Account hacked

[Datonare]

So I came back after about a week and a half to find myself with 15k gil, down from 4.7m+ and 0 shards/crystals. All gear/random items intact it seems.

I changed my password on a different computer, but I don't know how they could have gotten my password. I don't go to any shady sites nor do I share my account information with anybody.

Is it possible for a GM to find out who I traded with? I think it happened within the last 20 hours, because I should have been at 100 anima, but I was at 99 when I logged in and they must have used 6 anima to teleport me to LL (I was in thanalan.)

It was a massive blow as I've been stockpiling shards (over 300 fire crystals, 3000+ shards of various types) but I am willing to keep going. However, I don't want this to happen again (obviously.) Aside from changing my password (which I've already done) what else can I do? Should I format my HDD to be on the safe side?

[Lazytowner]

Stop looking at foot porn and you won't get keyloggers on your rig.

Helpful advice, I know. You're welcome.

[aru]

You are absolutely sure it was hacked and not somebody that you may have given your account info to?

[Datonare]

100% sure. Nobody knows my account info other than my wife.

[Zubis]

100% sure. Nobody knows my account info other than my wife.

There you have it!

[Crizto]

That's mean

[Katlan]

And why don't you have a token? I don't get why ppl don't use them in this day and age where getting hacked is so common place. Ppl can't bitch about getting hacked unless they use one

[Lucavi]

Stop looking at foot porn and you won't get keyloggers on your rig.

Helpful advice, I know. You're welcome.

But I like foot porn, dammit~!

[Yoli]

This is a really stupid question, but relevant to the thread I guess. Kind of. How do you use the security tokens? I got one with the CE, and gave up on it (without really trying). You press it, it give you a number, and I assumed you put that in the password box. Never was able to get logged in with any of the numbers it spit out for me though.

[Narol]

It goes:

Square Enix ID
Square Enix Password
One-Time Password (this has a little token icon beside it)

The SE password is just whatever password you set for your SE account. You put the token's number into the bottom one.

I think you might have to do some nonsense with enabling/registering the token in your actual SE account, if you haven't already done that.

[Jojimbo]

This is a really stupid question, but relevant to the thread I guess. Kind of. How do you use the security tokens? I got one with the CE, and gave up on it (without really trying). You press it, it give you a number, and I assumed you put that in the password box. Never was able to get logged in with any of the numbers it spit out for me though.

You have to assign/link the token to your SE account first, it should be under Services and Options tab on the website (same one you use for payments/registered codes)

[Biggie]

Hmmm.....

Why did you change your password in the first place??? Or was it after the fact?

Sorry to say, but sounds like an inside job to me... Why, you ask??

1) You logged back into the account and found your stuff missing. I have been hacked 3 times (1 ffxi, 2 wow) and know several people that has been hacked over the years. They change your password when they hack it. So when you try to log in, you can not and have to do a PW recover.

2) They left you with all your gear, items, and 15k....... Sorry that's not a gil seller... They strip you blind, all my accounts, and every account I have heard of truly getting hacked, everything was removed.

3) I go back to why you changed your password in the first place. If it was before you got "hacked", why?? Did you give out the info, and then think you should better change it?

But to sum it all up, sorry but I think this is the work of a "friend" or someone you know. Why didn't they strip you bare, why didn't they change your password?

Helpful advice to you would be to not play FFXIV.

Just spend all your time reading and posting in the FFXIV forums instead??

[xerodok]

Helpful advice to you would be to not play FFXIV.

[Datonare]

I can see how it seems like an inside job, but I really don't think it is because I haven't told anyone my account information and I use a different pw for 14 than I do for other things. And I changed my pw after the fact, not before I was hacked. About the security token, it was my fault not to use it before, but it is annoying to use. I learned my lesson, obviously, and will use it from now on.

I don't know why they didn't strip me bare, probably because it's too annoying to repair everything to trade it? lol

Don't know why they didn't jack my account and change my password.

[Datonare]

Finally got in contact with SE support and in order for them to recover my lost data (or try to) my account will need to be locked for 3 weeks... screw that, I can get back what I lost in that time... sorta ~.~

[qpoiuwer]

Just an FYI, if you never gave your password to anyone and you don't have a keylogger, the most likely cause was probably some smaller forum you signed up for using the same username/password as your SE account.

[Ezekial]

And why don't you have a token? I don't get why ppl don't use them in this day and age where getting hacked is so common place. Ppl can't bitch about getting hacked unless they use one

This,

/thread


I don't think anyone has any sympathy for you. If you had a security token then that would be a different story.

[natethegreat]

The Yubi key is a great product. Not only does it provide a means to do one time password authentication you can also store a static password. So for things that do not support the yubi key I use the static password that is on my yubi key.

I also recommend you check out, https://www.grc.com/ppp.htm

As for your questons, sorry but I think your screwed when it comes to getting your shards and gil.
Also, I do not think people would bother to steal gear. 90% of the gear is dirt cheap and wouldn't be worth stealing. Also, have to repair all the gear to trade it would seem to protect it. Plus shards would be a lot easier to fence.

I also think it quite apauling how mean everyone is being to this poor chap. He got totally screwed and a lot of people just want to kick a man when he his down.

Sorry for your losses but im sure you can recover from it. Id recommend you review your password policies increase it. Personally I have the strongest password possible. I forget what the requirments are for a SE account but I would use as many characters as possible. Also, since you have had your account compromised I woudl encourage you to add the extra proection of a authenticator.

Also, to assume the SE one time password is the best way to secure your account would be naive. Practicing safe computing and having good password would be more then enough protection. However, if you do have a one time password from SE then why not us it? I would not go out of my way to use SE authenticator.