So I was hacked... my observation so far and tip.

[Rekujen]

Let this be a lesson, I recommend everyone use an Authenticator... because no matter how secure you think you are, there is a high chance it will happen to you.

Hear me out.

I'm very computer savvy, I've been working with computers for 15 years and I know them inside-out. I have built over 100+ computers, I have done networking for 11 years and coding for 4.


My PC? very very secure
My login details? very unique and hasn't been used anywhere else, not on any forums, any games, nothing.

So I'm at work and my girlfriend calls me...

Her: "dude you're online"
Me: "what? I'm at work..."
her: "you're in Gridania... let me see what's going on"
her: "wow you're spamming for gil sales"
me: "wtf.... how could this even happen? let me enable the token, it should boot him off"
her: "yup, you're logged off now"

So i change my password and now this "hacker" can't log into my account because I am secure via password token.

What did I do in the past few days? I'm a PC user but recently purchased the PS3 version and linked it to my PC account so I can play on both machines, that's the ONLY thing I have done recently. I haven't visit any dodgy websites, haven't installed any software or run into any problems with my PC...and my guess would be that these "hackers" somehow got my account via PSN, because we all know how useless PSN is with security.

My question to Square is... who's to blame here? PSN? You? Me?

I have emailed Square but my ticket isn't showing up on the support-page, I'm hoping they still received it.

Is there counter-measures for this stuff? I'm assuming hundreds of people have black-listed me now :\ will there be a black-list wipe so all those people that were hacked aren't on ignore by half the server?

tldr: get an authenticator, don't be foolish.

[Lux_Rayna]

Two things:

1) If you have a really secure password (numbers, upper case, lowercase, *and* special characters, no common words, more characters the better) the chances of you getting hacked are incredibly small. Like incredibly small.

2) If you have a strong password but link your login details to other networks, that is where the trouble is.

PSN has known security issues. There was a huge crisis a few years ago when it got hacked and everyone's credit card details were at risk. The only counter-measure is to use a strong password and thats it. I even think getting a security token is risky, which is why I wont buy one. The only database/network that should have my account information is this one. I refuse to put it anywhere else, as I am at the mercy of that network's security.

[Zaiken]

I'm surprised they didn't change your password when they hack your account, usually it is the 1st thing they do when they got access to your Account. I guess you got lucky this time they didn't do that and you have enough time to add in a Security Token.

I'm also surprised how they can just pull randomly username and unique password out of thin air. They may have a hacking software, but they have to start somewhere and know some hint and which one to target.

[Kobolt]

you should also check your email password aswell. they could have just requested it and delete the email. happened to me in WoW where I went back and forth with someone who found out my email password, and would keep sending the request emails. i ended up winning the battle, with all my bags stacked with titanium ore and around 50 K gold in my purse.

[Catrim]

I got an authenticator for D3... I was hacked 15 mins later.

Lucky for me... D3 is a horrible game and I didn't really care.

Hoping the FF one works a lot better.

[GabrielK]

Sad to hear this.
And if they steal your game account it doesn't mean they can reset your password since they don't have access to your email account too .
Unless they stole access to that too, which they don't seem to have.

[Cyrus-Wallace]

I installed the security token in my smartphone. It's free, secure and easy to use. I have no regrets on my decision.

[Rekujen]

This is why I'm very puzzled..

secure pc (that i'm 110% sure of)
unique login details, never used before
no web browsing to dodgy areas

I really hope Square-Enix reset the black list for me... otherwise I am very screwed.

[Gyrus]

I had my old 1.0 account stolen, I've been with it at arms with SE for about a month now, I have to have it notarized but being disabled it's simply not plausible. As i'd have to be there in person! It's stupid. I've given them more than enough information to recover it but with out that notarization they won't do shit. I would have subbed both but hey, if they want to loose money than so be it!

[Lux_Rayna]

unique login details, never used before

It cant just be unique, it has to be strong. If its not strong, you should make it strong. I mean like airtight government-level security strong.