My Account was Hacked :(

[Uzor]

I agree with this 100%. Old CC info and registration codes should cut it.

Well, I think old as in the one you used before then, if its within X time. However, if you'd require an old credit card if you, say, forgot your password, it could create problems, as a lot of people don't memorize or keep old, expired credit cards. So I'd understand requiring the current credit card in those cases.

[Demetrik]

Sooo feel you where your coming from SE customer service is horrible in my own opinion. This is how I got them to help me out.
my xbox encountered thoose nasty red rings of death.... but my ffxi account was linked to my xbox so even with a new xbox SE did not want to assign my character to my new xbox live account . So i give SE a call and there customer service rep hung up on me twice for my persistance, whenever you ask for a manager they'll say that you have to write them a letter blah blah blah. So after about the 5th time i called and let them know where i was standing I was still turned down.

Call SE headquarters!! and let them know about the way you've been treated!! ask to speak to a manager at their corporate office!!. If you attempt the customer service theyll just blow you off. After i spoke with a higher up manager at their corporate location in SoCal he lit a fire under their asses and guess what now they have the access to do whatever i wanted. Dont mess with the little man. My character was restored within the hour and I vowed to shoot myself then call those morons again. Hope this was of some help to you

[Gerry]

Well, I think old as in the one you used before then, if its within X time. However, if you'd require an old credit card if you, say, forgot your password, it could create problems, as a lot of people don't memorize or keep old, expired credit cards. So I'd understand requiring the current credit card in those cases.

Surely SE wouldn't need to know the password of a currently active or expired card though right?

Just having the 16 digit card number should suffice, or at least the last 4 numbers and the security check numbers on the back of the card.

Anyways, sorry to hear about that Jussy, best of luck getting your account back =(

[Calintzpso]

If I could do anything for you Jussy in helpping, Its this. So here goes as it worked for another friend of mine so I think you should consider it maybe. Pol isn't cooperating with you, won't restore your name to the account and Say they can't with current info?

"Persuade" those hard ass idiots with this...

"Oh? so my CC info doesn't match so you won't restore my password and account? I think I will then have to call my credit card company about this Fraud charges I was getting from Square-Enix for the last 3 years cause I supposedly don't have this account with you guys. I guess I was oblivious to the charges until now. You can speak to there lawyers then in court, or you could call your lead manager and we could have this matter sorted out now."

Sweet and evils the way to do it...

A friend of mine used something like this, They called a manager well he was on a off day or something and he had the matter solved asap.

Anything thats gonna cause loads of trouble for the department will get there asses moving. Usually. Its worth a shot, think this is in the same area as declaring ID fraud like you said. Give it a shot.

[Calintzpso]

I just checked, you can't do my idea totally. but you can however on standard credit cards say last months charge or earlier this months you got was a fraud, they will immediately freeze your account. Standard cards have a 30-45day dispute period where you can say you didn't want to be charged for something. That will get your point across to the assholes.

[Uzor]

Surely SE wouldn't need to know the password of a currently active or expired card though right?

Just having the 16 digit card number should suffice, or at least the last 4 numbers and the security check numbers on the back of the card.

Anyways, sorry to hear about that Jussy, best of luck getting your account back =(

Notice how I said YOU forgot the password, not SE.

If you forget your password, and SE asks you for your last credit card, that could create problems for you. That's why they ask for the current one. However, as I said, it'd make sense if it would be OK for you to state the creditcard used before, if its within 1 week of changing the credit card, to help their hacked customers.

[Gerry]

Notice how I said YOU forgot the password, not SE.

If you forget your password, and SE asks you for your last credit card, that could create problems for you. That's why they ask for the current one. However, as I said, it'd make sense if it would be OK for you to state the creditcard used before, if its within 1 week of changing the credit card, to help their hacked customers.

Ah damn thats right. My Mistake, Misread it.

[Skaw]

I agree with this 100%. Old CC info and registration codes should cut it.

Registration Codes alone should take priority over everything else really. Since its a lot harder(read: impossible) for someone on the internet to get ownership over something material through hacking/trojans.

[Uzor]

Registration Codes alone should take priority over everything else really. Since its a lot harder(read: impossible) for someone on the internet to get ownership over something material through hacking/trojans.

Indeed; and that is what SE are doing wrong. The current way it works, SE benefits almost entirely the hacker/stealer and account buyers. All of which are against the ToS, and to some extent, the law.

Why they even bother asking for all the other information is beyond me, as apparently the only thing that works is to give them the current credit card information.

[Celvantes]

You know, there's a REAL easy way Squeenix could fix this.

Some websites require e-mail confirmation (you check your email and click a link in it) to change your password. Why couldn't they do the same with POL passwords?

That way, when asscockhacker tries to change it, you DON'T click on the link in your e-mail, and you report the violation.

[Liefe]

What if they just made a security PIN you could set that could only be changed through answering 1-3 security questions you set an answer for?

Make PIN on account take priority over any other info provided..

[Jussy]

Sooo feel you where your coming from SE customer service is horrible in my own opinion. This is how I got them to help me out.
my xbox encountered thoose nasty red rings of death.... but my ffxi account was linked to my xbox so even with a new xbox SE did not want to assign my character to my new xbox live account . So i give SE a call and there customer service rep hung up on me twice for my persistance, whenever you ask for a manager they'll say that you have to write them a letter blah blah blah. So after about the 5th time i called and let them know where i was standing I was still turned down.

Call SE headquarters!! and let them know about the way you've been treated!! ask to speak to a manager at their corporate office!!. If you attempt the customer service theyll just blow you off. After i spoke with a higher up manager at their corporate location in SoCal he lit a fire under their asses and guess what now they have the access to do whatever i wanted. Dont mess with the little man. My character was restored within the hour and I vowed to shoot myself then call those morons again. Hope this was of some help to you

Hey thanks a lot! A flame of hope! Do you still have this number?

[Jussy]

So here is what I am submitting to the comments and suggestions people. For those willing to lend a hand, I intend to make a revised version that other people can copy and paste to submit. I have finals to study for at the moment, so it might be a couple of days.


Hello, I am registered with PlayOnline, and I am an avid Final Fantasy XI player. Due to the difficulties I have encountered after my account was compromised, I have a few policy suggestions that I would like to share. I am the owner of account number ********.

Problem:
Late December 3rd or December 4th, my account was hacked by a virus called “infostealer.gamania”. I have made seven or eight calls to the PlayOnline representatives, who unfortunately can do almost nothing due to “policy.” Currently, it is PlayOnline’s policy for an account owner to provide the following before resetting a password: account number, name, birth date, first and last four digits of the current credit card, and street address. For basic policy procedure such as forgotten passwords, providing the above information is adequate. However, in cases of hacked accounts, this is not enough. In the event of compromised accounts, it should naturally follow that a different procedure should be taken in order to verify the identity of the person on the other side of the phone. This is due to the fact that the personal information of a compromised account is normally changed after it is acquired. The issue is that PlayOnline IDs and passwords have too much influence over establishing rights to an account. I have four suggestions for modifying PlayOnline’s current password reset policy.
1) A proper account owner could verify ownership via registration codes.
2) A proper account owner could verify ownership via previous credit card information.
3) There could be a more involved procedure for changing personal information.
4) There could be optional password protection via telephone.

Solutions:
1) PlayOnline could require account information that is harder to steal, for example, registration codes. Registration codes cannot be as easily leaked because they are only entered once. The most important thing however, is that registration codes can only belong to one user, and in order to be stolen, it must be physically taken, rather than virtually as we see in on-line crimes. To take it further, since registration codes could still be leaked and used maliciously, PlayOnline could additionally require the credit card information that was being used when the registration code was submitted via the PlayOnline account.

2) This proposal would effectively make account-stealing more difficult is that an account owner could verify ownership via previous credit card information. I propose that providing the full credit card and street address information that was used on the account prior to its alleged hacking to be a sufficient replacement for the current first and last four digits and address. This would allow more extensive account security for those of us who have been your customers for years. These RMT and hackers are the bad guys, we account users are the victims, and PlayOnline representatives are supposed to be the good guys. However, when victims call in complaining about bad guys, the good guys can do nothing because of a flawed policy. This leads to PlayOnline being viewed as having very poor customer service. Also, hackers do not operate within policy procedure, so, in cases where hacking is involved, why should PlayOnline? It’s an obvious barrier in getting these problems solved. One may say: “Well, following policy faithfully is what makes PlayOnline different from hackers.” This is a very admirable and true answer. However, my point is that because these bad guys have no policy constraint, the policy of PlayOnline must be flexible so that it can affectively combat complicated issues. The logic I am promoting is “If the enemy uses bullets, you buy Kevlar vests, and if the enemy uses armor-piercing ammo, you take appropriate measures to combat it.” However, the logic that I see from current PlayOnline representatives is “We built armor. The enemy uses armor-piercing ammo, but our policy doesn’t allow us to upgrade, I’m sorry.”

3) With the current PlayOnline policy, hackers only need to have the ID and password in order to take entire control of an account. Because of this fact, they can too easily gain what one of your representatives called “rights to the account.” I believe that other measures should be taken to ensure that these “rights” are not exchanged so easily. These measures would create more account security for the real owners while increasing the difficulty of hackers and RMT to keep acquired accounts. My proposal has two suggestions. The first suggestion is that the existing full credit card number (or perhaps the first and last four, as is current policy) should be submitted along with the new credit card information when a user attempts to change the credit card information. This would be similar to how you change passwords on other online accounts such as email. In these instances they make you provide the old password when changing it to a new one. The second suggestion is that upon credit card changing, an email should be sent to the user outside of PlayOnline’s account that requires activation before the new credit card takes effect. This would slow hackers by forcing them to have information outside of PlayOnline to do their dirty work. Simply put, ID and passwords have too much power within one’s PlayOnline account, and are insufficient in verifying the identity of the account’s true owner.

4) Another measure that could be taken is optional password security via PlayOnline representatives on the phone. This would offer a method of account security free from internet hacking. By this process, an account user who is able to verify his identity as the appropriate owner of the account could submit a password on the telephone with a representative that would either give him or her full access to the account’s information in the event that he or she believes the account to be compromised. Also, verbal password authorization could be optionally chosen for those account owners who wish that there information never be allowed to be changed via online means. According to this process, anything changed would have to be done over the phone.

Conclusion:
Thank you for reading my proposal. It is my wish that you put as much effort into affecting some type of policy change to benefit your PlayOnline account users as I have in recovering my account from its hackers. I have not yet recovered my account, but am taking every measure humanly possible in doing so. I can only hope that a future policy change will alleviate your employees current restraints so that I may once again roam the world of Vana’diel with my friends without having to repurchase all of the game discs and re-leveling my character. Starting over from scratch is not an option for me. It would cost too much, and be too depressing to repeat almost 300+ hours of work. Many users have enjoyed your game for years, and desire to use it for entertainment for more years to come. In light of this it is truly sickening to think that hackers are so easily able to steal our accounts and “gain rights” to them without immediate resolution by the actual owners or PlayOnline representatives. These malicious hackers must be stopped, or at least slowed, and I am sure that the aforementioned proposals can effect this.

The Special Task Force stated in one of their recent reports that RMT activities have declined, and that their gil reserves have been greatly reduced and are having a much harder time staying in business. There is no doubt in my mind, that if at least one of the measures I have suggested are taken, that these RMT companies will have exponentially more difficulty in plaguing the Final Fantasy XI game environment. Thousands of us play your game and work diligently to create our characters and enjoy their experiences. We utilize teamwork, imagination, logic, and, above all, a lively spirit when we strive to master the game that your company has created. It is my sincerest request that you approach the above account-hacking issues with the same attitude, and solve this so that many of us in your game community may reacquire our accounts and continue to make memories with our friends online.

Sincerely,
My Name

[Dowzer]

Just a heads up for avoiding possible ways to be infected. FFXI AH Admin are currently looking into which advertisement could be associated with this:

http://www.bluegartrls.com/forum/vie...837371#p837371

Acrion -- Midgardsormr

Been out of the game for 2.5 years or so and just recently reactivated my account and restored my characters via WBC just last month November. My account was hacked December 4th overnight as a result from malware from an malicious script on FFXIAH.com. I have never used any 3rd party programs with FFXI. I don't download any hacks or cheats or open any attachments from IM (I don't even IM). I suppose it took 1-2 days for this to happen as PlayOnline started acting weirdly, e.g. bumping me back to the login screen to reinput my password even though I saved it and used the FFXI shortcut on my desktop, PlayOnline crashing after the /shutdown command in game is complete.

Consider this a warning to the rest of you. The only mistakes I made were visiting the site and using Internet Explorer to do it. I now just run Firefox with the appropriate addons. In the future, I'll only game with one good computer and do everything else (including surfing the Internet) with the other one.

My valuable items (such as Lu Shang's Fishing Rod, Spider Torque, Penitent's Belt, etc.) and all my gil from my 2 characters were sent off somewhere to be liquidated on the AH for gil for some RMT operation.

When I tried to log on that morning, I found that my password was changed, but my credit card information was not; so I was able to use their Support to reset the password on my account. I found both of my characters logged off next to NPC Mailpersons at the AH; gil and important items gone.

I phoned in Account Support and the lady told me to contact a GM ingame for issues regarding items and gil, and not to login to my account again until I knew my computer was clean. But I already cleaned out spyware on my computer and knew I was fine. The GM ingame was apologetic, but was of no help at all and couldn't wait to end my call. He told me that there was nothing SE could do unless I filed a Theft of Digital Information Report with my local authorities, which I have basically no time or will to do at this point. I asked him if that could lead to my stolen property being restored, and he said it doesn't hurt to ask.

So, I'm not going to pay for my next month's subscription, and I'm going right back to cancel my subscription, and then I will never come back because of their response. I wrote a spiel to them in their Comments & Feedback section, but they just sent me back the automated response of receiving it to my POL mail account. I will not support a company that exercises a stance like that. Offers no support, no protection, and no recovery for their innocent customers. Blizzard (World of Warcraft) does this and investigates to help victims of account compromise to recover but SE does not. SE needs to work on PlayOnline security and most of all customer support.

Just some more information. There was a trojan loose though I am not sure yet exactly where it came from. I used IE and had multiple browser tabs open to FFXI information sites such as Allakhazam, FFXIclopedia, FFXI-atlas, FFXIAH, though I suspect that the FFXIAH was the culprit. The particular trojan I located was:

Trojan-PSW.Win32.OnLineGames.a

The file was Windows\System32\kb1ss1p.dll

It could be it.
Some info about it (under 3. Using Malware):
http://www.kaspersky.com/reading_room?chapter=207716493

As for RMT sites or entities using malware through advertisements, etc. to compromise and rob accounts, I fully believe it.

Be careful out there. Everyone is a target. The OP's mentioned timeframe of when the compromises occurred is dead accurate.

I posted this in the other thread, but I will post here too.

It happened again. I have been using it all day without it trying to download something. Now it just happened.


When I click the "x" on the pop up box, it pops another box trying to send me to another webpage.


Just for the people good with this stuff, am I safe? I didn't dl anything and just "x" out of it.


Last edited by Ddong on Sun Dec 09, 2007 8:03 pm, edited 1 time in total.

It doesn't sound like you are safe, but I am not an internet security guru or anything close. I certainly didn't press OK, and I was still infected. I was infected with another Trojan too from it days ago: Trojan.FakeAlert

If you use the FFXI Shortcut (PlayOnline saves your Account password so you don't have to enter your password), and it bumps you back to the login screen where you have to input your password again because it was saved but mysteriously wasn't there anymore, DON'T type in your password and log in.

Possible ways to counter it:

Activex fails, just because it allows this rubbish to happen. IE is the only browser that uses it and the only browser that integrates viruses and spyware into the operating system.

Protect yourself with Mozilla + Flashblock + Adblock + Filterset.g + (if you want added security) Noscript. I use all except noscript and have no issues with ads or spyware ever. I work in the industry and repair spyware/virus/trojans on a daily basis. Every single time IE has installed an activex control that has bled into the operating system and other software.

The following tools will scan/remove and further down protect you from most of these issues. Before running any of these first disable System Restore. Control Panel > System > System Restore (disable on all drives and click OK)

Windows Defender
Adaware
AVG Anti-Rootkit


Mozilla
Adblock
Filterset.g
Flashblock
Noscript

[Courtney]

Registration Codes alone should take priority over everything else really. Since its a lot harder(read: impossible) for someone on the internet to get ownership over something material through hacking/trojans.

Registration codes are listed in you account details. You can see the code, and the date it was registered...