FFXIclopedia

[seraphimhunter]

I think at least one change they need to make is to make a completely separate password for Service and Support section to change your password, billing address, and credit card info. Why? Because with one password, you have access to all of that.

I was "lucky" in that only my expensive items and current gil were taken. My mules were not touched, and I was left with all rare/ex items and beast/kindred seals, and my info was not changed. But I've read a lot of posts where this is not the case.

Another problem with their customer service is that the user is at fault, no matter what. In every instance, in every case, it is the user's fault, and you are treated as such. Remember back when PlayOnline was being spammed by "third parties" that were significantly slowing down the site and causing massive disconnections? And one of their solutions was to block certain routers?

My router was one of those routers. So when I updated PlayOnline, I was getting the "please check your internet connection" error you get when you supposedly have no internet service. Except that all my PCs were functioning, and PSO was working.

They very quickly changed that update, but in order to allow my router access to the game again, I had to get the new POL update. Except I couldn't DO that because I wasn't allowed to CONNECT. I had to e-mail 4 times and got "Please ensure your network cables are properly connected" written four different ways, and called three times, and I got two people who claimed it was my ISP and was talked down to like I was some ignorant child. It wasn't until the third call where I threatened legal action where I got a real response, which ended up me having to reinstall POL entirely, which is something I could've done in the first place, but I had to go through an entire ordeal of "It's your problem, and I don't care" attitude from at least 6 different people.

My problem was a result of their negligence, and I was getting attacked for it. And this incident now was no different. I FINALLY got a real reply back two days ago, completely personalized and everything, and they suggest I (and everyone else involved) write to the Special Task Force about compromised accounts and identity theft. I have already done so, I suggest any and all victims or people otherwise upset about this do the same. Don't expect results, but I think if they get enough spam about this, a light bulb may turn on over one of their heads at least.

[Xenos_Unicorn]

If SE doesn't want to try to make it hard to steal an account, and they want all their security measures to rest on the single playonline password, they can. But understand that doing so causes stolen accounts to be more difficult to restore for the correct user, and increases the damage done to accounts by passwords getting stolen.

This is where they fail. Their desire to ignore any sense of responsibility to their customer either to prevent an account from getting stolen or to restore it once that happens IS THEIR PROBLEM. They are not protecting their own product. They are losing money with each account that gets stolen. If they don't care about losing the income of a legit paying customer then they should stop development and support for this game altogether.

I don't think you're understanding what I'm trying to say. I'm not holding SE completely responsible for an account's lost integrity. Some of that is on the user, depending on how the password was given out or taken by someone else. Some of the blame is on the browser that got exploited. SE's lack of any announcement to the rest of the player base to at least warn and watch out for this type of problem again shows poor customer service, and horrible business sense.

Accounts are being stolen because of the actions of the account holders NOT SE. You share your login - it's your fault. You use third party software - it's your fault. You have an open unsecured internet connection - it's you fault. Nothing on the part of SE is causing accounts to be compromised. If your login isn't hijacked you don't have your account stolen. It's really simple logic. Expecting SE to restore what was stolen when YOU compromised your login is like expecting an apartment complex to buy you new furnishings if you leave your apartment key on a park bench and you get robbed.

I don't get how some people actually believe everything in life that sucks is somebody else's fault and the world just owes them. Oh well. I kept my information safe so I'm going to play some FFXI.

[Rylan]

If SE doesn't want to try to make it hard to steal an account, and they want all their security measures to rest on the single playonline password, they can. But understand that doing so causes stolen accounts to be more difficult to restore for the correct user, and increases the damage done to accounts by passwords getting stolen.

This is where they fail. Their desire to ignore any sense of responsibility to their customer either to prevent an account from getting stolen or to restore it once that happens IS THEIR PROBLEM. They are not protecting their own product. They are losing money with each account that gets stolen. If they don't care about losing the income of a legit paying customer then they should stop development and support for this game altogether.

I don't think you're understanding what I'm trying to say. I'm not holding SE completely responsible for an account's lost integrity. Some of that is on the user, depending on how the password was given out or taken by someone else. Some of the blame is on the browser that got exploited. SE's lack of any announcement to the rest of the player base to at least warn and watch out for this type of problem again shows poor customer service, and horrible business sense.

Accounts are being stolen because of the actions of the account holders NOT SE. You share your login - it's your fault. You use third party software - it's your fault. You have an open unsecured internet connection - it's you fault. Nothing on the part of SE is causing accounts to be compromised. If your login isn't hijacked you don't have your account stolen. It's really simple logic. Expecting SE to restore what was stolen when YOU compromised your login is like expecting an apartment complex to buy you new furnishings if you leave your apartment key on a park bench and you get robbed.

I don't get how some people actually believe everything in life that sucks is somebody else's fault and the world just owes them. Oh well. I kept my information safe so I'm going to play some FFXI.

Sure -- and I bet its the fault of the rape victim for wearing a too short skirt too, huh? If she was wearing a longer dress, she wouldn't have been raped, eh?

So -- you won't mind if I jack your information, credit cards, etc then?

[Cubia]

Sure -- and I bet its the fault of the rape victim for wearing a too short skirt too, huh? If she was wearing a longer dress, she wouldn't have been raped, eh?

well put in context of the current argument. You left your butt hanging out, someone took it. Sooo afterwards, you would want to start a post demanding the skirt manufacturer to make safer skirts.

[Rylan]

Sure -- and I bet its the fault of the rape victim for wearing a too short skirt too, huh? If she was wearing a longer dress, she wouldn't have been raped, eh?

well put in context of the current argument. You left your butt hanging out, someone took it. Sooo afterwards, you would want to start a post demanding the skirt manufacturer to make safer skirts.

Actually -- I'd rather want someone to do something about stopping stuff like this from happening.

People are going to find ways around security. Its happened before, will happen again.

What I don't see is why people are up in arms about SE for making additional ways to verify an account so it can be recovered if it was stolen.
You'd be pretty salty if I managed to hack your password, change the billing information on your account, and then be told you need to verify my new information. Which you couldn't.

So, what I'm saying: have a little sympathy for the poor saps who this happened to. Yeah, they were stupid for browsing insecure. Does this mean they deserve to have their money wasted for this happening to them. No.

SE is dumb for the way they verify the accounts. They can be more flexible (verify previous billing history, content keys, etc.)

Microsoft is dumb for making an insecure browser.

The people you guys should really have ire for is the bastards who are actually stealing this information.

[Althalus]

Accounts are being stolen because of the actions of the account holders NOT SE. You share your login - it's your fault. You use third party software - it's your fault. You have an open unsecured internet connection - it's you fault.

Yeah, but sometimes people do make mistakes.
Yes, the fault is theirs.
Yes, they shared their login, used third-party software and/or maintain an open, unsecured internet connection.
And yes, they reap the consequences.

But those consequences could have been circumvented if Square Enix had provided their clients with a simple "verify old password/credit details before changing to new password/credit details" form.

Like I said initially, my gmail account has that, and i pay nothing to use gmail. Like everyone reading this, I've put my money, time and effort into this game, and I expect at least some form of resistance by Square Enix against these account thefts.

It's my fault if I compromise the integrity of my account's security, but that shouldn't mean that in the event my account does get hacked, I lose everything and am unable to even get my character back, despite verifying my old details and game codes stolen.

All we're asking for is a bit of added security for a game we have spent umpteen hours on. Square Enix has an obligation to protect the information we give them. Part of that protection should include verification of old details before updating/altering them.

Internet security of the simplest variety.

[Lambtor]

If your login isn't hijacked you don't have your account stolen.

True. Like I've said, if SE doesn't consider it their problem, they're going to lose massive amounts of business. SE is in the business of making money. Letting accounts get stolen and not restoring them for the correct owner (or in most cases even allowing access to them) without being dragged kicking and screaming or threatened with legal action is bad business. How difficult is this to understand from a business standpoint? You think RMT are really going to pay to maintain these accounts > 1 month? no; sell the non ex stuff, and cancel the account when you're done with it.

imagine being part of say, a monthly book club. you pay each month and get a book in the mail. one month you notice you don't get a book. call the company and they say "mailman musta stole it, not our problem. maybe it wouldn't have gotten stolen if you lived in a neighborhood where the mail people didn't steal". no offer to change mail carriers, or insure the package they send, or put the book into different packaging. what's an attitude like that do? it makes your subscriptions go away. it puts you out of business, which honestly, is the way it should be. if you don't want to cater to your customers you don't deserve to be in business.

I also like the assumptions made about those who had accounts stolen. "well if they got screwed it's because they're RMT or cheaters."

It's my fault if I compromise the integrity of my account's security, but that shouldn't mean that in the event my account does get hacked, I lose everything and am unable to even get my character back, despite verifying my old details and game codes stolen.

This is the essential point. SE needs to realize real soon that the #1 rule in business is "take care of the customer".

[Xenos_Unicorn]

This is the essential point. SE needs to realize real soon that the #1 rule in business is "take care of the customer".

Something occurs to me here in addision to what I've said. Why don't all you SE bashers put your money where your mouth is? If you actually believe the slander you're posting then take actions that follow your words. Another way to put it is "talk is cheap". No reason to hold yourselves in a situation that you are not happy with. Also, why invest more time in a game that you believe isn't protected well enough?

[Daremo]

Yay, let's encourage people to quit playing so the population drops and the servers are shut down.

Or let's not.

Exactly what is unreasonable about asking SE to NOT make recovering your account a nine day trek through hell?

[atalantia]

Some of the replies here just make me want to scream.

Thank you Daremo, I wouldn't have worded that so nicely.

The problem many people don't realize is that most of the players want two things --

1) To not lose their accounts after putting YEARS of work into them. We don't want to quit b/c SE screwed up. How is that different than having our account stolen?
2) Want some assurances that SE is doing all they can to help us prevent this

Banks and Credit Cards are held to some standard for identity theft, why shouldn't SE, since it is a form of identity theft. In most cases, banks will return everything taken if your card is stolen, credit cards won't charge you for bad charges.

I'm wondering if the responses would be different if the posters on this board were the primary targets. While there are a good number of people who have a lot of experience, many (most?) of the people who post here don't even have 1 lvl 75 job yet. The BG forums were crying for blood because the sites they visit were attacked.

What if the wiki were the primary target and half the people who use it were infected? I'd bet that the posters here would be screaming for blood. According to the stats, that's about 200,000 people who could have had their accounts stolen (which is btwn 25 and 40% of the entire player base). Its very easy to take the high-and-mighty stance when neither you nor anyone you know had their account stolen.

Should we blame the guy who had his credit card statement stolen from his mailbox while he was at work for identity theft? What if the thief had broken the lock on the mailbox to take it?

The absolute minimum that SE should do is post a message on playonline.com, and in the 2 message windows that nobody reads saying something like "We are aware of a virus-based attack on POL IDs, the problem is being investigated. We recommend everyone run a good up-to-date virus scanner and anti-spyware ASAP". SE has decided that if they ignore the problem, it will go away. SE should be leading the charge against this, not the player community.

But some of the ones affected are the trailblazers -- the first ones to 75, the ones who are willing to spend their money to figure out the new activities, people with really large sums of money and large value non-ex items.

[Lambtor]

SE should be leading the charge against this, not the player community.

QFT.

[Kin]

What if the wiki were the primary target and half the people who use it were infected?

Actually, I saw a FFXIgil ad on Wiki the other day, and Firefox blocked some pop up. Don't know if that should be looked into or not...?

I agree that SE needs to tend to its customers. Of course SE is not at fault, but then, the players aren't entirely at fault either. Sure there are a million viruses, trojans, malaware programs, and all sorts of horrendous things, but before this scare, I personally went unprotected into the internet world. I have nothing to worry about; I don't do banking or anything with personal and private information on this computer. It wasn't until some of my FFXI friends lost accounts because of sites I visited daily that I began to panic. Even now I worry about programs not finding the key logger and warning me about it. (Adaware, Spybot, and AVG fail, I'm sorry. They often don't find the dangerous thing you're looking for, and if they do, they don't delete it.)

I suppose I was lucky because I hadn't used anything but Wiki before the attack. But, with Wiki also supporting the Google Ads (which always have "30% discount on gil!" everywhere), it's only a matter of time before this base is hit, too.

And SE won't care.

[Eltoshan]

... have a little sympathy for the poor saps who this happened to. Yeah, they were stupid for browsing insecure. Does this mean they deserve to have their money wasted for this happening to them. No.

SE is dumb for the way they verify the accounts. They can be more flexible (verify previous billing history, content keys, etc.)

Microsoft is dumb for making an insecure browser.

The people you guys should really have ire for is the bastards who are actually stealing this information.

Well said, Rylan. Whatever happened to pursuing the thief instead of the victim? Seems like another shred of Corporate Globalization has entered our lives... Again.

[liandras]

So my friend just got caught by the new rounds of Key logger ads... They abducted the character, dumped EVERYTHING, left it on ragnarok.

I can only assume they were about to change the password but were beat to it.

This is highly frustrating, reading these notices on various forums and having to log out and scan ones computer thoroughly JUST incase they circumvented the precautions you've put in place.

SE is it too much to ask to have you require me to enter my first pets name, or My favorite food.. Or the Day I lost my virginity or something of in consequence that no one but I would probably remember?

Yeah I'm beating the dead horse... yeah poor mare.. but this is getting ludicrous now. Even if we AREN'T using third party programs, visiting fan sites that are linked to on POL itself.. we can get nailed with a key logger and accounts taken without notice.

Come on.. Step up SE. I got a lot of gear I'd miss, and a Lot of money your stock holders might miss as well (all $20 bucks of it.. Lulz)

[avanent]

The current set is affecting people on alot of games, not just FFXI, but WoW as well as other games. The current one is a flash error. I think it would be nice if you could set your account to only be logged in from your ip or ip region. Ie, if I like in new york, some one in china, or canada, or even new hampshire cant login to my account if I so choose to have this security option activated.

I imagine this could be done, but I dont know how expensive it would be.