Few things:
There has been some talk over on BG that people have talked to GM's who somewhat suggested that the Registration Server was compromised. Still, people are getting hacked regardless of what they play on (PC or PS2/Xbox). A lot of the time, it's pretty obvious as to what happens...usually a person gets a trojan on their PC, the player visits an SEC site that requires their POLID to login, the trojan gets that info and sends it to the hacker and then steals the account for a console user. The token has a bit of a flaw because it is valid for 27 minutes before it expires.
Now for PC users, it's a bit more sophisticated. The user gets the virus/trojan on their PC. When the player logs in, everything is fine, but the trojan is hooked to pol.exe. After some unknown period, the user gets DC'd...when the player opens up POL, they enter in their credentials and token, but then the trojan goes to work and completely blocks POL from communicating with the server and crashes POL. At that time, your information that you entered is sent to the hackers and they steal your account.
One of the theories is that there is some type of information leak between FFXIAH and the LS Community site as FFXIAH pulls information from that site. A lot of people who have been hit have profiles on FFXIAH, however, there are those that don't as well so it is difficult to pinpoint where this is occurring.
Finally, you have people who fall for those phishing schemes from the hackers pretendeing to be GM's. They are told that their account has been flagged for irregular behavior and to go to a website and download some software that does a performance test for FFXI, or to go to the website and enter in their POLID to login and verify their account. The page is setup to look exactly like playonline and the LS community website, but the url's aren't correct. Again, once the player enters in their information on the site, the hacker will have their account no matter what console they play on.
catwho, pet mage of Jabober wrote:
I used my one time item restore to get back 99 O pieces I dropped about a year ago. (Long story.) If I'm hacked and SE won't do a rollback because of that, it's over.
Incorrect, it has been stated that the SECSR's have said as long as you have the token, SE will waive the one time roll back policy. If you don't have the token, you are out of luck and only get one roll back.
Edited, Sep 3rd 2009 8:49am by ImmortalAlchemist