Hacks still happening . . .Follow

My Playonline did not crash after I enter 000000 for my otp, that is good >_>

Edited, Sep 3rd 2009 2:23am by scchan

On the upside, a data dump from Catwho.net tested clean on virus scan. Whew! It's not my website XD

Edited, Sep 3rd 2009 2:40am by catwho

Was skimming through the 27 page long BG thread. Speculation is that either the Square Enix Account server itself was hacked, or one of the authentication servers was hacked. Both are terrifying possibilities, because it means even people who did nothing wrong can have their stuff jacked.

I used my one time item restore to get back 99 O pieces I dropped about a year ago. (Long story.) If I'm hacked and SE won't do a rollback because of that, it's over.

This is why I heartily recommend AdBlock + NoScript. You'd be freaking appalled at where and how people hide executable flash in their web pages, or how easy it is to make some one else's ad or flash play do your dirty work for you. I'd show you one involving a huge transparent layer stretched over two rows of other wise normal looking images it shot down today, but it was while browsing ****. There are a few issues I am not the best at enforcing on myself, mostly because I love boobies.

Edited, Sep 3rd 2009 1:44am by Tarub

So these people who are being caught out on PS2-- are they receiving the same logged-out-then-POL-crashes routine that PC users are getting, or something different? I'm perplexed how these PS2 users can be "hacked" unless something on SEs end flopped or RMT have some bloody clever people writing code for them!

The idea that makes the most sense currently is that as was said some part of SE servers/website logins has in some way been hacked into or compromised in some way. Not all the hackings explain this, some are obviously trojan ifections probably via the phishing sites or some rogue ads but many just do not make any sense as to how they could be hacked. This applies to console users, heavily protected and savy PC users and people that use a pc just for FFXI and never surf on it being hacked.

If it is a weakness in SE's community website or maybe even the security keychain website then we are pretty much boned, Square have neither the manpower or the will atm to track this down so you better go buy a security keychain asap.

If you think SE are beyond leaving loopholes in their security or creating buggy code you haven't taken much notice of the last 12 months of updates they have been releasing which have been slowly getting worse and worse as more and more manpower has been shifted to FF14.

Edited, Sep 3rd 2009 4:01am by preludes

I work in IT as well, and with Terminal Services in Windows XP, the PC will go into the "Terminal Locked, press CTRL+ALT+DEL to login" screen when someone connects to it via Terminal Services.

Actually, with all the hacking stories I've read on this and other sites lately do have something in common. It seems to me most if not all of the victims were engaged in an endgame activity such as Sky, Dynamis or Einherjdar when they got hacked. I don't recall anybody saying they were just FoV levelling in an area such as the Highlands getting hacked.

Its as if the hackers know who their targets are and, being in endgame activities, know they will have stuff worth stealing. It just and observation I made.

Auto-login doesn't store login info. After you login, an encrypted cookie is generated, and it's this cookie that is used to identify your PC and then tied to your LSC account. Someone else on the same PC might be able to use it to mess up your settings on LSC, but it will not reveal any login info.

I was talking to a friend in game about this not long ago, and I realized that I can't tell what I am more upset about... the fact that it is happening at all, or the fact that SE seemingly can't be bothered to invest more time and effort into fixing it than it took to write up the "don't be dumb" warning we get on log-in.

It frustrates me to no end that we put forth all this time and money into a product, and they can't even open up a dialogue with us about these serious problems we are having. This is not just some passive advertising or some in-game dispute, this is a legitimate security concern for everyone involved, and extends well beyond the game.

Frankly, it pisses me off that after all this time and these escalating attacks, SE can't even be bothered to attempt to fix some of the more obvious problems, like the trial accounts. Here there are people pretending to be GMs in a blatant and bold attempt to steal from you and they're basically just left to get whack-a-mole'd without ever even trying to cut off the source.
I have encountered and reported a number of these things now, and literally every single time, I have received an automated message about how they take it seriously, and rest assured, there will be results. Hard to believe after the fiftieth time, harder still when they don't even take the information before attempting to appease you.

Even when they do try to do something, it comes off as little more than a "too little too late" PR move that ends up being some massive catch-all that screws up more than it fixes. And they don't even comment on THAT either (hello player bans).

I think we have earned the right to hear a little more about this, and I really wish they would respect the relationship we have with them (we DO pay a pretty good monthly fee, afterall) and just address our damn concerns. I am really tired of basically being shut out and being left to speculate and fend for ourselves all the time.


Edited, Sep 3rd 2009 5:07am by AmanoJ

I bolded the part that caught my attention.

A guy in our IT department told us 2 days ago about some new virus out there that people are getting by the thousands. It gets on your computer by visiting some sites that have been infected and the site automatically redirects some people to a website disigned to look exactly like a window of Windows Vista internet security on your C:. The page that pops up looks exactly like a Vista page and tells you that you have like 7 trojans and thousands of infected files. It then asks you if you want to clean those files. By clicking yes, you are really downloading the virus/trojan/keylogger/whatever.

Our IT department said it is a old tactic used in the late 80's. This one is just re-done to look like our current OS for people who don't know any better.

We are told that the key is looking at the address bar. If you are really in a window on your computer it will look something like C:windows/vista/security/blah/blah. The fake ones made to look like vista while trying to get you to click the "Do you want to clean these files" option will read like a website i.e. www.hackmysystem.com/pleaseclickyes/blahblahblah.

Hope this is helpful to you.

Edited, Sep 3rd 2009 6:54am by spcwill

Wake up sheeple! Obviously, SE is selling your account info to the RMT companies. After all, the ToS clearly says that you do not own your account...



In all seriousness, I hope that those affected by these attacks have a swift and speedy recovery; however, knowing SE, I can only fear for the worst.

Wow Catwho... you actually named the domain after youself?.. just wow...

Edited, Sep 3rd 2009 11:27am by Endtanis

Few things:

There has been some talk over on BG that people have talked to GM's who somewhat suggested that the Registration Server was compromised. Still, people are getting hacked regardless of what they play on (PC or PS2/Xbox). A lot of the time, it's pretty obvious as to what happens...usually a person gets a trojan on their PC, the player visits an SEC site that requires their POLID to login, the trojan gets that info and sends it to the hacker and then steals the account for a console user. The token has a bit of a flaw because it is valid for 27 minutes before it expires.

Now for PC users, it's a bit more sophisticated. The user gets the virus/trojan on their PC. When the player logs in, everything is fine, but the trojan is hooked to pol.exe. After some unknown period, the user gets DC'd...when the player opens up POL, they enter in their credentials and token, but then the trojan goes to work and completely blocks POL from communicating with the server and crashes POL. At that time, your information that you entered is sent to the hackers and they steal your account.

One of the theories is that there is some type of information leak between FFXIAH and the LS Community site as FFXIAH pulls information from that site. A lot of people who have been hit have profiles on FFXIAH, however, there are those that don't as well so it is difficult to pinpoint where this is occurring.

Finally, you have people who fall for those phishing schemes from the hackers pretendeing to be GM's. They are told that their account has been flagged for irregular behavior and to go to a website and download some software that does a performance test for FFXI, or to go to the website and enter in their POLID to login and verify their account. The page is setup to look exactly like playonline and the LS community website, but the url's aren't correct. Again, once the player enters in their information on the site, the hacker will have their account no matter what console they play on.



Incorrect, it has been stated that the SECSR's have said as long as you have the token, SE will waive the one time roll back policy. If you don't have the token, you are out of luck and only get one roll back.

Edited, Sep 3rd 2009 8:49am by ImmortalAlchemist