Regarding the Perma-ban of hacked accounts used for RMT

[Vod]

Don't go to questionable sites, and you wont get your keys logged, or your account phished.

[Kuhlee]

What about those who were well and truly hacked? My friend didn't do any of the "stupid" things that compromise your account. He didn't reply to any gil spammers, didn't go to any fake websites and made a brand new 13 digit password for this game. Also, SE banned his account AFTER he recovered his account, changed his password and attached a security token to it and sent them a ticket about his being hacked. What recourse is there for him?

[HoroBoro]

You don't get "hacked". Someone has the time and the means to find a way into the SE servers and get your account information.

It's a lucrative business - think about it. Each account is worth at least 10 dollars. Assuming you get 100,000 accounts, and a turn around of at least 50%, you get 500k for one project. Depending on how good encryption standards are at SE. Probably not too difficult.

This is why we have the authenticator. Mobile phones are even easier to hack into, but at least they can't pull 100,000 users at once.

Edit: Sorry - I was just addressing the people who seem to think that account security is always the fault of the person getting hurt. If your friend did nothing to bring this upon himself, the only thing he can do is contact SE and go through the Service Conga. Pray for the best. He should take this as a lesson and use different passwords for different systems and use all security features possible.

It's tough but it's the price we pay for internet use to not be heavily monitored and regulated. BTW do you know about trusted computing?

It's enough to make a person paranoid.

[Kuhlee]

You "answered" a whole lot of things I didn't ask, yet didn't answer the one thing I DID ask. The information is nice to have, but it isn't what I need right now. What recourse does my friend have if he did nothing to bring this on himself?

[Synnshayd]

They are not getting passwords from SE's system. And even if they managed to do so without detection, due to md5 hashing(at a minimum), a properly formatted password would take anywhere from days to weeks to generate a match.

As long as you are not using dictionary words or sequential characters/patterns, your password is fairly safe for a time, even if someone captures the copy in the database.

[ispano]

You "answered" a whole lot of things I didn't ask, yet didn't answer the one thing I DID ask. The information is nice to have, but it isn't what I need right now. What recourse does my friend have if he did nothing to bring this on himself?

The problem is you don't realize what's happening. If someone was truly hacked, many, many others would be too, the servers would be compromised and SE would be smart to take them down to plug the hole.

People like to think they did nothing to bring these issues upon themselves, but in most, if not nearly all cases, they did(Or more clearly, they didn't do enough to prevent it). Yes, the user. SE cannot provide 100% security for a user account, the user HAS to have some security of their own. If the person who compromised the account didn't get the info by hacking SE's systems, they got it from the user, either directly or indirectly. It's not hacking, it's poor security on the end of the user. Keyloggers are just one example.

[ShadowKuraido]

Been playing mmos since 1999 and never been hacked... pretty sure people just need to learn how to use a computer safely.

[Azures]

Reading the comments here make me laugh the only way these gold spammer can get your account is if you buy there power leveling service which means giving them you ID/PW

[Kuhlee]

If the person who compromised the account didn't get the info by hacking SE's systems, they got it from the user, either directly or indirectly. It's not hacking, it's poor security on the end of the user. Keyloggers are just one example.

Be that as it may, you STILL aren't answering my question. The friend in question is an IT Specialist and has been for over ten years. He checked both of his computers multiple times and neither had any malware of any variety. His password was not a dictionary word or anything sequential. He didn't visit any phishing sites. He is brand new to the game, only had it for a week and didn't know to get the app for his phone. So again, what options does he have since SE closed his account without giving him the promised ability to regain control of it.