Beware of Suddenly Missing FC Members...

[Phafi]

Or they're lying to you.

[Rath]

Some people sell their accounts when they quit. Happens all the time.

[Buff_Archer]

(Not saying that's what this person did of course but) This is a good reason not to visit RMT sites over curiosity- I know a few players who looked at a site for that reason alone though they'd never actually be a customer. And lately there were warnings about malware on these sites. The owners of these sites would have a very high interest in installing keystroke loggers to capture the passwords of people who visited them even once, because those are the people who have accounts to steal in the first place. What's surprising is that they'd pay for a server transfer- they'd only do that if the profit they stood to gain was more than the transfer cost, and you're looking at $20 for just one account that could get banned faster than the bots they create themselves. I'm guessing perhaps the player had enough gil and other resources valued in excess of the cost of the transfer, and that it was transferred through their own network of bots as soon as the character landed on the other server.

I guess at least we now know how some of them are planning on getting to Ishgard- why level the characters and run through the MSQ fetch quests yourself when someone else could do it for you.

[Catwho]

however, you can reset the password by resetting the token. Say you enter the token and it crashes, you just hit the back button the token (cell phone) or the red button the SE provided token to reset the pass

The token isn't exactly wifi enabled or anything. It just generates a number using an algorithm. The number it generates is actually good for a 27 minute window (or it was in FFXI) - but it can only be used once. Generating a new token number doesn't automatically invalidate the old number, only using it does. That's why they crashed the client and then disabled your ability to open it again with the injection virus. If you tried to log in using a newly generated number, it'd kill the one they captured. But if they broken your client after stealing it, they had time at their leisure to log into your account and steal all your stuff.

[Chessala]

If they really wanted to keep people's accounts safe, they would implement a similar system like Rift.

If you log in from a different Ip, your account gets coin locked. Meaning you can't do any trades, buying/selling etc or delete a character until you unlock it. Of course this isn't fool proof either if you use the same email password everywhere but there is only so much one can do to protect people from their own stupidity.

[Sove92]

If they really wanted to keep people's accounts safe, they would implement a similar system like Rift.

If you log in from a different Ip, your account gets coin locked. Meaning you can't do any trades, buying/selling etc or delete a character until you unlock it. Of course this isn't fool proof either if you use the same email password everywhere but there is only so much one can do to protect people from their own stupidity.

You already get your account locked when trying to login from another IP address (unless you have a token, in which case this never happens) and asked to change password via a link sent to your email. Of course, if they know your email address and its password, you're sol.

[Amelia_Pond_Behemoth]

The token isn't exactly wifi enabled or anything. It just generates a number using an algorithm. The number it generates is actually good for a 27 minute window (or it was in FFXI) - but it can only be used once. Generating a new token number doesn't automatically invalidate the old number, only using it does. That's why they crashed the client and then disabled your ability to open it again with the injection virus. If you tried to log in using a newly generated number, it'd kill the one they captured. But if they broken your client after stealing it, they had time at their leisure to log into your account and steal all your stuff.

Seems like there would be a number of ways around this. 1. If you have the game installed on more than one machine, you could just log on using the non-infected machine. 2. You could log out of the forums and log back in, using a new password in the process.

[Balipu]

Now I totally want Hildibrand to investigate a kidnapping case. Dozens of adventurers missing. Can lvl 60 Alchemists brew chloroform?

[Catwho]

Seems like there would be a number of ways around this. 1. If you have the game installed on more than one machine, you could just log on using the non-infected machine. 2. You could log out of the forums and log back in, using a new password in the process.

The RMT monitoring these hacks moved fast - people didn't have enough time to find another machine that wasn't infected before their accounts got cleaned out. XIV doesn't let you log in as long as someone else is logged in already, I don't think. (XI booted the original person off at least.) Logging into the forums won't stop someone who has already logged into the game.

Just keep your virus scanner up to date, though, and any AV software worth its salt will catch an injection virus the second you launch the game (before entering the passwords) and quarantine it and give you a warning about it.

[saber_alter]

this has always been a good guide for me. most hackers...if they are using ways other than phishing, have to rely on a brute force method.



this makes it as long as possible.