Square-Enix hacked

[Antipika]

If they catch it in time, which is unlikely. It would surprise you how long hackers stay on systems before they get shut-out.

Come on, it's not like SE are the best, but still they aren't that bad, and due to the company nature (international, running 24/7 content across 3 regions), they do have a 24/7 NOC team, so such incident would be discovered rather quickly.

It's not like it would take long do dump the XIV customer database anyway. Not 10 millions customers in there :]

[TheRac25]

The maker of the security tokens had a security breach about a year ago.

That was RSA generators not Vasco wich is the maker of digipass used by SE.

[viion]

Come on, it's not like SE are the best, but still they aren't that bad, and due to the company nature (international, running 24/7 content across 3 regions), they do have a 24/7 NOC team, so such incident would be discovered rather quickly.

It's not like it would take long do dump the XIV customer database anyway. Not 10 millions customers in there :]

Im not saying SE are bad, im just saying there isnt eyes on every server 24/7, look at Sony, you think all that info was downloaded within a second? I doubt it anyway.

They cant just go "oh shit i think someone hacking, flick switch", it has protocol, a process to follow, a small temp investigation, requests from higher up people, and so on XD

By then I be in your character stealing all your shards!!!! mwuahahah

[quantumsaint]

Here is an update:

http://kotaku.com/5868329/18-million...ts-were-hacked


1.8 Million Square Enix Accounts Were Hacked
Square Enix stated yesterday that somebody "may have gained unauthorized access to a particular Square Enix server" and took its members service offline in both Japan and the U.S. Today, the company clarified that 1.8 million customer's accounts had been affected.

The breach hit one million Japanese members and 800,000 U.S. ones. The hack impacted customer names and phone numbers. The server in question stores no credit card info, so, according to Square Enix, "there is no possibility of any credit card information leak."

"We are yet to learn whether illegal access was gained to our clients' information," said a Square Enix spokesperson. "But we have asked our customers to be aware of the incident in case they receive suspicious messages using our name."

[Andrien]

Here is an update:

http://kotaku.com/5868329/18-million...ts-were-hacked


1.8 Million Square Enix Accounts Were Hacked
Square Enix stated yesterday that somebody "may have gained unauthorized access to a particular Square Enix server" and took its members service offline in both Japan and the U.S. Today, the company clarified that 1.8 million customer's accounts had been affected.

The breach hit one million Japanese members and 800,000 U.S. ones. The hack impacted customer names and phone numbers. The server in question stores no credit card info, so, according to Square Enix, "there is no possibility of any credit card information leak."

"We are yet to learn whether illegal access was gained to our clients' information," said a Square Enix spokesperson. "But we have asked our customers to be aware of the incident in case they receive suspicious messages using our name."

Wow.. Time to change PW's

[Bahn]

so that people wont be able to steal our accounts that are worth nothing?

I think he might have also meant change your passwords OUTSIDE of XIV.

Ideally, you're not supposed to use the same password for everything, but humans are naturally lazy, and I'm sure a good chunk of forum goers use the same password for every login they use. Yes it's foolish, but it happens way more than you think. Ever wonder why when Kotaku/Gawker got hacked it caused an uproar (not only because of their silly security practices)? It's because a lot of stupid people who post there (which is a good number, considering it's Kotaku) used the same username and password for everything, and therefore left themselves a HUGE target for account theft in venues outside of Gawker sites.

Before you ask, I obviously use a separate password for this game and many sites that I consider are "mission-critical". Some people don't.

[quantumsaint]

I think he might have also meant change your passwords OUTSIDE of XIV.

Ideally, you're not supposed to use the same password for everything, but humans are naturally lazy, and I'm sure a good chunk of forum goers use the same password for every login they use. Yes it's foolish, but it happens way more than you think. Ever wonder why when Kotaku/Gawker got hacked it caused an uproar (not only because of their silly security practices)? It's because a lot of stupid people who post there (which is a good number, considering it's Kotaku) used the same username and password for everything, and therefore left themselves a HUGE target for account theft in venues outside of Gawker sites.

Before you ask, I obviously use a separate password for this game and many sites that I consider are "mission-critical". Some people don't.

Yeah. Isn't that how FFXI players got hacked? Using their same account password with phishers posing as fan sites? I'm guilty of using the same password or permutations of it for most things. Of course, banking and the like I use more unique passwords, but still, there are those that don't who should change their passwords.

Kind of off-topic: Go ahead and take my identity, hackers. Just found out yesterday I'm being sued for $1500. My credit sucks...

[Atoli]

Ideally, you're not supposed to use the same password for everything, but humans are naturally lazy, and I'm sure a good chunk of forum goers use the same password for every login they use.

It's less about being lazy and more about just how much you can remember.
There's a limit to "good" passwords you can remember, good like in..has numbers and special signs in it and is not a word in a dictionary and is at least 15 letters long and has also several BIG and small letters..hm..now that I think about it, that's probably where the stupid way some teens write nowadays has originated from ($wEe7_6IrL-13 and stuff like that =_=)

Well, I also have complicated and different passwords for important accounts,
but I use the same one for stuff like..ask.com or some FF fan forum I visited once.
It's just not worth the hassle.
Most things on the internet aren't.

Oh, ain't I affected by this hack anyways?
Since I'm neither from Japan nor North America?

[Bahn]

It's less about being lazy and more about just how much you can remember.
There's a limit to "good" passwords you can remember, good like in..has numbers and special signs in it and is not a word in a dictionary and is at least 15 letters long and has also several BIG and small letters..hm..now that I think about it, that's probably where the stupid way some teens write nowadays has originated from ($wEe7_6IrL-13 and stuff like that =_=)

Well, it's more about using common sense. I don't think "I can't remember my passwords" is a valid excuse to make when you have applications called Password Managers that can help you store these passwords without needing to remember them.

These password managers allows you to make ridiculous passwords for other sites and not have to remember them. Password managers are basically a database that you use to store all your passwords. A good free and reliable Windows one is called KeePass. A browser-based one is called LastPass. You use a "master password" that has reasonable security measures in it (1 digit, one uppercase, one lowercase, one special char, etc) which allows you to open up the database that contains all the passwords you stored. That way, you only have one password to remember (the "secure" one you made that is memorable). You then make up some complex passwords for these other sites and simply store them in this manager for reference. Put that password manager and its files on a flash drive and keep that flash drive in a handy place, and you're good to go. The database that contains all your passwords is heavily encrypted with AES 256-bit encryption and even if someone were to steal your computer, they wouldnt be able to hack open the database through normal means.

Another convenient way of keeping your passwords secure is to use one password that's somewhat secure and easy to remember for non-mission critical sites - i.e. sites where if you were to lose your account wouldn't hurt your security on your computer or IRL. So for places like Gawker and the FF14 forums, you use this password. If it gets stolen, big deal. They now have access to a bunch of forums and sites they don't give a crap about. Then you make individual passwords for your mission-critical sites - your banking, Twitter, Facebook, Gmail, etc.

That way, if some site you're trying to sign up for requires a password, you have your 'throwaway' password to use without having to worry about putting your important stuff at risk. Password gets hacked? Whoop dee doo for the hackers - they can now use an account that's on a random site they don't care about.