Why is it taking so long to get compromised accounts returned?

Investigation takes time...

If you want some extra help and you're on a Xbox 360 SE can see what gamertag your account was locked to. That usually helps.

I've heard rumors that the NA staff has only 2 managers working on it and there are around 4000 compromised accounts. Many people in my linkshell call SE and bother them about it nearly daily. I think it'd be best to clear this up for everyone.
Also from what I've been reading, the account in question will be returned faster if it was compromised more recently. I've had LS members get hacked on a Saturday night. Call GM, GM immediately freeze the account, and SE return it to them by Monday. I also had a LS member who had her account hacked in early February and SE is still working at it! You'd think it would be vice versa right?
Another question was raised on my LS, this was a touchy subject in LS actually. Many people sell their accounts. After SE made this new policy, those people who sold their accounts were able to get them back by providing information. Here seems to be the dilemma for SE in this case: Someone sells their account in 2006; calls SE with old old info, SE freezes it. SE investigates and finds out it was sold to another party via chat log. Now what does/should SE do? From a business perspective, you can't just leave it alone. It doesn't make anyone money.

It's easier to return newly hacked accounts because the logs are newer and the system they added recently is able to react faster. Older accounts need more research to find the information they need to be able to act upon it.

As for sold accounts, if SE finds out that you willingly gave out this information...how and why you would do that in game escapes me at the moment...they'll just ban the account as is. SE states clearly that the trade and resale of accounts is strictly prohibited, and if you break the ToS, you get banned. Simple as that. If it's a fraud by the seller however, then it's the buyer getting screwed. But in the end, buying accounts from others is a 'do at your own risk' activity because there is *no* protection provided for those types of transactions.

Well so far there were two types of hacks I've seen so far.

1) Player has a lvl 75 job; hacker changes the following information regarding the account:
a) Credit Card Info
b) Password
c) Mailing Address.

This hacker made it nearly impossible for the player to get his/her account back.

2) Player has a highest job of 35; Hacker does the following thing.
a) Changes the password and steals everything on the account.
b) Then leaves the account alone.

This hacker didnt' see any profit from keeping the account. Not like hacker #1 did. So SE would be able to just verfie CC and Billing address and give the player a New Password.

Then again, Sevv was hacked too, and I'm sure he had 75 jobs, and I can't remeber what exactly all went down with his stuff.

The biggest problem is if Hacker #1 does sale the account, who's going to get blamed? The hacker or the Player?

My room mate's was stolen on 12-3-07, and he has yet to get his. He even got the police involved, at SE request, and they have yet to bat an eyelash at his account.

I'm sure that SE would probably only take in consideration accounts reported stolen since November 07 to now and try to return those accounts. These hacks hadn't been as many before hand.


Even accounts returned still get rehacked, dispite the players best attempts to find the program that is stealing their information. SE's techs told us to format and reinstall on his laptop to do away with any malice programs.

/sigh...

As for sold accounts, if SE finds out that you willingly gave out this information...how and why you would do that in game escapes me at the moment...they'll just ban the account as is.

Just giving an instance in which SE can very easily tell it was sold to bring up my point. I'm going to try to make a link to my website which will have the LS chat log. There was many a good question on there.

SE investigates and finds out it was sold to another party via chat log. Now what does/should SE do? From a business perspective, you can't just leave it alone. It doesn't make anyone money.

The account gets banned. Simple as that. If SE has any reason to believe an account was involved in RMT, they can ban you. There's no arguments, questions, what-ifs about it. As for your original question, you answered it for yourself in your second post. Apparently not enough work force for the amount of supposed "hacked" accounts.

Well so far there were two types of hacks I've seen so far.

1) Player has a lvl 75 job; hacker changes the following information regarding the account:
a) Credit Card Info
b) Password
c) Mailing Address.

This hacker made it nearly impossible for the player to get his/her account back.

2) Player has a highest job of 35; Hacker does the following thing.
a) Changes the password and steals everything on the account.
b) Then leaves the account alone.

This hacker didnt' see any profit from keeping the account. Not like hacker #1 did. So SE would be able to just verfie CC and Billing address and give the player a New Password.

Then again, Sevv was hacked too, and I'm sure he had 75 jobs, and I can't remeber what exactly all went down with his stuff.

The biggest problem is if Hacker #1 does sale the account, who's going to get blamed? The hacker or the Player?

My room mate's was stolen on 12-3-07, and he has yet to get his. He even got the police involved, at SE request, and they have yet to bat an eyelash at his account.

I'm sure that SE would probably only take in consideration accounts reported stolen since November 07 to now and try to return those accounts. These hacks hadn't been as many before hand.


Even accounts returned still get rehacked, dispite the players best attempts to find the program that is stealing their information. SE's techs told us to format and reinstall on his laptop to do away with any malice programs.

/sigh...

Actually with both high and low lvl accounts, the hacker would strip and steal it completely. To you it may not be worth it to have a lvl 30 character, but to RMT that's a ton of time saved so they can get into making money.

The thing is, newer hacks are easier to see in SE's records so they can fix it faster. Just like how GMs can only replace items lost within a week.

And Sevv fortunately logged in mid attack and saved his account from my understanding.

Depending on the rate of accounts SE can investigate and the amount of time it takes to investigate, how long would you say it will take for this equation to pan out? Both variables are out of our hands, but do you think this will have an impact on the development team or any other major aspect of the game's staff from getting to bigger issues that effect more people? Such as platform converting.

This sounds like a related rates problem I was working on last week in calculus lol.

The GMs, STFu and actual game developers and designers are all different teams and all work independent of each other. These people are solely focused on their own specific tasks and work on that task only. The people who program and create zone designs, monster animation and battle field concepts are not the same people who work on recovering accounts, investigating RMT or banning bots. Nor are they the ones who respond to ingame difficulties and harrassment.

These problems, though a major one to SE, are not affecting development of in game activities other then SE trying to make sure these activities can't be abused. And on that note, there is no plans to convert this game onto other platforms so that's not something that's being delayed because it's just not happening.

I don't understand how are people randomly getting hacked? Unless you download something..

Earlier today, I got a tell, along with everyone in my LS and everyone in my Exp pty, from some guy saying he was giving away his account and had a link to a website. Doesn't take much from there. Phishing is also a common way hackers got in. They are getting worse too, now they are simply selling more elite accounts. So instead of just one person getting screwed over, two people do.

For one investigation takes time....lots of time, everything cant be instant -.-

and second, if people would take better preventive measures, this would not be happening....... dont give me a sob sorry "omg you dont know anything its not always the users fault"

*use Spyware
*use anivirus
*don't use IE
*don't use 3rd party programs from random people (FRAPS is 3rd party but its from a company)
*don't fall for the obvious BS (like the tell someone mentioned above)
*dont give your info to anyone
*dont use easy passwords

if you would do all of this, it would be alot harder for someone to "hack" (and I would not even really call it hacking) your account.

I don't understand how are people randomly getting hacked? Unless you download something..


Here's how it happened. Awhile back the major news outlets were reporting a rash of hackings. We picked it up here as well. Basically, hackers wrote a script, a simple easy little ActiveX script for IE7. You pick up the script on a page, it redirects you to a page for an important component, that component gets downloaded and installed, turns out to be a key logger. That little key logger sits on your computer and is dormant until you log onto a game, like FFXI, WOW, or a small number of other online games. As soon as this happens, the key logger detects the initialization, records the next dozen or so things you type, and sends them via IE to the website you got the key logger from, or another front website the hackers controlled. So, after a predetermined amount of time, a hacker will log onto this website (or drop site if you like MI-6 or CIA terms), and pull the files. By this time, that site will have hundreds of them. Each of these files now contains your login ID and password in those first 12 lines of text you typed in. It also contains a listing of the program that initialized it, (the game). All a hacker needs to do now is fire up that game and login when you're not on. In fact, the change to the WorldPass system SE made allowing us to pick servers and change them actually made this easier to pull off. A quick switch and a name change later and there's no evidence you even existed.

This wasn't a small operation, too. I remember somewhere reading something like 20~30 thousand accounts got taken in one fell swoop. It wasn't noticed until hack reports started flooding in, either. They peppered all kinds of sites, for FFXI it was Atlas, Somepage, and others. Because the script was a small addition, many of them didn't even notice they got hacked, or assumed someone was just trying to steal data, rather than planting files.

On Diabolos Server, we lost Mystical/Sondohado. Two weeks ago, all of us on his friends list logged on and noticed it listed him as being on Titan. Worried messages went out: "Hey, you switched servers on us before our mission runs, what gives?" He got hacked. He's on Titan now, with a changed name, all 8 of his HQ elemental staffs are gone, and both his characters are empty of all sellable gear. Myst was a SMN, so lots of what he had at 75 is R/E, like his Yinyang robe, but that's still 2-3 years of work gone. He may quit for good now. What'd Myst do wrong? He uses IE7, and logged on to Atlas. Maybe his security settings were low, maybe he accepted the wrong cookie or ran the wrong script. We know what the outcome was, though.

I liken it to what happened IRL last winter with a friend of mine. I got a frantic email from him that his car was just stolen. You're thinking carjacking, but this is Utah. He left it running in the driveway to warm up. Knowing Dan, there was probably even a nice cup of coffee in the cup-holder. Long story short, they find it 2 days later in a grocery store parking lot with no gas, the rims gone, and his stereo and stuff missing. Now, I could take any last one of you from your home right now, drop you directly in this scene and you'll think he's asking for trouble. It's in the driveway, running, unlocked, and the keys are in the ignition. Any idiot sees this is a bad idea. Dan got complacent, and that's why he's buying a new stereo. Doesn't matter how good your neighborhood is, or how low your crime rate is, if you ask for trouble, sometimes it'll show up. This is the same way many of us feel when we hear you're all surfing around popular sites with IE7. Maybe you do know the neighborhood, maybe you do feel safe, but your doors are still unlocked and the engine is running. Stuff like this is bound to happen.

Besides the preventive measures that were listed above, the number one, fail safe way to stay unhacked is to simply play on a PS2/PS3. According to SE, they have yet to have ANYONE hacked from their PS2/(unofficially PS3). X-box is hackable, but very easily dealt with.

Many of us who have waited 5 months to get our accounts given back to us, have just received an email from SE. The email was the SAME exact email that was sent to us about a month and a half ago asking for our ISP, which we happily called and provided that information for then. This time after calling, they asked many of us to FAX our SS#, copy of Driver's license(which you need to get a public notary), and a copy of the credit card! When I asked why, the person on the other side just said that's how they handle things now and it was out of their hands. I told them I'd call them back sometime.
Why does SE now require you to give them a copy of your Social Security number, credit card number, and a copy of your driver's license on top of a public notary for them to verify who you are? This seems extremely leery, I don't trust my girlfriend of 3 years with that information.
My math says that this department dealing with approx. 5000 compromised accounts (highest number I've read about) has 2 managers (lowest I've read about) are incapable of handling 33 accounts per day for 5 months.
This, by the way, happened shortly after SE inc. announced it's company would split. http://www.square-enix.com/jp/company/e/news/2008/download/20080425en_32.pdf
Right now I am contemplating handing over precious information.

Many of us who have waited 5 months to get our accounts given back to us...
Don't expect a timely response from SE via this forum. SE doesn't directly answer any questions on this forum. They wait for DiV to compile a set of questions.

how can they hack the 360 version?

My Room mate got the same email again, and again they asked for his ISP. Like you, I'm guessing, his account was banned for some reason after it was compromised. When he called yesterday, all they asked for was his ISP, they never asked for all that other info.

The only reason why I can see why they would want your driver's license is to make sure you are who you are saying you are, BUT I can't see any reason why they are asking you for your SS#, that sounds too fishy. Unless that is the alternative of have your Driver's License. Alot of players, manly kids under age of 16, won't have them yet. But still, that sounds a bit extreme. Besides' it will be their parent's Credit Card they would be using, so they would have to deal with the parents.

In addition, they never asked for his whole Credit Card # just the first & Last four digits.

SO um..goodluck with that. Sorry I can't provide you with more info.

Apologies for the pseudo-necrobump, I was just curious as to whether or not anybody had any good news on this front

A few got there accounts back, most haven't. Other complications arised during the time the accounts were hacked. So that put a damper on most situations. So far we are on Month 7.