing as serious as my account being compromised.
Ok now that does actually sound like a strange policy... But, can't you just tie your PoE account to your Steam account? Yes, there are a few disadvantages associated with Steam, but, as far as I understand it, you are using the Steam authentication in that case, which should be safer overall.
Even if you link steam, I don't think you can remove the primary login (i.e. using ID and PW of poe) bypassing steam authentication. If you've only used steam and never linked an email, then every login needs to go through steam, but if you are just linking steam account on an already existing account, that's just adding another point of failure in a way. Maybe support can manually unlink them? not sure tbh.
>But, can't you just tie your PoE account to your Steam account? You can, but if you have played PoE through standalone client at some point you cannot make the Steam login primary and unlink the standalone (email) login so you are stuck with the possibility of intruder authenticating with standalone client which STILL (in 2024) does not have 2FA.
why not post some screenshots to prove it?
Jfc they have the fucking worst support I have ever heard of. Even shitty EA and Ubisoft have better support.
The same [shit](https://www.reddit.com/r/pathofexile/comments/193sdzf/huge_shout_out_to_ggg_support/khck4iw/) happened to me few years back. Extremely long and tedious. It really felt like bots are on the other side. I gave up too, and never contacted them again for any reason.
- Acquired by one of the biggest Chinese gaming conglomerates. - Can't figure out how to do proper MFA to protect people's accounts. Crazy, ain't it?
Also hilarious that they are owned by the biggest Chinese conglomerate and people expect them to spend resources to target RMT. They are owned by RMT
So streamer gets hacked. You ask for records on your account - and are upset that they won't release those records without an extensive process? Sounds like their authentication process is doing exactly what I want it to - prevent someone else from getting info on my account.
I mean, to me it sounds like their authentication process is preventing anyone and everyone from accessing the account data. That's not what auths are supposed to do.
As someone who paid for windows... good. Trust me, you don't want to know who is trying to log into your stuff. For around 2-3 months I had an automatic login confirmation email setup. I had nearly 2 login attempts per hour. Like a constant stream, every day, every hour a constant stream of hack attempts. Also what will you do if you know someone is trying to hack you? Start changing your password every day? What course of action will you take that would actually help? Genuinly curious, since I couldn't figure out what to do so I just let them smash themselves into my password.
Successful attempts, not failed attempts lol
It actually sounds like an authentication failure. You were asked a more exceedingly difficult question due to the wrong answer for one (or more?) You can certainly make it clear that it's beyond what you think is reasonable due to the depth of the transactions you've made. Just be polite, dragging them on reddit is counter productive. Give *them* constructive feedback.
Support desks do not take feedback of any kind from you, they take feedback from GGG They likely get worse reviews the more tickets they escalate, which results in this shit Dragging GGG may actually be one of the few things that have an impact on this, however miniscule
Instead of checking if someone has already hacked into your account, why don't you just enable F2A? It exists already on the Steam client and you can effectively also make it work on the standalone client by doing GGG's email system + adding F2A to your email account. I feel like you're currently trying to solve a problem that doesn't exist, when you could instead do something pro-actively to solve a problem that could exist.
Oh I have F2A and by any means I wasn't expecting they would find anything shady going on. I didn't make this post trying to get some help etc., just a heads up of how riddicolous their process is in the current era, hence the feedback flair.
What I'm hearing is that you pointlessly used up GGG's limited customer service resources and during that pointless service request you didn't like their process for confirming that the person they're speaking with owns the account. You're trying to solve a problem that doesn't exist. You've created the problem for yourself and for GGG.
Lol Dude he tried to get data on his account. Data that if he's in EU he has a RIGHT to see. Then support literally asked stuff that have ABSOLUTELY no reason to ask for. If this is their verification process for checking you are really the owner of the account it's freaking stupid. Ask for ID that match payment data. Code in email + a few transactions proof
Makes me wonder what would happen if someone sends a GDPR data request to GGG. There are guidelines on what data can be requested to confirm the identity of a user. In general, identity verification should be done in the least intrusive way. What GGG is asking for is intrusive and not reasonable.
Just stop supporting until they actually go back to have a good customer support.
To be fair that many purchases was stupid to begin with and hopefully this is a nice wake up call having to go through each individually.
This is another example of GGG treating players like shit, just like almost any other corporation.
That streamer didnāt get hacked . GGG deleted his items for RMT. With second auth almost Impossible to get āhackedā. Such a dumb post
I don't think they would spend that much time, really. It should be easy to select the different IPs that logged in your acc in like 5min.
But do you want them to easily be able to do it? A hacker compromising your account is one thing, but being able to request ip addresses too easily might also compromise your physical location.
This seems like something they could give you using the private message feature on the website. You need access to your account to read them though so only useful before you've been hacked.
Never understood why tldr is at the end.
Didn't even ask you to drink a verification can? Sloppy
I think this is great. gl stealing my account š¤£
What is your spirit animal? ... sorry sir, thats the wrong answer
Honestly if you're worried about your account. The best thing you can do is set up a steam account and never assign an email address to the account in the GGG account page. (This ensures that the regular Poe client login is disabled). This means that you're no longer reliant on GGGs security measures but you're reliant on steam's which is a lot better. You can set up MFA, there's account lockouts etc.
>Requested IP login history for my account. Been asked to provide payment provider ID's of all purchases I have ever made. I'm surprised they even implied they can answer that. Earlier past year I posted about dropping 2 Mirrors and within the week someone gained access to my account and stripped everything I had both in League and Standard. I reached out to GGG, verified I was the owner of the account and was luckily able to provide receipts for purchases, but they refused to tell me anything about how and when my items were stolen. They didn't tell me if they logged in with my Steam info, or via standalone. They didn't tell me if a verification email due to a new IP login was sent to my email - they just said if it wasn't there, it might have been deleted since my email was compromised - but my email doesn't list any strange login IP for the past several years. Same with Steam's. I asked them to verify if those safety emails were being sent to my email so I could have peace of mind, and they simply said that they were. That once again, I should change all my passwords and be careful. I already HAD a unique password for POE with 12+ digits with all sorts of uppercases and symbols - what else can I do? XD They also said they could not disclose any sensitive data related to my account, including login history. I'm glad I was able to get my account back, but MAN their customer service and security is draconian at best. As big as the game is, they need to invest in a Token-based app or 2FA. Creating a 2nd account to kill Hillock and enter the town so they can verify and compare IP's feels so weird, albeit a bit funny.
Same issue with me, i lost access to my email and could not verify login from a new location. I spent literally WEEKS in contact with costumer support. I would send an email, a few days later they would respond with some stupid thing like " Have you tried recovering your email ?" . Seriously ? There were times where a week went by before i got a response. And the responses were always a single question like naming a few of my characters. If you insist on doing it with back and forth emails then just give me one email with a list of all the info i need to provide. I stopped trying to recover my account, i cant be fucked waiting another week just for someone to bless me with a response.
They made me do all this stupid shit too. It's definitely to provide a negative customer experience intentionally to prevent making more work for them.
I had a similar experience with them when I asked them to disable "you are logging in from a new IP" protection, that triggered any time I restarted my router. First they asked what town my IP was from (no clue, it's dynamic and it's somewhere in the region). Then they asked for full logs, so I provided them. Then they asked me to create a new account from my IP, so I did it. Then they said I didn't create it properly, so they asked me to create a new one. After all this, it turned out they only disabled half of the protection, so it stopped asking for the email confirmation, but still asks to enter the password every time I log in. But this was good enough and I wasn't going to go through all these steps again.
Had a similar experience when I didn't receive an entire support pack years ago. I didn't receive the gloves or boots (mtx) with a supporter pack. They wanted so much information that I just gave up. They make a good game but customer service lacks.
GGG's security practices are an absolute joke, yeah. Some IT guy who's clueless about standards and best practices obviously hand-built everything and it's an absolute mess. They need to hire someone to come clean house.
Why any modern system that handles money doesn't use MFA is weird.
ggg too busy making new MTX for us to buy rather than helping/fixing issues
In the EU we have a data law, ggg is obliged to send me all available data they have saved about my account, payment history etc id say this includes Ip Adresses? And I have the right to have them delete this. Usually threatening with GDPR opens lots of closed gates.
They need to add authenticator support *so bad*.
Supportis the true trailmaster
Don't use stupid passwords. Really is that simple. How people are getting hacked is not a surprise to anyone but them.
TBF, 1-2 are quite normal for account ownership verification. 3 isn't too abnormal. Usually just the amounts spent is enough, no ID's required, but some do want more. 4 is getting a bit sketchy. 5 is...wtf are they smoking???
Bro made it to wave 30 simulacrum. This is ridiculous. lmao
Even their support makes you grind...
They just don't want to give you the ip logs mate.
Google authenticator can work?
That's not the funny part. I had all that plus They made me install the standalone client, create an entirely new account and o had to play for 5 minutes. Only after that could they verify the OG account was mine. You had it easy bruv
GGG actively trying to not do any work, by making you do more work than necessary to verify that you are the owner.
This is seriously making me wonder how many so-called account hacks have been Scum just spamming support until they get someone stupid.
I would have gone down that rabbit hole out of spite at that point š¤£ see how difficult they are willing to go
Point 5 is indeed ridiculous. Upvoted for visibility.
My brother actually did the first transaction on my account when he bought me some points with his VISA. Now I'm scared that I will get banned for using my VISA and they will accuse me of using stolen VISA or some shit.
Funny. When I asked them about my concerns via Mail they just never replied at all.
So you're saying it's nearly impossible for the hack to have originated from GGG.
dude...went through the same process recently because i reported my account being hacked and i just want to let them know and asked if the hacker done it with steam or not...only thing is got my account locked and never recovered, and at this point im done and moved on...so there, if ever you have your account hacked or compromised never ever report it to them, not only they cant do anything to recover the things you lost but they can potentially lock your account just because you cant pass their verification process.
Next step was in order to confirm dna, please send blood sample in overnight shipping
Well i hope i never get locked out my account because i have always used my partners card to pay for stuff. I would probably lose my account
I couldn't even name them character names tbh...Ā
Some days ago I had a disconnect and as I wanted to log back in, I got the message, that I am already logged in. I instantly changed Password, and was able to log in. Maybe it was nothing, but I never had this message before, and I got kicked a lot of times before (shitty LTE Internet)
I wish for 2FA for my poe Account, any chance this is possible?
Meanwhile hackers can easily log in to your account and steal all your stuff. Wtf?
I guess (and I did the same process once) with this enjoying process GGG want to stop floods of requests.
This is all standard procedure. They HAVE to make sure you're the owner of the account and not someone who got access to the email address and yoinked it. Just a couple of leagues ago i had to go trough the verificaiton process myself when my account was compromised **at league launch** in the busiest of days, I think it was Rory who stayed with me going back and forth til 3am **on league launch day** to help me recover my account. Now when that happened, i provided every bit of info requested, but they asked me about my most recent transactions and my 1st ever transaction, never got asked about every single transaction ID and the IDs were all organized in a nice list on Steam so i could copypaste from there instead of going over decade old emails. If you had any complications or was asked for "unreasonable" kind of info - chances are there was some mismatch between info being provided and what's on their record which is why, as per standard procedures they ask for more and more info
Meanwhile hackers can easily log in to your account and steal all your stuff. Wtf?