Is there any game out there with a worse support team than final fantasy?

[RoyalBeef]

I can't believe some of the responses here... Why does "Oh it's your fault" always seem to be the go to reply? As others have pointed out you can still bypass security tokens. In the responses I also didn't see any mention of the account holder not using one either. Their chest wasn't open for just anyone either, only select individuals could gain access to the gil funds. Someone hacked the user's account, invited and promoted a dummy account, cleared out the gil, then left. I doubt there was a lack of security, an inside job as some like to point out, or carelessness here. Sad truth of today is, no matter how secure you think you are people have a way to hack in and steal your info if they want it. Look at all the latest security breaches for an idea there.

"Hacking" accounts is probably possible (if you put in enough time, effort and ressources, everything is hackable) but not worth the effort. 99.99% of cases involve the account owner not paying attention, social engineering, phishing mails or websites, malware, or not changing email/password combinations after they already leaked somewhere else.
Actual hacking is way too costly in means of time and effort to be worthwhile, that's the reason it doesn't happen to all of us on a daily basis. It'd cost criminals more than they can make by hacking us poor peasants ^^

[Gula]

"Hacking" accounts is probably possible (if you put in enough time, effort and ressources, everything is hackable) but not worth the effort. 99.99% of cases involve the account owner not paying attention, social engineering, phishing mails or websites, malware, or not changing email/password combinations after they already leaked somewhere else.
Actual hacking is way too costly in means of time and effort to be worthwhile, that's the reason it doesn't happen to all of us on a daily basis. It'd cost criminals more than they can make by hacking us poor peasants ^^

Back in my years on imvu, someone made this exact point. Different user base, same problems. People making thread after thread of HACKED!!! when in reality, it was mostly people giving passwords and going to non-secure sources/not logging out and getting their accounts jacked. And their customer support is nowhere close to SE or even Nexon.

[NanaWiloh]

Two factor authentication is very hard to keylog, since you can't use the same code twice and has to sync to the code sent by the server with the handshake. To me, this smells very fishy and quite suspicious.

You're getting duped, simple as that.

That really what it sounds like cause the security token is not easily bypassed as people think. A man in the middle attack is the only way to compromise a token but that requries the hacker to be at their computer when the user tries to log. I know SMS verfication has been compromised cause its a text message. But getting by a security token requires is a more hands on deck approach for a hacker, its not something many people are willing to do. Honestly though ya, I would say their getting duped..

[Dustytome]

So, he changed his password, got 2FA, and got that roll back. But still the hacker managed to gain access to his account AGAIN! We don't know how he's doing it but this austrian is DDOSing my friends internet and managing to circumvent all precautions, at this point there is literally NOTHING more we can do to prevent it, it is ENTIRELY on square enix to ensure that the measures THEY PUT IN PLACE actually WORK. Frankly if his account isn't safe, none of ours are. This is a total clusterfunk and square has to take some level of responsibility in this.

That def sounds like there's something on the computer. At that point it's time to back up any important files, format the computer and start over. Make sure to update everything afterwards and change passwords for email, the game, etc. I'd probably also make sure any devices inbetween (ex: routers, modems, access points) are updated to the latest firmware.

[SturmChurro]

Two factor authentication is very hard to keylog, since you can't use the same code twice and has to sync to the code sent by the server with the handshake. To me, this smells very fishy and quite suspicious.

You're getting duped, simple as that.

Some genuine FC drama. I love it.

[Vrankyl]

Update on the situation with my friend being hacked:

So, he changed his password, got 2FA, and got that roll back. But still the hacker managed to gain access to his account AGAIN! We don't know how he's doing it but this austrian is DDOSing my friends internet and managing to circumvent all precautions, at this point there is literally NOTHING more we can do to prevent it, it is ENTIRELY on square enix to ensure that the measures THEY PUT IN PLACE actually WORK. Frankly if his account isn't safe, none of ours are. This is a total clusterfunk and square has to take some level of responsibility in this.

This sounds like something is on their PC after they either opened a fishy email, went to a fishy website, or any combination of this that eventually resulted things being downloaded onto their PC without their knowledge. SE has absolutely NOTHING to do with this, as this is something beyond their purview. They can, and will, roll back the character each time the account is accessed by anyone other than the account holder but if the hacker is entering information they obtained by any means aside from directly hacking into SE itself then it is not a SE problem. They do not need to take responsibility for it as their own counter measures are working as intended, as they are not a catch all and there needs to be a level of responsibility taken by the user to protect their PC/PS4 and their own information on their own end.

Yeah it sucks, and yeah it's not what you want to hear but this is how it would be played by ANY gaming company.

[Komarimono]

Just checked, since do some android fiddling now and then. If you use the software based token on your phone, can't even rip that from the program, even if your phone is compromised as well as your PC, since it just sends the token key(which is set to change at set times on a certain pattern, but that pattern is unknown) in a hex format to then trigger a display of the token key which is different then the hex code.

So, the only way to be able to hack said account, would require the PC and Phone to both be compromised, and the phone to instead somehow get a screen capture of the token key after being displayed.

The odds of this are.... so so so low...

I'd sooner win the lottery twice over for the jackpot before cracking the system.

https://www.youtube.com/watch?v=ZXFYT-BG2So

Explains it in more detail, but ya... The sad truth is, if this topic is even true, you're being scammed by your FC member.

[Dustytome]

So, the only way to be able to hack said account, would require the PC and Phone to both be compromised, and the phone to instead somehow get a screen capture of the token key after being displayed.

Unless the 'hacker' had something picking up the information on the pc, allowing them to log in immediately as soon as the user typed in the one time password. That of course means the actual account owner wouldn't be allowed to login though since the one time password would have been used by the 3rd party.

[CookiesNCreams]

Back in my years on imvu, someone made this exact point. Different user base, same problems. People making thread after thread of HACKED!!! when in reality, it was mostly people giving passwords and going to non-secure sources/not logging out and getting their accounts jacked. And their customer support is nowhere close to SE or even Nexon.

Actually, there are some people out there that actually hack accounts by sniffing packet logins, which tend to be around 300+ bytes. It’s a method known as MD5 and +XOR which is old in the scene, so I don’t mind saying it. There was even a method to randomly access anyone’s account back in 4.0 but I got that method reported as I don’t want FFXIV hacked by degenerates. Most people are quite scummy, and will steal passwords and logins through Gil selling websites, etc, so it’s understandable why people would think actual hacking doesn’t occur.

Just want to spread the message that it actually does, and can happen. It just depends on if the hacker is willing to risk going to jail or not over hacking your account, since SE I assume can just contact whatever VPN company they are under and track em down.

[Komarimono]

Unless the 'hacker' had something picking up the information on the pc, allowing them to log in immediately as soon as the user typed in the one time password. That of course means the actual account owner wouldn't be allowed to login though since the one time password would have been used by the 3rd party.

They would have to be typing very slowly, and even then take at least 30 seconds to hit the sigh in button. So that likely hood is very low unless they are Flash from Zootopia.