Hakced...SE has horrible security

Printable View

09-16-2013, 01:36 AM
Matthew_John

Hakced...SE has horrible security

So what do I do...totally broke now they sold my whole inventory cant even teleport....does SE do anything to help situations like this out?
09-16-2013, 01:59 AM
Ryuseki

Yeah, they have horrible security, or you go to phishing websites and click bad links, and/or tried to buy gold.
09-16-2013, 02:10 AM
Kosmos992k

Your account is hijacked because your password was weak enough to be guessed, or it was obtained through a keylogger, phishing site, or some third party forum/website where you used the same email and password combination to register. How is that weak security for SE? Choose a strong password that is not the same as any other, and activate a security token - which are FREE for smartphone/tablet users.
09-16-2013, 03:20 AM
Mapleine

Even if it was his fault, I feel it's unfair to blame the user outright, you can get hacked through so many methods nowadays, down to flash exploits in banner ads on legit sites. If you are new to MMOs let me tell you right now that without an auth or another form of defense if the game becomes popular enough it's only a matter of time.

It's Squares game and their job to layer on the security and take care of the user. If they choose not to, they will be spending a hell of a lot of money putting up with recovery efforts or losing a lot of money on lapsed accounts. Other pubs have learned this the hard way.

First thing they should have done, especially as a Japanese company that will not be having the same intensive hands on approach as a Blizzard, et all, is to use an Email guard by default. Works wonders as an initial defense, better than an auth in most cases, and requires nothing additional of the user.
09-16-2013, 03:29 AM
Oriachim

I think there should be alarm bells ringing with SE. User logs in say the UK... 10 mins later user logs in Poland. See what I mean? It's SEs fault just as much as the users.
09-16-2013, 03:32 AM
JamieLee

Hate to burst your bubble... Chances of them getting your user id and password is pretty low from Se.. Chances of them getting your user id and password that works on your FF XIV account from another site that you used the same user id and password on about 100 percent...
09-16-2013, 03:40 AM
worldofneil

Quote:

Originally Posted by Mapleine

First thing they should have done, especially as a Japanese company that will not be having the same intensive hands on approach as a Blizzard, et all, is to use an Email guard by default.

They did have that originally, people who logged in at new locations (and weren't using a security token) had to verify their account (via email/website).

People were screaming on the forums for it to be turned off... and I guess they did.
09-16-2013, 03:47 AM
Mapleine

Quote:

Originally Posted by worldofneil

They did have that originally, people who logged in at new locations (and weren't using a security token) had to verify their account (via email/website).

People were screaming on the forums for it to be turned off... and I guess they did.

Can't please everyone, no one is gonna quit the game because of their (more than likely) account sharing being a little more annoying. They will quit when they're hacked, robbed and routed through an utterly anemic recovery system run by a localization branch, though.
09-16-2013, 03:55 AM
MutznNutz

The issue with IP/Email guard is that people like me get stuffed far too frequently.

Most ISP's do not use Static IP's, instead using Dynamic IP's. This means (I am not 100% tech savvy on IP stuff so apologies if not spot on) each time you reboot PC and/or Router your assigned a new IP address, and as such the game assumes a new location, and refuses log in.
I had this twice before it was removed (Either Beta or EA, cannot recall) and it took nearly 3 hours for the 1st email to arrive, and nearly 5 hours on the 2nd occasion!!! All time I am locked out of the game.

far too many people are already jumping on the "U is teh Gilbuyer" ship. Not everyone who has been hacked buys gil.
The number of methods of exploiting your password (no matter HOW strong it is) are huge.
Flash trojans, 3rd party keyloggers, 3rd party websites hacked, phishing emails etc.

I have even seen one post on this site where someone WITH A SECURITY TOKEN was hacked (not quite sure how, or if true).

SE does need to look at ways to remove the lure of hacking an account (RMT purposes). But for now they have too much on their plate trying to deal with all the other serious issues on their plate (3102/90k/server load/etc.)
09-16-2013, 06:16 AM
Zeblade

While some of the things people say here are true about getting hacked its EASY to get info. Most dont need a keylogger or a weak or strong password lol. Take people in this thread alone. They use names or say things that link them to so many other things on the net. Where you can find out their real name, address, email. The net remembers even if you dont. They post on forums and facebook blah blah blah... Its very easy to find you.

Don't be so easy to think because someone got hacked it was because they bought gold or a bad password.
09-16-2013, 07:13 AM
Haru

http://imageshack.com/scaled/800x600/580/bm5r.png

They still do have the geo-locking on.

I can confirm because i triggered it by logging in from work the other day while connected to a VPN.

Also I've had the same password for 10 years (ffxi to ffxiv) and never once been hacked. The reason is I dont buy gold or visit unreputable websites.
Do not install pirated software that could be included with keylogger.
Also dont make the password the same on any two sites. That way if one gets hacked your password is not the same as any other site.

Also here's the proof about the geo-locking
09-16-2013, 07:29 AM
Ervin

@OP: It's mostly your own fault. There are several ways they can get hold of your info, and it's very unlikely it's due to a breech in SE security.

Obvious passwords, repeated usernames/passwords in several games/sites. The list goes on. Never use personal things in your password, unless it's so personal that only you know about it and you are 100% sure you havent mentioned it on a social media.

There are also things you can do to highten security, like using exclusive e-mail adresses for each game. Have a computer designated for only gaming and another for surfing, minimilizing the risk to click bad links, checking bad mails or ending up on hijacked sites on your gaming PC. Expensive sure, but so is the game you pay a sub to play if you think about what you spend over 10 years. Protect your investments.
09-17-2013, 07:19 AM
lordjoosie

Last night I left my keys in the car when I went in to buy some crack at the neighborhood crack house. Wouldn't you know it, my car got stolen. To add insult to injury, not only didn't JEEP's security prevent an unauthorized user from driving my vehicle, but when I called them, they refused to drop everything and immediately replace my car! They said I'd have to wait for an insurance settlement. Such poor customer service.
09-17-2013, 07:23 AM
kaiyouske

Since no one answered the question of the OT, here goes:

-If you can't log in, submit a ticket to SE. If you can still log in, change your password ASAP and attach a security token or use the smartphone app.

-If your account is listed as 'suspended' you will need to contact SE via chat or phone in order to get it lifted.

Hope this helped,

-kaiyouske
09-17-2013, 07:29 AM
Reinheart

I'm just curious as this is getting worse more and more.

1) OP are you using Physical Token or Software Token?
2) What FFXIV sites have you visited recently?
3) Did you contact SE support? http://na.finalfantasyxiv.com/lodest...41eaefc2aeef7b
09-17-2013, 07:34 AM
Panthur

Something somewhere connects all the accounts being hacked. Just can't see it yet. But wow, just wow at so many accounts getting hacked in such a short time.
09-17-2013, 07:39 AM
Bodhi_Sattva

It's easy to assume someone did something wrong.

It's very easy to assume that because someone was hacked or their account compromised they did "something".

I personally have done nothing but play XIV since it's release. Enjoy every aspect of the game.

I visited XIVDB and this site mostly. Few times went on XIV reddit.

Never went anywhere un-legit.

After maintenance this morning my account has a new char (I did not make) and I am 3102 locked out.

Read around these forums and found out other people were having the same issue.

I am pretty screwed too since I can't add the one-time pw. They added a security questions and answer I don't know. I can (and did) change the pw to prevent further access.

Also noticed the article about your account security (it was too late for me)

Submitted a ticket this morning (before noticing new char and account changes), cancelled it and submitted another now.

Even after cancelling my active service account for an hour and then restoring service I am still getting 3102.

It really sucks and I did nothing at all to deserve this.

I also use(d) a unique ID on SE and PW for XIV.

So yeah... sad face
09-17-2013, 07:57 AM
Duuude007

I notice that if I stay logged in on 1 pc and try to login from another, it doesn't try to bump my (still logged in) character off.

One failed login because of 3102 should trigger the game to try and force logout any instances of characters currently logged in.

That right there would resolve half these issues.
09-17-2013, 08:51 AM
JamieLee

Quote:

Originally Posted by Duuude007

I notice that if I stay logged in on 1 pc and try to login from another, it doesn't try to bump my (still logged in) character off.

One failed login because of 3102 should trigger the game to try and force logout any instances of characters currently logged in.

That right there would resolve half these issues.

that's because both login's are originating from the same ip so they know its you.
09-17-2013, 08:56 AM
atopax

When my issue began happening thursday, I was getting the 3102 error. I had not logged into the game since pre-patch. Submitted multiple tickets that day, only to get back the auto-generated please wait for server congestion email. Game said I was logged in when I wasn't, next thing I know my account is banned for RMT spamming. Clearly the log in was coming from somewhere else, as I had not logged in from my IP since the wednesday before patching.
09-17-2013, 08:59 AM
Panthur

When i 90k i usualy have a 5-15 min wait depending on time of day (ya sattalite likes to randomly ditch whatever game im playing). Each time i 90k i am worried something may have appened until i finally log in. Why there is no auto kick on relogging in from the error after 5 mins is odd. Especially when logging in from the exact same computer and isp.

In EQ1 if i DC i relog can back in with their option to kick myself out of the game, to force a log out.
09-17-2013, 10:10 AM
tort

Quote:

Originally Posted by Matthew_John

So what do I do...totally broke now they sold my whole inventory cant even teleport....does SE do anything to help situations like this out?

Sadly, that's what you get when you try to buy gold from any gold selling spot. They key your infoz, and take your stuff. Nothing to do with SE security, just your own poor choices.
09-17-2013, 10:17 AM
Duuude007

Quote:

Originally Posted by Duuude007

I notice that if I stay logged in on 1 pc and try to login from another, it doesn't try to bump my (still logged in) character off.

One failed login because of 3102 should trigger the game to try and force logout any instances of characters currently logged in.

That right there would resolve half these issues.

Quote:

Originally Posted by JamieLee

that's because both login's are originating from the same ip so they know its you.

I should mention my other PC is on the other side of town... So no, not the same IP.