Odd Player Hack Story

Ok first lemme stress that this did not happen to me. It was a close friend in my LS and all the details i have are received second hand.

Last night while we were in sky traveling from one God island to another. Normally there are a couple stragglers traveling from one island to another or people building TP etc so we don't do a head count RIGHT AWAY. One of our sacks stopped to grab a Curtana ??? so was a little behind as well. He is coming up to the island and sees our thf naked fighting a groundskeeper in only xknife. He dies and HP right away. 10 mins later that sack gets tells from the thf from one of his alt accounts. He says he is spam trying to log in and cannot.

When he DOES get back to his account he finds that all of his gil has been mailed and his expensive items (hagun osode lu-shangs etc). He does still have a couple of items as it appears the offending party was attempting to mail asap and get out. He checked the mailer NPC and said the field that normally says where the items were shipped to is blank.

Here is where things get weird. He has the SE token. He manually enters his password at the login screen when he does login by clicking the screen instead of typing. He also is known for not logging out entirely and just sitting at the character select screen when and if he does go afk. He said it had been at least 24 hours since he had last logged in. To me that is more than enough time for the token to have expired.

Now before i get the obligatory jackasses who are going to attempt to troll this post i would like to say a couple things. 1) I'm mystified as to how this happened since he has token and hadnt entered 1 time password in over 30 mins. It will bother the crap out of me until i know how. 2) Im hoping to get a heads up out to others so maybe we can nip this in the bud before it gets anyone else. 3) I had a false sense of security after getting my token which is now shaky.

Also, I origionally thought this had to be due to gross negligence on his part or a lapse in judgement. In retrospect, he is the calm, quiet, calculating type and has no shortage on intellect. I do not think that he could have oopsed this in any way. No one has access to his account aside from his dad either (who plays on the same account). This rules out it being an inside job or a jealous roomate etc.

Cheers and thanks for reading. I hope no one else has any issues like this and again this is secondhand information (not my account) before you all line up to flame me. Thanks again!

any chance his dad responded to those scam tells of SE baning acoutn if dont go to a website and enter info?

no chance. as i said he hadnt used one time password in at least a day as well. we were in sky a good hour and a half before he DC too. i am flabberghasted

Correct me if im wrong but... Has anyone else noticed that the 1 time password is a total crock? If someone is able to "key-log" your squareenix PW and login ID they dont need the 1x password because it can be disabled from outside the acct. (Big mistake on SE part as far as im concerned) All you have to do is pull up your acct prefs before logging in and disable the Token PW save and log-in. All the token really gets you is extra invo space not extra security. Only way i can see it being helpful is if you saved your SE password so that you are not keying it in all the time. No matter what, someone trying to hack your acct has to have your PW/login... so if you typed it once and saved it they cant get it unless they logged it at that time. (I think... but i could be wrong)

it just prevents you from typing account number and password each time as far as i know.

the token was their way in, SE is behind everything o.o

You can disable the one-time password through the settings but you still won't be able to login.

You need to unlink the token from your account to completely disable the one-time pw.

The intended purpose was to provide a constantly changing PW so that Key loggers would be ineffective but since they made it so it can be disabled pre login it is essentially worthless.

You actually are. Once you link the token to your SE account, you are required to enter the one-time password if you are trying to get into the account management site. It won't let you log in without it. Period. So there is no way that this person doing the hacking was able to log into the hacked person's SE account and disable the token. The token would already have to be disabled for them to do that.

And for those who think that you can re-use one-time passwords, I don't believe you can. I have tried to log into FFXI with the same one-time PW that I had used not even 5 minutes before because POL terminated on me (damn you Vista!). It wouldn't log me in until I hit the button and entered a fresh one-time PW. So unless there is some way around it, I am completely baffled as to how this person got hacked like that.

I can't even think of an explanation to give right now. Nothing sounds good to me because I go back and read the OP again and find a hole in my explanation. First I thought he might have walked away from his computer and someone else (a family member or friend they had over) did it. But then I read that this person became disconnected and had to log back in. Then I thought that maybe he had accidentally visited one of those sites that we've been warned not to go to. That is still a possibility, but if the hacked has a good, clean surfing record and pays attention to where they go on the web and the news things that pop up in POL, then that shouldn't happen. The only other thing I can come up with is that, maybe, somehow someone did some pretty extreme hacking and was able to remotely take control of his computer or his account. It's a long shot, but I have no idea how far these people are willing to go to get what they want.

only way to disable it is if you go on SE website thingy and remove the token and to enter the website is to type in the 1 time password

removing the pref won't disable the token it will still ask you for the 1 time password

Aurica is correct.

I tried logging in both of my accounts at once, but it wouldn't let me use the same one-time password for both. (I had both prompts up at the time and the only delay between logins was the time it took to type in the number code.) I don't know if I caught the tail end of the code time limit, but that's what happened for me.

I have no idea or suggestions about how his account was hacked. Hopefully he can get some GM action.

This. there is no way that you can even log in just by disabling the one-time password from POL. It has to be deactivated and unlinked through the SE Account Management site. Which will still require the one-time password to log in and make said change.

; ; Sorry to hear this Ash, I'll do my homework and see if there's any other way he could have been hacked.

The One time passwords are only good for 30 seconds.

Another thing i forgot to mention (which origionally made me think trojan) is that he said his "POL window just closed". The problem is that token is not linked to your PC and he hadnt relogged in in a couple hours (or a day or two).

i dunno

Okay.. given the stupidity of SE... and assuming the guy's not on crack and didn't remove his token.. it implies something new..

1) The auto-saved password file was sent to outside person via the known web browser .swf exploit

2) A new multi-session bot randomly enters codes in the token field until it finally gets a match and logs in...

But for this to happen though, SE/pol would have to be completely inept - allowing unlimited failed login attempts without locking the account....

Please let us know what the GM's tell him.

I'm curious on this too. There are a few ways to get access but I'm wondering what a GM has told him.

IF this isn't a joke I would expect that he contacted a GM immediately.

If it is real, and exploitable, we'll probaly see something on it soon.

To me it just sounds odd. I knew someone that claimed they were hacked only to find it was a big joke by them because they were leaving.

We had something similar to this happen in dyna the other night. One of our newer members apparently said he disconnected, tried to log back in for 10 minutes, then when he did get logged back in, was standing inside his mog house instead of the dyna zone with all of his gil gone and his HQ staves in the outbox. He said something about he wasn't able to see who they were sent to either I believe. He contacted a GM and they told him something about they were going to try to recover his acct (dunno why they'd try to recover his entire acct) and it may take up to a month. This guy also says he uses the token to login. I'll admit I was a bit skeptical when it happened, but after reading this post, idk...would be a really odd coincidence for two similar things happening on two different servers at around the same time (within the same week) concerning hacks on accounts that use the token.

that is essentially a cliff notes version of what happened.



Im still babysitting the sloths at work for another 3 hours but once i get home ill ask him whats up and keep everyone updated. Is/has this happened to anyone else? please keep up the info if you can help thx

a member in the LS im in on shiva, posted last night or this morning that he was hacked with a security token on the account. his character was deleted, and 2 accounts were added to his credit card bill ><

lol 2 acct added on credit card poor guy xD

This seems to be happening alot, a friend of mine logged in one day found himself in his mog house with nothing. His sent items had one piece of gear which wasnt picked up yet sent to Hadferder SE is investigating the issue and may roll back his account.

make sure he sees WHEN they are going to roll back, some people had bad stories about not telling se when and they rolled it back like ayear and they were screwed because they approved the roll back, not seeing WHEN they would roll back the account.

He said SE is investgating the issue and will roll it back before the issue occured.. but hes been in constant contact with them i hope everything goes well for him and anyone this has happened too who is going through the process.

before the issue occurred can be years of game play lol. just be currful. i would make sure i see the date of when they do the roll back before i agree to anything.

*feels sense of security shattering into a million pieces*

Is all a sham. Its an inside job from SE, whether it be SE as a whole, or a few disgruntled GMs taking accounts and selling it to RMT for personal gain.

SE is a front for RMT. How many complaints are out there about brogames/others /tells in game from TRIAL accounts. If SE didnt want them there, they would simply stop trial accounts from being able to send /tells, or limit the /tells at the very least.

The STFU is a sham. They have no interest in removing RMT, nor do they care about RMT activity regarding hackings/gilselling+buying/any other crap people message them about. All these numbers are pulled out of their ***. If 8000 banned accounts and billions of gil were removed from the game, you'd see much difference in the economy, let alone server sizes.

Its disgusting, but RMT is keeping SE alive. With SE, its all about money. They're getting money from RMT for their accounts, money from the people whos accounts have been stolen (Regardless of it being "frozen", you still pay a good 2 months for it and cannot play what you pay for.), and money from people scared of being "hacked" from token sales. Its all win/win for SE.

tl;dr version:
SE = RMT

OUCH. Major ouch. >_<

Rate me down for being accurate. {Good job!}

okay, who the hell is rating down every post in here?