Got my account restored after being compromised (For people with compromised account)

[KudryavkaNoumi]

Hi guys!

I just wanted to let people who have been compromised know that they are working on people's accounts still, because I got unbanned a few minutes ago around 10 PM PST, Oct. 8 2013.

They sent me an email saying "Notice your Final Fantasy XIV service account has been restored", with details that have been posted on several other posts in reddit (saying that it wasn't your fault and the violation was removed, future safety precautions, etc.)

I had originally been suspended on Sunday, Sept. 22, 2013 because an RMT spammer had compromised my account. The following day on Monday, Sept. 23 I called Square Enix Support and got in around 2 pm PST. They said I would be investigated, etc. A few hours later I received a termination email. After calling about this situation, the rep told me that the termination email is normal response for a flagged compromised account, and meant that the account was currently under investigation.

After waiting 2 weeks, I called again to request an escalation to the rep's superiors. The following day, which is today, I finally got an email stating my account was unbanned. This took me a total of 16 days since the start of investigation, which is a lot longer compared to previous posts about being compromised. If you have been compromised recently, expect 2 weeks + of wait time, since there have been LOTS of people getting their accounts hacked.

So dont lose hope! And all you people without authenticators.. Get one! Because you will probably be compromised like me and many other people, and have to wait 2 weeks+ to get your account back .

Some random useful stuff:
Square Enix's Work Hours: Monday - Friday 9 AM PST-6 PM PST.
Square Enix Support Numbers (NOT TOLL FREE - costs moneys): (310) 846-0345 <-- This one worked better for me, but I think they are about the same (858) 790-7529

I never used livechat, so Im not sure where to link that one :<. But I've heard it is worse than calling them, since you can queue to #1 and it will say "there are no agents available at this time", then disconnect you from the chat.

Tips for getting your account back:

1. Call them as soon as you can! They NEVER respond to emails, so thats pointless. I've heard terrible stories about livechat reps who just disconnect on you and give you automated responses. Calls are monitored and recorded, so reps on the phone cant just hang up on you. Also, call early! At 9 AM PST, it took me literally like 40 seconds (as opposed to two hour call waiting time). Just start spamming the call button at 8:59 PST. If it is before Square Enix's work hours, you will hear a woman's automated voice message. If it is within Square Enix's work hours, a man's automated voice will start talking. Eventually he will say something like, "Our menu options have changed recently..." At this point, press 2, and then 1! 2 = FFXIV Services, 1 = Account Services! The sooner you can press these numbers, the faster you will get to someone who can help you with your problem. You can also spam 1 and 1, (1 = square enix account services, 1 = account services) but I haven't tried this personally..

2. Have a ticket ready. When you call them, it is faster and easier if you have emailed them a ticket already. Email them one. Be SPECIFIC!! Tell them when you last logged in, what day you logged in, when you noticed your account was suspended, your ISP, the address you logged in from, the name of the Bot on your account (if possible), etc. DO THIS. Your investigation will go faster.

3.Don't tell SE that you shared your accounts with anyone

Threads with some useful info from other people who got their account back: http://www.reddit.com/r/ffxiv/commen...ount_recovery/
http://www.reddit.com/r/ffxiv/commen...ng_comprmised/

Also, here is my post on reddit as well, for those who cannot comment on Lodestone forums, or those who are just curious: http://www.reddit.com/r/ffxiv/commen...k_after_being/

And that's about it! If you dont know why you were suspended for RMT, the most common reason for vulnerability is having the same password anywhere else on the internet, and not having an authenticator. <-- This was me.

Good luck!

[Sove92]

Sadly the authenticators are not sold here and I don't have a smartphone. The emulator is a possibility but locks my account to that single PC only.

My SE and email passwords are both strong and unique anyway, brute forcing is not a realistic solution for cracking them.

[mssloan]

I got my account back after 6 days so can consider myself lucky. No items or Gil seems to be missing either. Must have been a RMT spammer. Good job he wasn't malicious. I have now put a Security token onto my account using the smartphone app.

[Mjollnir]

It's been 21 days now for a member of my Free Company who was hacked. Incredibly harsh imo. #FreeEldakTargon

[Shayuri]

Security token is not save enough

i have seen 10 peoples with token that get hacked =)

i dont know how but its work

[Discordia]

Sadly the authenticators are not sold here and I don't have a smartphone. The emulator is a possibility but locks my account to that single PC only.

My SE and email passwords are both strong and unique anyway, brute forcing is not a realistic solution for cracking them.

You might want to read this article before you are sure about yourself:

http://arstechnica.com/security/2013...word-cracking/

(Read through the whole article, you'll find a list of stuff that was cracked, and you'd be surprised at the complexity of the passwords that were cracked. This only reinforces the need for 2-factor authentication)

[Sove92]

If you think I don't know how those attacks work, you are wrong. You need to extract the password hash to utilize those attacks, and if they are also salted (I can't imagine SE not doing so), it just got much, much harder.

[Discordia]

If you think I don't know how those attacks work, you are wrong. You need to extract the password hash to utilize those attacks, and if they are also salted (I can't imagine SE not doing so), it just got much, much harder.

Knowing is one thing; trusting is another. I don't doubt you know how these things work, but at the same time, you don't know how your password is protected, where it's located, and whether or not it's not accessible by some backdoor rootkit. Your call, but if I were you, I wouldn't trust anyone and always assume the worst case scenario. Any security expert worth his salt wouldn't leave it to chance.

[Sove92]

At the moment, I simply don't have a choice but to use a strong password without locking myself to a single PC, which is unfeasible. I don't trust passwords, but I also find it unrealistic some MMO hackers have the resources this guy does. What is reality is that they will in a few years, just not yet.

[Discordia]

At the moment, I simply don't have a choice but to use a strong password without locking myself to a single PC, which is unfeasible. I don't trust passwords, but I also find it unrealistic some MMO hackers have the resources this guy does. What is reality is that they will in a few years, just not yet.

If you read the article, it takes only $800.00 to have a simple cracking system of 30 billion guesses a second. The cyber criminals in Russia, Ukraine, Romania, China, etc. are already sophisticated, have their own underground network, are staffed with ex-security experts gone rogue (think former KGB, police, etc.) and have plenty of financial float to fuel all of that. The RMTs are just an extension of that club. They will make money where they can, they diversify, as any good criminal organizations would do. I think many in the public are totally underestimating the underground scene.

And mind you, a lot of these RMT activities are solely dedicated in capturing your credit card number. They are not benevolent capitalists, let's all remember that. I feel sorry for those that buy virtual currencies from RMT, as they are just setting themselves up for bigger financial problems down the road IRL, never mind some digital pixels that will never exist in a decade or so.