Character Gone

The first time I called I got a woman who hung up on me after telling me to read some stuff online, when I called back she said she would email me I had to call back a day later to talk to someone different who resent the email and I got it before he finished telling me to check my email. call back if its not there in 24hrs imo

My account was hacked several years ago, and I had to go through the same process of filling out a form, getting it notarized, providing photo ID, etc. It took a few weeks, but I got my account and all of my stuff back.

Ever since then, I've been a lot more careful with my PC security. I only use Firefox for browsing with Adblock Plus and Noscript addons active at all times. I try to stick to websites I trust, but still keep unnecessary scripts blocked just to be safe. I clean my system registry on occasion and run Avast free Antivirus regularly.

I also keep my browsing and my gameplay separate. A few months ago, I had to buy a new PC because my older machine crapped itself. Since then, I've been using the new PC strictly for playing FFXI, but do all of my browsing on my laptop, just for an added layer of protection.

I was being facetious.
I personally don't believe they're hacking incidents, but until I can talk to SE (and them actually being cooperative and looking at the game logs) I can't say for sure what happened.
For them to have hacked me (can't speak for the others) they would've had to read my first'ish post on this thread, wait for me to reactivate my accounts, watch for me to log in and be active, watch and hope and pray that I went to a website or downloaded something obviously infected. I mean maybe there's some sort of program that flags them when someone is vulnerable and active so they can quickly act? Idk, seems pretty wishy washy and overly complicated as an explanation. There are several other factors that make me lean away from the hacking theory also but I won't get into them.

I'm not a hacker, but I do have some semblance of computer security and awareness from being in Intel in the air force for 20 years.

My question would be: Everyone that has managed to reach SE support, have you actually bothered to ask them to look at game logs and tell you what the *** happened? I expect they prb just gave the "We'll have to investigate and we'll let you know" answer. Thinking about making another char just to log in and grab a GM to look at logs and tell me personally.

Summary: Don't know, still not enough info.

http://www.ffxiah.com/forum/topic/40245/accounts-being-hacked#2448185

When I was hacked my characters and accounts were all deleted. They then used my social media at a later date (saved logins to skype/fb etc) to spam out "man this makes me wish i didnt lose my account *SKETCHY LINK HERE*" to try to get others too.

I wouldn't doubt this is an extension of the same thing. Instead of nuking content IDs they're probably deleting whole accounts now.

Bryth said he was able to screw up POL to where it didn't ask for his token after a reinstall. Sounds like an issue within POL. Why do we still have POL again?

There's a sketchy "http://sqex.to/ffx" URL in the 3 day event list.

From Wikipedia:

I'm not sure about FFXI, but aren't FFXIV's North American servers hosted in Canada? Just curious.

Well, I talked with an Agent Austin P. (and yes I did ask if he was Austin powers or that was his real name but he just laughed).

Anyway, 90 minutes later the sum of it all is this:
If your token is deactivated then you were keylogged and hacked. Per a customer servant rep (take that for what it is) there is no way for data corruption on SE's end to remove a token.

I would post the entire chat but there isn't really too much to be learned from it and it isn't that humorous. The funniest thing was:
Agent Austin P: It will be impossible to submit this request if you flood the chat with questions

Here's some forms, fill them out, we'll restore your characters. We can also submit a request to reactivate your token (thought you had to buy a new one but apparently not).

They'll do an investigation but you will probably never ever be told what happened.

I did ask this:
You: Any activity after Catlord bought the umbril ooze from the auction house would indicate hackers.
You: So you don't have the power to look at anything and it will have to be processed and someone else will investigate?
Agent Austin P: To answer your question, that is correct. It will be investigated and then fulfilled.

You: So I think from all of that, it's best to sum up saying: You were keylogged and someone deactivated your token and deleted all your characters, we'll restore your characters if you fill out this paperwork, and we can reactivate your token.
You: Is that about the sum of it?
Agent Austin P: That would pretty much make a long story short.

Sooo yeah. Maybe my replication of getting characters deleted was coincidental and in no way related to ryanx's or any of the others problems.
Or he's just a customer service rep and doesn't know.

My quest for answers has ended.
I have failed you all.

Well you got to take into consideration the issue, and what are the limitations of a Customer Service rep versus a Technical Support rep vs someone who is a tech who can reimage/rollback the client's character.

1. Customer Service rep can only really take down the information of the issue and determine if the issue should be passed on to Technical support.

2. Technical Support can only determine if the issue can be resolved by them or if they need to generate a ticket for an actual tech to resolve.

3. The Tech, this guy already has a bunch of tickets and will eventually get to your ticket to resolve your issue when he has the time. They will prioritze based off chronological order of the ticket and overall necessity of the issue being resolved i.e fixing an executives computer versus heading into the server combing for client information isolating the correct information and executing a rollback/reimaging.

tldr: takes time for a real person who can resolve your issue to get around to resolving your issue.

That would be my guess.

Aye, but to be fair I did ask him whether he could look at the in game logs or if there was someone I could talk to that could.
He couldn't. And an investigation will take time.

None of that really helps any of the people that actually play ffxi and are having to get their chars restored like Ryanx.

/shrugs

I remember my step dad having a hall and oates 8 track in the car.
sadly.

Ashman , you said you knew for sure you were hacked. Did you ever report it to someone like the IC3 or cyber threat centers to see if you actually had been hacked through that link?

Doesn't make a lot of sense then when ryanx said he never downloaded anything, the one person never used anything even windower. blah... misinformation is the bane of my existence.

^ Just... why?
Feeling like taking this advice at the moment.

You don't have to knowingly download anything, that's the problem. All you have to do is follow a link to a website that contains a malicious script, and the script will do the rest. That's why I love Firefox + NoScript, although I'm sure even that isn't foolproof.

In any case, I'm sure most of the work is being done by a bot, not a person. I'm guessing that the bot collects your info, detects when you input a security token code, then logs into the Square Enix Account Management site and immediately changes your password. It then notifies the host so they can log into the game and strip your account - although it's possible a bot is doing the stripping also.

My question is, is the bot specifically detecting when you input a security token code into the game, or is it detecting when you enter it into the Account Management site? Ashman mentioned that he had logged into the account site to pay for Crysta, and the next day his account was hacked.

To anyone who was recently hacked - have you logged into the Square Enix account site within the past few days?

As far as I'm aware, the FFXIV servers *should* be in Canada, and parts of the EU to help solve congestion issues for that player base, and the Japanese base being in Japan. Even still, only local municipal websites in Canada will use their city's name abbreviation as part of the website domain. Other times, it's a provincial abbreviation, occasionally suffixed by a ".ca" domain.

The sketchy part about this URL is that it doesn't bring up any website, nor does it properly link. If you also noticed, it's "http://sqex.to/ffx" as in "10", and not XI as in "11".

Square Enix has had poorly and elegantly imitated phishing sites to contend with over the years - some players of which received electronically generated emails and tells from people posing as "Game Masters" to try and collect player data, credit card info, and other identity fraud activities. Often times with great success on the part of the scammers with an easily accessible cyber-trail and paper trail should they be pursued by SE's legal and counter-fraud teams.

It could be a serious bug, someone inside stealing, or a spurned employee just being a ***, wanting to watch the world burn. (waits for Nikolce to show up)

Whatever the case may be, Square Enix has officially been caught with it's pants down on this issue several times, and it looks like they haven't bothered to pull them back up and admit they dropped the ball.

If a representative, customer or tech branch rep. is saying you've definitively been keylogged or hacked, given the information, this is something you should be requesting to be compensated for by reversing payments made during time without service. You pay for a service that has been compromised, suspended, "investigated" without any disclosure to your complaint, or service that has been nullified by data corruption. At least, a responsible company would then look at what's happening more seriously, since they are also bound by that End User Licensing Agreement and Terms of Service ***. At the very least, a responsible company would take these issues more seriously.

But when have we ever known SE to be responsible?

https://twitter.com/ffxi_EN

They've been using this sqex.to shortening link ever since they started the twitter campaign. the 3 letters after the / are all generated randomly. It's just a coincidence it came out as ffx.

The sqex is just a redirection to the playonline.com site and I highly doubt there is phishing on the official POL site.

They use the sqex thing all the time on their FB feed, it's fine

Stop using clipper, problem solved. There are +12% mov speed pants/feet for all jobs, stop being lazy.

Sorry, couldn't resist :P

Cupper is the only thing that makes leveling Adamantoise and other slow as **** mobs suck less. :x

To those affected by this:

Are you using the software or the physical security token?

You guys got keylogged.
Accept your error and either ragequit or wait 2-3months for a restoral.

you act as if 12% is even a diffrence. but regardless, a few months ago, when cupper was broken, a few ppl from my LS we're using an older version of Clipper, well, turns out it was infected. 3-4 of us got keylogged, the other 20 or so, didnt. go figure.

it doesnt matter, keylogger will still grab it, physical token, or phone token, you have to type the numbers, and the code is still valid for like upto 30 seconds or longer after its used. BIG flaw.

It is pretty silly that a token password can be used more than once. Keeping the emergency removal password right on the front page the se account is a little silly too. I don't know the limitations of the software, but there are other ways around it.. for example, the last time I took my token off my WoW account, it required 2-3 consecutive numbers to do it. SE needs to change something to make it a little more secure.

You know they introduced an interactive type keyboard to enter your password in now. Unless i'm missing something, key logger should not pick up on this if you use your mouse cursor to enter your password instead of manually typing it out from the keyboard. I've never had any problems that way.

While true you can only enter your one time password from the token from the keyboard, that's only half of the equation.

That's been out for years and years actually but..



Actually, I think the biggest thing that's missing is the SE account name, since PoL saves that. That's why people usually get nabbed as they're logging into the website, because you have to type your SE account name in. If you wanna be extra safe, save that ***in a notepad somewhere and copy/paste it when you login to the se account page.

You can also type your password on the SE website in on a keyboard similar to what I described earlier.....it might take an extra what 10 seconds lol?
I always use it when I log into the website or onto the game. That's what it's there for and should ensure you don't get hacked by some key logger. I'd take the inconvenience of the extra 10 or whatever seconds to type it out with my mouse than to chance losing my account, wouldn't you say?