It's not a keylogger at all.... It's people not using unique password's on all their accounts.

You are correct that FFXIV fan sites exist that are being run by RMT subgroups.... But all they do is collect login information.. E.g. you sign up for the fan site... In doing so you give them your email address and a password. So they just sit there going to gmail.com/hotmail.com/live.com etc trying to loginto peoples email accounts until they find someone that has the same email password as the one that signed up on their site. Then they scim your email for your SE Account Creation and when they find it they have your game account user name. Then they go to the site and reset your password for your SE Account, and even possibly changing your email address. Then they log in as you and spam RMT messages.

9/10 people getting hack are getting hacked because their email address password is the same password their using to sign up for these sites.

There may be a keylogger, but if your are downloading and installing something from a website you did it to yourself. Never run javaapplets or .exe's off the web that aren't from a trusted source, and ffxiv fansites are not trusted sources.

If you had a ONeTimePassword (which SE offers) you could have avoided this. The one time password needs to be physically in their hands for them to login to your account, even if they have the user/pass.