PlayOnline Exploits

[atom0s]

Platform: Windows
ISP: Frontier
Type of Internet Connection: DSL
Internet Connection Speed: 18Mbps
Date & Time: 08.26.2023 - 1:00pm
Frequency: Always
Character Name: N/A
Race: N/A
World: N/A
Main Job: N/A
Support Job: N/A
Area and Coordinates: N/A
Party or Solo: N/A
NPC Name: N/A
Monster Name: N/A
Steps: N/A

I would like to know the best method to report several PlayOnline-related exploits.
I'd rather not post them here on the forum for people to abuse.

You guys don't use anything like HackerOne or similar so another channel would be appreciated.

---

Sadly, said communications seem to be getting nowhere as the support team has no way to escalate this properly/further as it needs to be.

I am making an announcement in regards to a major security vulnerability I have recently discovered on retail that can affect literally every single player. At this time, I will not be disclosing the vulnerability publicly, but do wish to help ensure the community is safe the best I can with what I can share at the moment. Due to ongoing issues with getting into contact with `Square Enix`, I feel it's best to still inform the community of measures you can take to help keep your account(s) safe.

If you have ever shared your account with anyone, regardless if they are a friend or family, or if you have purchased an account from another, then I highly encourage you to specifically change your `PlayOnline Password`. Regardless if you have recently changed your `Square Enix` account password, this is critical. Also, even if you have a One-Time Password / security token connected to your account, your account is not safe from this vulnerability.

You can log into the `Square Enix` account management portal to change your password by visiting the `PlayOnline` website and clicking the `Square Enix Account Management System` button at the top. From there you can log into the SE account system and navigate to the proper page to specifically change your accounts `PlayOnline` password. I encourage you to do this for all accounts you have/use.

To Square Enix, please contact me. I am available via email at: atom0s@live.com

This is a serious matter.

[Alhanelem]

expolits should be reported through the STF form or to customer support

[Immortal]

You are not a moderator, you could be reported for impersonating one, let him leave it here too, maybe he already did those steps and wants to make sure this is seen.

[Alhanelem]

You are not a moderator, you could be reported for impersonating one, let him leave it here too, maybe he already did those steps and wants to make sure this is seen.

I didn't claim to be a moderator, I'm not impersonating anyone. I simply provided the correct information for your convenience in order to be helpful. I also replied because you're not going to get a response from anyone at SE here, they do not reply to bug report threads. He said he didn't want to post these things publicly (which is the correct course of action), so I told him where it should be posted. This is according to SE's own support site and terms of service, which tells people not to disseminate exploitable bugs and instead report them directly to SE through customer support.


There is no rule that says someone who has knowledge that someone else needs can't post to offer it. Aside from complaining, one of the main purposes of forums is to help our fellow users.

[atom0s]

You are not a moderator, you could be reported for impersonating one, let him leave it here too, maybe he already did those steps and wants to make sure this is seen.

I have, reached out in about 5-6 different ways. Just covering the basis to get the best possible outcome of it being seen.
Just ignore the forum 'try-hards'.

[Alhanelem]

I have, reached out in about 5-6 different ways. Just covering the basis to get the best possible outcome of it being seen.
Just ignore the forum 'try-hards'.

Who's try-harding?

I just gave a rational, logical response and got dumped on for it.

If you submitted it in the proper channels, it will be seen. (Whether anything will be done is another matter, but since you're being rather vague about it, I don't know how serious these exploit(s) actually are). There's no need to post it in every imaginable place, and doing so may just invite more people to try and find the exploits. As I noted, the user agreements cover the discussion of bugs/exploits and what should be done with them. If SE is expecting us to do it a certain way, they'll be listening when we do it that way.

[Sirmarki]

Who's try-harding?

I just gave a rational, logical response and got dumped on for it.

If you submitted it in the proper channels, it will be seen. (Whether anything will be done is another matter, but since you're being rather vague about it, I don't know how serious these exploit(s) actually are). There's no need to post it in every imaginable place, and doing so may just invite more people to try and find the exploits. As I noted, the user agreements cover the discussion of bugs/exploits and what should be done with them. If SE is expecting us to do it a certain way, they'll be listening when we do it that way.

Let's not turn it into a giant debate (again).

[Alhanelem]

Let's not turn it into a giant debate (again).

It certainly wouldn't be my idea. I just gave a simple answer to a simple post, I really didn't expect to be given a hard time for it.

[Sp1cyryan]

You are not a moderator, you could be reported for impersonating one, let him leave it here too, maybe he already did those steps and wants to make sure this is seen.

Oh ffs, what is your deal? You'd be reported for the same thing by your logic.

[atom0s]

Removed the previous comment due to a lack of support communication.