My account was hacked and how it's been handled so far.

[Silverwalk]

I'm the only one here that get his account automatically locked when I login from a different IP? I then have to check my email and change my password. Honestly I think its a pretty good feature to prevent hacking. So how is everyone else getting hacker? This require the hacker to get your email too and change your password.

Just saw your post and yes, this is how it used to work for me in 1.0

It seems that 2.0 no longer implements this check from what others have said.

[ravndark]

Hackers typically get your information from other sites, most frequently fan sites and forums that require you to sign up. More often than not the site in question has no idea they were even hacked. These username password combinations are then ran through a bot that automatically tries to log them in. The moral of this story is to keep your username and password for the game separate from forums or other fan sites.

[Shioban]

I can assure you I have not visited a single site that is fishy or having anything to do with Gil. I also blacklist every Gil seller that I see spamming. I have no clue how they obtained my information in that little of a window from when there was no token to when the hacking began.

Apparently some companies have had their "databases" compromised.
Do you use the same username/passwords as you do for...let's say League Of Legends? World of Warcraft?

If you do, I recommend you stop that, it's a huge risk.

I found out recently a lot of companies have had their security 'tested', and by tested I mean your average 14 year old would seem to be able to obtain the information.

(It could be something else, but that's my guess)

[Reika]

Is possible SE got their database hacked like other MMO's did in the past. Hackers can get your account info without you ever going to any phishing site or any of those more legit sites. In WoW, people were getting hacked even tho they had security tokens set up. There are just so many ways they can get to you without you yourself partaking in any illigitimate activities.

Best thing is to have a user name and e-mail specific to the game, and not use a password you use with something else, and have a security token. I have all those myself, but still not completely safe from the more advanced hackers.

[Voqar]

I don't understand. How is it SE's fault you got hacked?


I've seen many threads like this and usually there are no details. Just a "I got hacked and it's SE fault!"


Did you deal with RMT? Do you have viruses/Trojans/keyloggers or do you have projection against them? Do you use the same usernames and passwords across games and forums (ie, do you use good common sense with basic security or not), do you share account info, have you fallen for phishing, etc, etc etc.


No details. Instead what I'm seeing in these threads is, I got hacked, it's SE's fault by default. Somebody other than ME must be blamed. Maybe it was SATAN! It's the blame game.



SE didn't get hacked. Their data isn't compromised. So...exactly how is it their fault that YOUR account got hacked?


SE has zero control over how smart or dumb you are with using the web, your account information, or your PC. The can't force you to use a unique username and password or to create a strong password (well, they could force this but then people would whine about that).


How can this be their fault?


To me these people are completely deranged. You fail. You blame. You post these threads without any credibility and make demands and claims about SE that have no relevance.


Can anybody objective give one good reason why SE should restore people's accounts who get hacked due to their own lack of common sense or bad pc and bad web habits?


They could restore to be nice - and that's the only reason. But there ARE players who deal with RMT, or who break the TOS, and end up getting hacked because of it. It puts companies on the spot. If they help everyone they are going to end up helping cheaters. What would you do?


At some point, people have to be responsible for their own actions. It's really up to you to make sure you don't get hacked. It's not SE's place to be your internet mommy and hold your hand thru your fail. There's high quality free virus protection available (MS SE for example). There are free password management apps that will generate very strong random passwords for you (KeePass for ex). There are lots of places on the web to read about common sense web usage to avoid getting jacked.


There's no lack of human trash on the web. Protect yourself. The age of innocence is long gone.

[Marenwynn]

I believe the OP when he says there was no foul play that resulted in his login details being stolen. However, I don't believe that he had no part in it. I don't mean to be condescending, but there are few people out there who know how to protect themselves, even with constant vigilance. Naturally, most people think they're of those few, and will rationalize when their number is up—nobody wants to come off as a sucker. At this time, there's no good reason to believe that SE authentication has been compromised.

[Grieff]

It still works like in 1.0, I bought PS3 on monday, installed, tried to log in and my account got frozen. I have two internet connections at the moment, my PC is connected via fiber and my 360/PS3 is connected via cable.

[texhnolyze]

i believe that using the same e-mail like your previous games/forums can also lead you being hacked
e-mail is the main source of all

[Stryker]

I don't know if no one works in banking or has transferred money for large companies...but they also use secure tokens. The US Govt uses it too. These 6 digit codes are very hard to crack without the source code. That's the reason why they're used because they're "randomly" generated by the token based on whatever source code. So for people to have been hacked while using a secure token to me makes no sense. People that have the expertise and the resources to hack those things, I can't see any logical reason for them to be going after a random account for a random video game. Even if SE had a database breach, there is no way for a secure token to have been breached too, SE most likely didn't make the token themselves. They probably outsourced it to someone that specializes in that.The chances of your account and secure token being compromised seems highly unlikely. LIke I said before, if someone had the ability to do that and the resources I doubt that SE's FFXIV is the highest on their priority list.

I don't blame cheatesr or RMT, and by no means am I angry like one poster said. But as I stated in my prior posts, a lot of this guys's story didn't add up. I've seen plenty of accounts get hacked and a lot of people say they had nothing to do with it. I've used plenty of sites, and used Allakazham like other people and never got hacked. If you start clicking on random shit just like PORN ladies and gentlemen you will get some nasty stuff. He could have possibly done that, who knows.

All I'm saying is that before you go on a rant and try to crucify someone for your own mistake at least get your story straight. If someone points some stuff out don't go ape shit and say YOU"VE SAID IT BEFORE!!111!!! That's just moronic. Personally when I first read this thread I felt bad for the guy, but felt compelled to ask questions because a lot of details felt missing whether it was due to omission or just poor writing out of his timeline.

But alas, now the guy comes off as a total douche and I'm actually happy he got hacked. Consider me an ass for thinking that but eh I said it. Being hacked or defrauded is partly bad luck, but largely your own fault, it's that simple.

[Kiroh]

It's amazing that my account on XI was without a security token, and a fairly obvious password (which has since been changed) for 5+ years and I never got hacked...