The Hacker and You: How gilsellers steal your account and advertise in your name.

[Livilda]

This afternoon, I logged in to my inn room at The Drowning Wench. All was quiet. I called for my retainer to check my sales, then geared up and ventured out into the world. Immediately, I was hit by a blast of URLs comprised of a swath of irregular unicode replacement characters and the promise of hundreds of thousands of gil in exchange for a few real-world US Dollars. It was happening approximately 1.3 times per second, which meant that anything I tried to say or my friends tried to tell me would be instantly swallowed up. In a haste, I opened my blacklist to add the spammer, and then opened my report window.

A few minutes later, wandering idly around and wondering just how Square-Enix could possibly let this continue, I found her. A level 50 monk, dressed in Foestriker gear, mouth working - silently, as I'd just blacklisted her - and eyes staring, lifeless as the snows of Coerthas. Tuiyani Kusaragi was her name. It was not a string of random characters like RMT are wont to pick. It was not even a name randomly generated at the character selection screen. It was a name deliberated upon by a human being, particularly for the purpose of sounding Japanese-esque, but no less weightily considered. And it was stolen by a dirty gilselling scumbag, forcing their own words into her mouth.

How did this happen? Are hackers somehow magically able to force their way into your accounts? In all likelihood, no. Not only is this sort of tragedy entirely preventable, it's also pretty damn easy, too.

SO:

How do they do it?
People who want accounts - any accounts - do not specifically hack their way in. The effort involved makes this practice unfeasible for anything but personal reasons. Gilselling is a business; they seek to maximize profit and minimize effort. There are two main ways they gain access to your account:
1. They trick you into giving them your password. You might be a customer for their very own RMT services, or you might have registered for one of their fake FFXIV fansites - believe it or not, these are myriad - one way or another, you may have given them your password without even realizing it.
2. They've stolen it from somewhere else. Players who use the same password for many and multiple games are especially at risk - slight variations of the same password only slightly less so. Almost any game community you've ever joined might be a security risk for your one password. Once hacked into, the data extracted does not simply disappear; it is cracked. It is deciphered. It is sold, and it is bought.

What can you do?
Simple enough. Change your password. Not just for Final Fantasy XIV, but for your e-mail account as well. Use a good password. This stops almost all so-called 'hackers' in their tracks. They see that your old username and password didn't work, and move on down their list.

What can Square Enix do?
Also simple: attack the problem at the source.

Today, I read a rather inspiring article about how ArenaNet implemented a mandatory password change. They took a database of every password previously attempted, combined with the most common passwords, and prohibited players from using them. According to hearsay, the rate of hacking dropped to 0.01% and has been further dwindling ever since.

SEGA of Japan has implemented at least one 'change your password' campaign, and rewarded players who changed their SEGA ID password with prizes in Phantasy Star Online 2. Nexon has done several.

I'm not calling people who get hacked out for using gilselling services, or even for not changing their password, but if you're using a recycled password (or perchance haven't changed your password since last you bought gil):

You.
Are.
At.
Risk.

I like how some mmorpgs use coin lock on your account if you log in from another location. Why not just lock your account (bags, messages, shouting etc..) until you verify your location. Takes 2 minutes.

Because what is most often hacked is not your account, at least not directly. This feature is already implemented in Final Fantasy XIV, and is also easily circumvented if the account data stolen or otherwise obtained includes an e-mail address. If you've used the same password for the game and your e-mail, it's game over.

I have had my account targeted for "suspicious activity" multiple times since release. Every time I change my password and every time it is targeted again for "suspicious activity" and disabled out of precaution by SE. I believe that due to my security token they only hit the maximum allowable attempts before my account was locked out.

And if that's true.. it means it's SE itself that is getting hacked or exploited and not necessarily the users. Sure keyloggers may be one avenue but how does that explain what's happening to me? I've clean installed since 1.0 and I haven't been to any fansites or downloaded any ARR related apps at all. I don't see how I could have a keylogger unless it shipped with the installer itself or the benchmark. Which, for all any of us know, may have been compromised on SE's servers a long time ago.

I'm fairly certain that either you have a keylogger or your e-mail is compromised. I don't believe SE would allow anything on their servers without an MD5 hash, which is a code generated to identify a file - if it has been altered, the MD5 changes.

[Holyhunter]

lifeless as the snows of Coerthas.

OBJECTION
The snows of Coerthas are quite alive.

[Livilda]

OBJECTION
The snows of Coerthas are quite alive.

Holyhunter you are a butt. Go back to vinesauce. :P

jk ily <3

[Holyhunter]

Holyhunter you are a butt. Go back to vinesauce. :P

holy shit

who are you

[Livilda]

holy shit

who are you

I am ████.

[Smoey]

I like how some mmorpgs use coin lock on your account if you log in from another location. Why not just lock your account (bags, messages, shouting etc..) until you verify your location. Takes 2 minutes.

[TrystWildkey]

Thank you! That was all very useful information

Hopefully, enough people will read this to spread the word and help keep us all safe.

[Neptune]

While we're on the subject, has anyone with a security token had their account hacked?

I have had my account targeted for "suspicious activity" multiple times since release. Every time I change my password and every time it is targeted again for "suspicious activity" and disabled out of precaution by SE. Has anyone else been getting those emails? Even while you're logged into the game?

I believe that due to my security token they only hit the maximum allowable attempts before my account was locked out.

And if that's true.. it means it's SE itself that is getting hacked or exploited and not necessarily the users. Sure keyloggers may be one avenue but how does that explain what's happening to me? I've clean installed since 1.0 and I haven't been to any fansites or downloaded any ARR related apps at all. I don't see how I could have a keylogger unless it shipped with the installer itself or the benchmark. Which, for all any of us know, may have been compromised on SE's servers a long time ago. If something that big went down, it would explain the aggressiveness of the gil sellers since this would be an opportunity not to miss.

[Arylian]

Snip.

Thank you for posting. Timely, well thought out and fair. Very much appreciated.

../bow

[Gilraen]

Honestly, I don't see why people are even registering at these fan sites. Most of them are just wikis, no need to create an account to peruse a wiki.