Took Every Precaution, Still Got Hacked!

Welp, my Square Enix Account was cancelled, SE Security Token removed, both SE/POL passwords all changed, and my characters "Robmelee" (main) plus one mule were both deleted all occurring yesterday evening at about 9:30pm PST.

The Good News is my SE Account was reactivated and I was able to regain access back to the SE Account, so far all they were able to tell is that my characters were merely deleted and no one has access to them at this time. That much the SE Support Team was willing to confirm to me.

The Bad New is I now have to do a rollback (Character Recovery), which I can only utilize "1" time per account and it can take 2-6+ weeks with absolutely no guarantee I can get my characters back.

All I can say is WOW! Douchebags still out there trying to hack accounts and make money off a dying game that's practically finished (maximum one year shelf life left- being generous!) I mean seriously, what else can SE do at this point? More Item Level Weapons and new Item Level areas??? This game is done. Its too funny! Really it is. Its seems to be all about FFXIV now-a-days.

I write this to give folks warning that people getting hacked is still happening its very real and everyone should continue to take every precaution to be secure. Keep the Anti-Virus and Anti-Spam programs up-to-date and change passwords regularly.

Just so you all know for the almost six years I have been playing I have never once shared my account information with anyone and I have had a Square Enix Security Token since there release.

For the longest, I always thought people getting hacked is just folks not being careful, I was wrong! I have been paranoidly crazy careful, kept Anti-Virus and Anti-Spam software up to date and I only played on PC about 30% of the time. All other times I was on Xbox 360.

So yes, Very Careful People with Security Tokens are getting hacked! Beeelllllive iiitttt!

Hope to see you all online in 6 weeks, if SE gives me my characters back. Be Secure! Be Safe! Peace!


TL-DR Version:

Got Hacked, Everything Got Changed, Got Account Back, Discovered Characters Got Deleted, doing Roll-Back, SE says no guarantees I can get my characters back. Saying all this to remind everyone Getting Hacked is very Real even if you are careful. Be secure! Be Safe! Peace!

You were pretty much just BEGGING for someone named Lee to hack your account.



srsly tho, contact them EVERY SINGLE DAY. No matter what they say. You'll get conflicting responses from the service reps. Just keep on their *** and you'll get it back.

You'll learn to hate Agent Jennifer and Agent Barbara with a PASSION.

Why does everyone say the game has one year left, every year? Until its down to one server, it'll be around.

Good luck getting everything back quickly!

As far as I've observed, people with tokens seem to get hacked a lot.

Sorry about the compromise, hope everything works out for you soon.

Good luck with six weeks. Took some of my characters three months to get back.

Edit: What I did was just restore my deleted character. My SE account got hacked and four of my characters were deleted. Two of my characters (the ones I didn't really give a ***about) remained on the wait list to get restored back to how they were before they got hacked. The other two characters that I had, I asked to be un-deleted. What this does is restore your character to the state it was when it got deleted. In other words, after your characters got robbed. At the state the game is in now, you'd be back on your feet in what? A week? If you didn't have hundreds of millions of gil, I suggest you do what I did.

When I got back on the game, I had no gil. But my relics and emps were still there, along with most of my gear. The gear that could be sold on the AH for a decent amount of gil were taken. I got everything back in no time. I imagine that you'd have an easier time now when the game is easier than ever before.

Ok I deleted comments (you know who you are) Please move on from the bickering.

Pissing someone off...perhaps...maybe. But to suggest I wasn't hacked is ridiculous! Last time I checked, anyone that is able to log into my account that is NOT me, especially being able to by pass my registered Security Token at the time, definitely hacked my account without any doubt. As a reminder I never shared my account information with anyone, and both of my passwords are a minimum of 15 alphanumeric characters, and I changed them regularly.

Although I do agree to an extent that I may have pissed someone off so very much which resulted to this, but I truly can't think of a single thing I could had said that could had been that bad (at least in the last 60 days). Generally I'm an easy going guy and I keep to myself. Almost all of my communications are via Ventrilo or Xbox Party Chat, I hardly type within the in-game console. Unless its an Alliance type event.

Like I said, I made this post to make people aware of the serious reality of FFXI Accounts are still being hacked... EVEN with Registered Security Tokens.

Be Safe, Be Secure, and Peace!

ya it is messed up it is the same thing that happend to me I personaly think someone hacking in to SE or someone at SE is just having fun it is messed up

I change my important passwords every 3months, ALWAYS use on-screen keyboard to type passwords. use 3rd party tools, bots, scanners, cracked software and have never had a password stolen. maybe I'm lucky, or the on screen keyboard really works.

I concur with this. Took three and a half months (started first week of February got it back mid May) for SE to roll back my account when I got hacked and when they finally did give it back it was in the same exact ******* condition it was in that I initially gave it to them in the first place lol (absolutely stripped with no gil or gear aside from the rare/exclusive stuff left). Consider yourself lucky if you get the account back in six weeks but do yourself a favor and don't count on it to avoid the future disappointment.

MMO title game servers got hacked all the time, FFXIV market board exploit(that was like 3rd majority security issue found in less than 3 months) happened a few weeks ago proved that SE has terrible internet security.





You're just lucky, on screen keyboard is like token, just making users feel safe with their account, in reality it doesn't really prevent you from getting hacked.

Am I missing something with the whole on screen keyboard thing? No expert in I/O drivers and stuff, but is it not possible to log the coordinates of clicks on mouse and work out what you "typed" with relative spacing?

Ok you can click one letter of your pw and alt tab, do something else and come back , click 2nd letter, alt tab and do something else again, or shift around your window to ruin the relative spacing.. But similar tactics can be done with the hardware keyboard. And even if you do that if your pc is compromised there's always ways to work out what you input. But I guess key logger is a lot more common...

But anyhow. Seems like quite a few people are getting hacked lately. Instead of people's pc getting compromised there's also a possibility that SE servers got compromised too. So not necessarily their fault :P

Hope OP gets his characters back soon!

OP - have you by any chance, logged into the SE Account Management site recently, before you were hacked?

Not to be that guy but..... FFXI is a very closeted community. We all get stuck in these little rats nests like AH GW BG etc. I remember there was a point in time that if I wanted to check my virus protection, I would just go to ffxisomepage or killing ifrit. You get a virus and then pass it on to your coven of friends. Hell, when I got hacked, they took down my login info for skype, and then tried to send out crap to my flist 6 months later.

Pick game with shitty security (hell they put your software removal code right on the screen when you log into your SE account. it's not even "spoilered"). If i have a trojan on your computer that sees your screen, poof. token is irrelevant. now i just need you to type in your password once, hit my "force you to r0" button and I now have access. Then you sit there trying to log in 10 times but get a "failure" because ive already deactivated your token, and if you try to login to an account WITHOUT a token, with token credentials, it jsut says no.
even better, if i spam a fake program (like clipper or something), or post a fake link on FFXI social media, I can get 20 accounts at once. Then i just have to monitor your login habits and I can have free reign of your account while you work/sleep. How often do you click a link in picsthatmakeyoulol that you assume is just a youtube link or an off-site "not appropriate" joke? How many of you still use IE. Or if you use a real browser, how many blindly allow everything on an ffxi related site.

*i'm not trying to give anyone ideas. I just want people to be more aware that currently ffxi community is like an all you can hack buffet and then they make threads like "i took every precaution".*

I took every precaution too and I made it 11 years. People get lax, allow too many loopholes, forget to format more than every 2 years etc. Saying "i was hack proof" means you never laxed security once. Even the best of us have several windows over a couple months.

The OSK alternates/inverts it's axis vertically and horizontally at some random interval. This makes it harder to use a keylogger to obtain a password through translating positions and clicks. I will say that doing all those things will certainly decrease the chance of getting hacked because each exploit has limits and if you happen to fool any part of it, it won't work. But, it is important to remember that anytime ANYONE can access data on a computer/server than someone with enough time or exploits can get access too. The only safe data is data no one can access, including the user.

I'll say that safe browsing habits are probably the most important as some form of malware/spyware type thing are going to be the most likely source of a hack as brute forcing isn't worth it when you can simply have users give you their passwords in mass.

Don't jump to conclusions so quickly, there was that thread with multiple people having their characters deleted. This is probably related somehow.

I love how everyone who gets hacked kept their ***up to date and didn't share their info. To put it simply:

Regardless of your computer knowledge, you can't just gain access to something without a vulnerability.

If someone had access to SE's servers, they would have wanted more than to delete one nobody's account. There would be stripped high-profile accounts, etc, for RMT.

The only realistic explanation is that you had malware on your computer. While there's always some possibility for new malware potentially getting past a antivirus, keeping your virus software, flash, browser, and addons up to date will reduce the chances of any of this happening to infinitesimal levels.

On-screen keyboard does nothing, any current gen keylogger will screenshot the area around mouse clicks. The only solution is to keep your computer clean.

Oh, and while we're on the topic, nobody is 'targeted' unless your buddy sent you the keylogger over skype under the guise of something else. The idea of hacking an account just because it's got something is ridiculous, it would never happen. 'Hackers' just find access to forums and skim PMs for login info or deploy malware for the most part. If you keep your computer clean and don't post your password then you aren't getting hacked.