Two of my LS members and good friends had their accounts stolen yesterday at around 5:45 PM EST. However these were not ordinary attacks, they were different.
In about 10 seconds from "Disconnected, this PlayOnline ID was logged in from another Terminal", both of their passwords had been changed. That is impossibly fast for a human to do, so the thieves are using a program to change passwords immediately.
Both of them managed to call GMs from other characters (or have friends do so), and get their accounts locked, but because it was Sunday and they couldn't phone in, the process took too long, somewhere around 45 minutes, so the damage was definitely already dealt.
Today both of them called SE and presented their info only to be told, "The name on the account doesn't match, sorry. There is no way to change the name on the account so it must not be you."
Neither of their accounts were bought, they are the original owners and have been playing for years, their names were definitely on the account prior to the thefts. This means there is a way to change the names on accounts, and now SE is unwilling to return the accounts to them.
Update: PoL Message is unrelated
I'll keep you updated with whatever I find out.
Cliff Notes:(3:06:23 PM) Caitlyn: ok so SE sucks
(3:06:35 PM) Caitlyn: they refuse to believe that it is possible that this can happen
(3:06:54 PM) Caitlyn: but i took my CC off the account and they told me i might get charged for the server transfer
(3:07:07 PM) Caitlyn: and there is nothing i can do because i can't verify the account
(3:07:12 PM) Caitlyn: wtf is up with that
On Sunday 5:45pm EST 2 people (Servont and Caitlyn) who play on PC in my LS had their accounts stolen. None of their other accounts, or the accounts of anyone who had access to their accounts were compromised. Only these two. Servont and Caitlyn did not have each others info.
Caitlyn and Servont both exchanged ID/PW info via PM on our LS website. This was how the accounts were compromised.
The most important thing to note is that the name on the account was changed after the hacking, making Caitlyn and Servont unable to retrieve ownership.
The main point I am trying to get at here is that there seems to be a method to change the name of the owner of the account, making you unable to get back your account. The PoL message was speculation as it is unknown how the accounts were being compromised, we now know the accounts were compromised via forum PMs, so there is no exploit with PoL Messages to worry about.