Hacked / Account Suspended / No ETA

[Cirsce]

I had an attempted log-in at one point and was forced to change my password, but I had no problems.

And that is the difference here. The only thing we received from SE was an email 5 days after his account was suspended telling us that the email ticket that we sent in to get his account unlocked was useless, and to contact live chat or by phone. Which we already did the day after we sent the email ticket since neither of those options are even open on the weekends. They never asked to reset our password to unlock his account, like most other people, which leaves us still locked out.

So instead of looking down your nose at people, I'd count yourself lucky that you got the response you did from them. Instead of having to sit around playing the waiting game while getting first hand experience of how unsuccessful customer support is at fixing actual issues.

And my point was more on SE response to being hacked, not the hacking itself. If someone wants to hack into your account somewhere, they can find a way. Nothing is impenetrable. Even the so called "magic" tokens were hacked into a few years ago, but they didn't admit there had been a problem until three months after it was compromised. However, if SE would take the role of helping people who's accounts had got broken into instead of locking them down with No ETA they could show how much they cared about their customers instead of punishing them.

SE needs to implement steps to facilitate recovery of accounts. Other MMOS have mechanisms in place for account recovery these days. Accounts ARE going to be compromised, and leaving the legit owners high and dry will lead to lost subscriptions. There are far too many vectors available these days to get a keylogger. New malware is being created at a faster rate than any AntiVirus vendor can keep up with. One can take steps to keep their accounts and computers secure, but no security is absolutely perfect.

One thing I do think that SE should consider is that rather than insta-banning is to implement something similar to RIFT's "Coin Lock." Coin Lock detects if an account is logged into from a new IP, and the user cannot do much of anything until a separate code is entered into the game. This code is emailed to the legitimate user's email address. While this might be a minor inconvenience to users when their IP legitimately changes, it helped considerably with the problem in that game.

I heard the sudden rash of hacking occurred after 1.0 was updated because they took out the IP match security, which was a terrible idea. Not sure if it's true, but that would make sense.

My favorite feature from a MMO I played 6-12 months ago was that every time I logged into the game I had to copy a code that was sent to my email along with the usual username, password information. Until you decided to disable the feature, and I never did. I think it was GW2, but I honestly can't remember.

They definitely need to do something though. Other then making users extremely unhappy I'm sure this is bogging down their customer support / techs and causing undo stress that an automated system....like the log in restriction which they're obviously not using across the board would fix.

That's where the difference between you and a number of other people begin. I NEVER got an email or any such notification of an attempted login, but instead that security check was bypassed and the hacker gained access to my account regardless. So to reiterate for the <insert big ass number here> time, HOW someone got hacked isn't the issue we're questioning or refuting. WHY the customer service side of SE is non-existant and WHY it takes literally hours to get a hold of any living person just to get your situation "escalated" and WHY does it take so long to realize that someone who's talked to CS and verified that you are indeed the legitimate account owner takes WEEKS to rectify and gain access to your account.

Yep. The hack is less of an issue, then getting your account back after being locked. I know a number of people that as long as their character isn't deleted would be happy to just play and not worry about getting their items or gil back immediately. Or depending on how desperate they are, at all.

Personally, I do not like the "blame the victim approach." Unless you handed over your login details to a powerlevelling service or similar, the blame lies on the criminals who compromise the accounts and players who partake in RMT.

Exactly. The way SE is acting is obviously the response of someone under-manned and out of touch with their player base. If the account has a clean history up until now it's not like the person pre-ordered, played the beta, leveled up to 40 and working on 5 crafting professions just to spam about gil sellers for 2 hours. I'm assuming the investigation on that would be quite short. They need to stop punishing the owners of hacked accounts and let them be reinstated with a password change and installing a token if they didn't have one. Or something of the like. Otherwise it seems like they're just intent on punishing the victims more.

Agreed. And again, it's just mind boggling that the customer service that SE has is just so...AWFUL! I honestly cannot understand how they are able to function as a company with such terrible customer service. And even in regards to things NOT related to hacked accounts, people are being left out in the cold. Billing issues, payment options not being recognized, in game currency disappearing and the asinine number of spammers and botters that are just crawling out of the woodwork! And those server transfers that they literally advertise on their own site as "scheduled to begin mid-September" is nowhere in sight! It's getting to the point that I really don't care about my account being retrieved, because if this continues I wouldn't want to play anyway for fear that something will happen IN the game that i'll have to wait days/weeks/months for them to pop their heads out of their asses, see the sunlight and realize "Oh...i have a business I need to run!"

This. I read somewhere that SE with FFXIV is treating it like a non MMO when the only customer support issues you assume you'll have is a bad disk. Hopefully they mass hire people on because it doesn't look the problems are ending anytime soon. Although my husband has checked their hiring site and it doesn't look like this is happening. The sooner they get more staff that are capable of fixing the actual problems or giving decent customer support that can actually do something instead of just apologizing the better.

[kaiyouske]

So apparently a little bird flew in today and told me the reason why SE is having such a hard time helping all these customers with all these compromised accounts. SE only has ONE person in charge of account security, and the said person is located in Japan. I don't know how reliable this is, but if this is really the case then god help us all. lol.

[Illurim]

I was hacked as well, and so far I've only had the suspension notice and a confirmation of a ticket I lodged being "lodged correctly". No follow up or response. I followed their KB article when I suspected my account was hacked and immediately changed password and attached a security token. Yes, I did it after the fact, but I would like to remind those that will say "your own fault" that it is optional. Additionally, the very next thing I did was reboot my computer into safe mode and run MS Security Essentials and Malwarebytes scans (which took all up about 8hrs) and NO KEYLOGGER was found by either program. The only thing found on my computer was the urausy.E ransomware (which I've removed) and that is NOT a keylogger (http://www.microsoft.com/security/po...TML%2FRansom.E).

So, as I:
- use a different password for every game
- use the recommended combination of capitals, numbers, and non-alpha characters
- have over the minimum recommended password length
- have no keylogger software on my computer that any reputable scanning software can find
- have never been to a gil buying/selling site
- have never provided my username or password to anyone

I'd really like SE to step up. I admit I could have protected my account better by having a security token, but given that it's optional, not having one should not be an excuse to receive poor customer service on this issue or the severe wait time around it being corrected. I've given the company money and followed their procedures. I would like them to honour the exchange.

[Aorix]

Illurim, MSE and MBytes aren't the best for catching keyloggers. You would need a program that actively seeks them out, even then it isn't 100%. If you suspect you have a keylogger your best bet is to start clean.

That fact you had a Trojan suspects me that you have questionable habits to begin with.

[Kraun]

We work in Internet Security and use lowercase, uppercase, symbols and numbers so the people with "lolpassword" only have a matter of weeks before they're number gets drawn and they're in here with us.

Found your post amusingly ironical.

[Rialle]

Illurim, MSE and MBytes aren't the best for catching keyloggers. You would need a program that actively seeks them out, even then it isn't 100%. If you suspect you have a keylogger your best bet is to start clean.

That fact you had a Trojan suspects me that you have questionable habits to begin with.

I would have said this a few years ago, but recently more and more mainstream sites are becoming vectors thanks to advertising networks that don't verify the content they are serving. Getting a infected no longer necessarily means you've been browsing warez and porn.

But I do agree that if you do get a keylogger: Fdisk, format, reinstall, and change all your passwords.

[Cirsce]

Found your post amusingly ironical.

That image is super old. And if I had to choose between a 30+ character password that contains uppercase, lowercase, symbols and numbers vs lolpassword, I know which one would be cracked faster. However, I'm glad I was able to be of some amusement to you.

[Illurim]

Illurim, MSE and MBytes aren't the best for catching keyloggers. You would need a program that actively seeks them out, even then it isn't 100%. If you suspect you have a keylogger your best bet is to start clean.

That fact you had a Trojan suspects me that you have questionable habits to begin with.

Instead of swiping me with your claws from that pedestal, how about you lean down and help a poor guy out and lend me a hand since I'm so dumb and you're so smart - could you make a helpful suggestion as to what would be better to scan with, kind sir? Or do you want to continue being a bitch for absolutely no reason I can see, when I'm just trying to play a game I fell in love with and happy to continue to pay for despite all this.

I guess that's too much to ask for these days.

[Brolleun-Hunter]

I can't even get my 30 days free code to active after 48 hours, and I'm pretty pissed about that, so I can only imagine what individuals with locked accounts must be livid about. I hope your issues are resolved and you can continue to play the game you enjoy, and I share the same worries when the lack of customer support is so staggering: in game and out.

[Aorix]

Instead of swiping me with your claws from that pedestal, how about you lean down and help a poor guy out and lend me a hand since I'm so dumb and you're so smart - could you make a helpful suggestion as to what would be better to scan with, kind sir? Or do you want to continue being a bitch for absolutely no reason I can see, when I'm just trying to play a game I fell in love with and happy to continue to pay for despite all this.

I guess that's too much to ask for these days.

I did tell you, if you think you have a keylogger at all then you need to format and start fresh. There are a few programs that stop a lot of loggers proactively. However once a keylogger is on your system it isn't as easy to figure out how to get rid of it. Better safe than sorry.