Please clear your blacklist!

[AridElf]

This community would be so much better if people would stop calling each other stupid, dumb, retard et.c. Not everybody spends enough time at the computer to know exactly what precautions need to be made to not get scammed.

If it sounds too good to be true, it probably is. It also doesn't hurt to look up at your URL bar from time to time either.

[MStowastiqVahlshdeh]

-snip-
I prefer to see a message from SE saying "we've banned" or "we've recovered X amount of RMT accounts" before I clear my list. I'm sorry, but please wait a little longer!

STF does post regular RMT ban statistics. Find it in game under [System menu]>[Support]>[News]>[Notices?] "Regarding RMT Advertisements" . Also available on Lodestone under "News, "Notices", "Regarding RMT Advertisements."

09/12/2013 11:32 PM
Regarding RMT Advertisements (Sep. 12)
Having confirmed in-game advertisements for RMT* sites, we have taken the following actions to address this issue.

*RMT (Real Money Trade) is selling account or game data with actual currency in the real world.

[Period]
Sep. 5, 2013 to Sep. 10, 2013 (PDT)

- Accounts receiving disciplinary action for RMT advertisement: 828 accounts
- Action Details: Permanent ban from FINAL FANTASY XIV

In addition to chat filters, we will continue to address RMT activity through cooperation with our GM teams and STF (Special Task Force). When you see an RMT advertisement, please file a report by using the in-game command [System Menu] -> [Support Desk] -> [Contact Us] -> [Report Cheating].

[Spoolx]

The only thing I might be guilty of was having a weak password, although it was 8 letters with one capital and two numbers so I thought it was fairly secure. I will admit that I was using the same password for my email, facebook etc because having multiple passwords can be a huge pain. I since changed that.

I play on PS3, and surf the forums from work(which is a huge company and the internet is pretty tight so I doubt I got a virus on my work computer) and I still got hacked.

I have no clue how they got my info, I never bought gil, I never visited any weird sites, and all my email comes through my iphone and I never click links in my email. The only possibility I can think of is when the playstation network got hacked a couple years ago they had my info although I am pretty sure I changed my password since then.

Anyhow if you dont want to clear your blacklist thats fine, but lets be honest.. its not because you are worried about getting spammed by those names because you can almost guarantee all those names have been banned, its just because you want to be an elitist jerk.

[Rivienne]

See, if you have a keylogger on your PC, you did something wrong to get it there.

Windows isn't magical, a hacker can't just run something on your PC. You have to let it run, or tell it to run.

This is a bit of a myth and a straight up misunderstanding of how computer exploits and security work. There are many many exploits to let someone run something on your system without your giving explicit permission. From scripting, to buffer overflows, to web browser leaks. Even in the very recent past there have been many simple exploits where adobe flash allowed for malicious code to bypass browsers. There are web exploits found all the time, and it is perfectly possible you can get hacked by a zero-day exploit just by clicking the very first result from an innocuous google search, and not know about it for weeks or months.

There is a reason that there are always new security patches to every operating system on a regular basis, and they are rarely released immediately after the exploit is discovered. In fact usually they are patches to previously known exploits, meaning people may already have been compromised due to the exploit, before any system updates, or virus definition updates occur to block it.

Hacked accounts are not a cut and dry "it is always your fault", or even usually that simple. Most security is a never ending fight to anticipate the existence of exploits you haven't actually discovered yourself yet.

This is not to say "nobody who got hacked is at fault". But it is to say that to assume they are always at fault is simply incorrect. If you are connected to the internet you are at risk. It doesn't matter how many layers of protection you have setup, how up to date your antivirus, how locked down your firewall. All it takes is one exploit.

So please, be considerate. Realize not everyone is at fault, and that maybe if they aren't prepared, it is because they don't know as much as you. Don't berate others who don't have the same knowledge as you, instead educate them. It will go a long way to improving the forums, and the game in general.

I will admit that I was using the same password for my email, facebook etc because having multiple passwords can be a huge pain. I since changed that.
<...>
all my email comes through my iphone and I never click links in my email.

In my own experience with family and friends, your phone itself is the most likely culprit. Any account you use on your phone has an even higher likelihood of being hacked then on your pc, because phone exploits are really profitable. So many people have personal information, phone numbers, contacts, passwords, bank account information, all on the phone, so it is almost always worth the effort to find a way to bypass the security. I have known many people who had their facebook hacked from their iphone, because they walked through a public area (eg airport) with wifi enabled. Wifi + facebook exploit, now they have your password for everything.

So my suggestions: never use open wifi; never use the same password for any account (especially the ones you access from your phone); and use the iphone security token. (Make absolutely sure you keep the emergency recovery key and in more than one location though.)

Also: don't let the attitudes or assumptions of others drag you down to their level.

Most of these exploits want bank account info, or email accounts to hijack and spread mass emails. What are the chances that these are looking for an SE account so they can login to FFXIV ARR and sell Gil? Probably only going to pick one up going to a sketchy Gil buying site, or some other sketchy FFXIV ARR third party site.

Nope. Actually this also is a misunderstanding of this black market industry (yes industry). You assume it is one person doing the hacking for a specific purpose. But in fact, people who hack information, often hack it for the purpose of selling it.

Usernames and passwords are very lucrative, if not as much as money. People like the gil sellers don't do the hacking themselves usually, they buy the information from someone else who is selling it not just to them, but to those who are likely to use it for other purposes such as hacking your e-mail to send spam, or trying to get into your bank account, etc. I.e. the hacking of a game account is just one way the hacked information is likely to be used. If you get hacked, you should be clamping down on everything, because chances are very slim it was "just a gil seller" and that they only hacked this game.

[svann]

What I think they should do is offer a name change for a small fee.

[Moheeheeko]

its just because you want to be an elitist jerk.

because that's a great way to get people to UN blist you /eye roll.

also, you have an iPhone and DON'T have a security token? That's just asking for it.

[Demlix]

Lots of us were banned for RMT spam because our accounts were hacked, eventually we will be back online. My request is that you frequently clear your blacklist, especially if the name is a normal name and not just a jumble of characters.
There is no point keeping these names on your blacklist because they all get banned quick so you shouldn't see that name ever spam again.

Considering you most likely compromised your account in some way by downloading a bot or buying gil, I will not be unblacklisting people even if they're not really the ones spamming RMT. With the free software version of the one-time password for iOS and Android, there is no excuse for getting your account hacked.

[Makeda]

Some 30,000 accounts were stolen on launch day of GW2. Over there, the Devs discovered how it happened within days. It came to light that about a month or so before launch, one of the fansites with a forum was hacked, and had its database stolen.

Everyone who used the same username or email and password on that fansite as they did for the game - got hacked on launch day... By the end of the first weekend, that was about 30,000. You can be sure the hackers didn't take them all right away though - and the problem persisted for a few months.

They put in tokens, forced password changes, and so on - and only after all of that did things recover.

There are a LOT more fansites for FFXIV than for that other game. Partly because these forums are capped at so few posts, the fansites are still popular.


I've seen a few posts in this thread already from people who say "I don't click on weird stuff, I don't download weird stuff, my password is complex, I have anti-virus, and I don't have a keylogger."
- All of that means nothing.

The only safeguards are to use a unique account name, unique email, and unique password - AND get a security token, either the physical one, or the smartphone one.

The hackers don't hack you... they hack weak points on the internet. forums, fansites... maybe facebook (no idea and it'd never admit it if true), and so on. Anytime they get access to a new database, they use bots to try out the accounts all over the net - and then I supposed report back where it worked. That then gets stored away for later.

If its too many passwords to remember, write them down on paper and store it all somewhere safe in the house. If people break into your home and get that - your MMO game account will be the least of your worries.
.

[Pooky]

I clear normal sounding names a week later or so, but any names that are Dghthght Hfgghghg or the like stays.

[RyuujinZERO]

The only thing I might be guilty of was having a weak password, although it was 8 letters with one capital and two numbers so I thought it was fairly secure. I will admit that I was using the same password for my email, facebook etc because having multiple passwords can be a huge pain. I since changed that.

Well there's your problem, another site you use has been hacked and they got your pass that way.

A key vault is a good solution in this day and age, they can exist as mobile apps, or the stronger more effective ones can run on your PC. They allow you to create and store unique passwords in a secure database on your machine or phone and keep them altogether. I use KeePass on my desktop for example, which generates a totally random password for each site and then stores it where i only need click copy-> paste to retrieve the password. (A word to the wise, make sure your e-mail password is both unique and memorable in case you lose your vault and need reset your passwords)

passwords like those generated by KeePass tend to be near impossible to type manually let alone memorise, so where manual typing is required like on your PS3, you could use a key vault app on your mobile, and create shorter more memorable passwords but still store them on the device so each site remains unique and you have easy access to them.