This service account is currently suspended.

[Dark_Bard_Raven]

Um yeah if you read my post I do NOT go to weird sites or fan sites and none of my passwords are the same. I am a tech I know better. There is no way since the game has started that they could have gotten my password through a web site and no way they could have downloaded a key logger or anything like that on to my Lap Top I use a separate C.P.U. for Tech use and my Lap Top for personal use.

[Talihina]

Um yeah if you read my post I do NOT go to weird sites or fan sites and none of my passwords are the same. I am a tech I know better. There is no way since the game has started that they could have gotten my password through a web site and no way they could have downloaded a key logger or anything like that on to my Lap Top I use a separate C.P.U. for Tech use and my Lap Top for personal use.

Honestly, I believe it's an exploit on SE's side.

That being said, it gives very good reason as to why RMT/bots are still here.

How do they differentiate between what is a compromised account and what account was made solely for RMT/botting? It would take a lot of time for them to wade through all the accounts and try to see which is which.

Unfortunately, I almost wish they could've just banned me outright. I'd rather have a reason to leave it all behind until these exploits are fixed rather than have a glimmer of hope of getting my account back, only to have it suspended again.

[KisaiTenshi]

Um yeah if you read my post I do NOT go to weird sites or fan sites and none of my passwords are the same. I am a tech I know better. There is no way since the game has started that they could have gotten my password through a web site and no way they could have downloaded a key logger or anything like that on to my Lap Top I use a separate C.P.U. for Tech use and my Lap Top for personal use.

I'm not going to accuse you of anything nefarious, but "I'm a tech" doesn't mean you didn't do something stupid and don't want to admit it.

If there was a massive server-side hack, it wouldn't matter if the one-time password token worked or not, the hackers could delete it from the account, or take the numbers needed to generate their own one-time passwords and go their merry way. Since this isn't happening, it means that whatever source the hacks are from, aren't strictly on SE's side. It could be PSN, Steam, Gmail/Hotmail/Yahoo mail, etc A lot of SSO systems are inter-connected in ways we don't know about. There is some terrible irony of SSO simplifying the number of logins needed, but then needing additional passwords anyway because we can't trust they're secure.

Anyway, the way the one-time passwords work is that the physical hardware token, iOS and Android applications are just counting from a prime number position based on the current time, the one time password is generated from this is only good for about a minute. It's not infallible, but it makes the window for MITM/keyboard logging only a minute long.

The people who've been hacked so far, regardless if they will admit it or not, in order of possibility likely one of below:
a) bought gil
b) downloaded bots
c) downloaded mods
d) downloaded other cheating tools
e) had their email compromised by some other means
f) had Steam/PSN/XBLive compromised at some point
g) reuse their username/passwords from other games, that have been compromised.