My account was hacked and how it's been handled so far.

[kazaran]

Some people do not realize that some FFXIV private created forums and guides and other sites in in tandem with rmt sites. Notice the ads? Several are reported as unsafe (I leave those blocked). One popular one triggers unsafe reports that many have frequented on XI.

[kylecrutchfield]

I'm on Lamia, i've /blist ed many corwell characters. Sorry bro. Don't listen to these Sean Penn wannabees accusing you of rmt.

[FayeOrikasa]

Just so all the naive and ignorant people know... You can get a keylogger from legitimate sites, usually related to the game.

For example, back in 2005 the popular site Allakhazam (ZAM) unknowingly had an advertisement embedded with a keylogger. I was a victim of this at the time, and have since always had extra security when possible on accounts, including non-alphabetical and non-numerical characters (eg: #,!,$)in my passwords. Those hundreds of legitimate FFXIV-related sites (forums, databases, articles, etc.) you visit to look-up a piece of information or news of your favorite game? Any single one can fall prey to such a tactic--not just phishing sites. Ad-banner, a plug-in, links, and other sources on sites are used. There are security measures in place by moderators and hosts, but do not think they are fool-proof or on every site.

[FayeOrikasa]

I scanned my computer with various pieces of software at the time, but only 1 out of 8, or so, actually picked up the keylogger; I am assuming the one with the most up-to-date database. So, Ryujin, before even inputting passwords elsewhere, I would highly suggest finding said keylogger first. Thankfully, when I found mine, it was rather specific and labeled as a WoW-keylogger. I had no problems after that, but promptly bought a blizzard security token.

So, anyone here, if you have been visiting FFXIV information sites, no matter how "legit" they are, I highly suggest keeping your guard up, and buying a security token, making a complex password, and/or using android app while at it. The game is popular and new, so it is a rich target of opportunity.

Hackers run simple programs to constantly check vulnerability of accounts, such as for password changes, disabling of security token, or any related account information. I'd bet they already had your information, and then promptly exploited it within 24hrs, or as soon as you became vulnerable for attack.

[Ryujin_Ketu]

I'm on Lamia, i've /blist ed many corwell characters. Sorry bro. Don't listen to these Sean Penn wannabees accusing you of rmt.

Thanks man, I appreciate it. I just think it's funny that they think I'm making up some elaborate story and for what? Lol...

[Evilari]

I wasnt hacked again that I know of. I simply said when I got home from lunch to log on to see the damages, I still got 3102. So either the other character was never logged off like I was told, or he was super speedy and logged on again before I could change my password. I don't have any idea if that person is still in my account or not. Can't tell if they are online or not.

Well on the bright side, everyone's off the servers now. You should be able to log in again now, once the servers come back up of course.

[Overon]

It sounds like your system is not secure.

The Fact he says "None of us is Gil buyer or visit any strange website" makes me wonder how do they pay the bills ? Gil Sellers aren't spamming the Chats for free or fun , its kinda like people saying " No one hacks on MMOs" ..............

[Ryios]

Getting hacked easily usually comes down to some key problems many internet users suffer from

1. Multiple online accounts using the same email address and password.

Imagine this, You sign up for an SE Account With XEmail Address with YPassword. Now at the same time you have a subscription to JoesGameReviews.com with the same Email Address and Password. And JoesGameReviews.com is a legit site with legit that is a front. It's main design is to collect user data. Because 9 times out of 10, people use the same sign in information for all the sites they sign up for because they don't want to have to remember different passwords or manage different email addresses. This is an issue, especially if your email address is something@hotmail.com and you use the same password for that too. If you do that, all someone has to do is take the password from JoesGameReviews.com and go to hotmail.com and sign into your email address. Where they notice you have an Email from Account Creation for FFXIV. Then bam... They go to SE management and reset your password and now they can log into the game as you because they can access your email account.

Easy ways to avoid this

1. Never user your email accounts password ANYWHERE Else. No where. Your email password should be strong, unique, and hard to remember.
2. Never use the same password you've used before on sensitive sites. E.g. FFXIV, Your Bank, Credit Cards etc.

For me, if I'm singing up to review a game on MMORPG.Com, and watch anime on Crunchyroll.com I'll use the same password. But for my Bank I use a different password. So I have 3 levels of passwords

-Level 1: Common sites, all the same (nothing to loose)
-Level 2: Sensitive Sites, Bank, Credit Cards (all trusted coprs like walmart, lowes, etc) all the same
-Level 3: Games (I use a different password for everygame I play usually something like sharedPhrase_WOW_3 or sharedPhrase_FFXIV_4 things I can remember, but hard for someone to guess.

If you reuse the same credentials everywhere, then all it takes is for one database to be breached, or set up to phish, and your hacked.

[Crystallus]

How are you here posting on the forums with a hacked account exactly?

O Noes It's the Hacker posting in third person about being hacked.

Who'd ya give your info too?
This was is the cause of many "hacked" accounts.
I hack my daughters ffxiv account every time she doesn't log out and put her in Gridania since she despises the place for some unknown reason.

[Ryujin_Ketu]

Well on the bright side, everyone's off the servers now. You should be able to log in again now, once the servers come back up of course.

Thankfully...that's, sadly, why I'm happy about the maintenance. That will completely kick then out right? As in they will have to re-log back in? I just want to make sure the hacker can't just sit at character selection and wait until maintenance is over with.