Hacked and I play on PS2Follow

Do you have a pc with a network setup? I really can't see how this can be done in any way... makes no sense.

Without a security token, brute forcing is much more likely to work it seems. >_<

I'd like to open by saying I've visted these forums almost daily for the past few years, but never joined. I'm not much the posting type, but really wanted to share my experience with a similiar problem.

My girlfriend and I have been playing FFXI for over 3 years now, starting back in 2006 with the Xbox 360 beta. Both of us play solely on the Xbox 360 and have never once had our characters logged in on a PC. We browse a few sites like alla, ffxiclopedia and ffxiah but that's about it. Only I know her ID/password and vice-versa. Neither of use currently own a security token.

Well yesterday (26th) she got home from work and went to log on as usual but had a message pop up in POL telling her the password was incorrect. So after a few more tries to rule out caps or typos she got on the live chat and they gave her a new password. Once she logged on her taru was stripped of all gear that could be mailed/sold and was in Mount Z with nothing more than 10k gil and 12 stacks of pickaxes and a small assortment of mining items (goblin gear, couple adaman ore and such).

She checked her house and everything was missing that wasn't rare/ex. Right down to the simple copper ring I signed for her. Even some rare/ex was tossed, like her relic RDM body (my guess is to make space for mining). Oddly enough they unequipped her shell and left it at her house (maybe to not alert LS members that something was wrong by the shell being broken?). Her mules were also stripped clean and left in Whitegate. All her Imperial Standing was gone and Gold coins had been sold on AH. We checked the delivery NPC and there were still icons of the last items mailed, but no name was present in the box. All in all we don't know exactly how long they had access. Anytime from 1-2am up till she got home at 5pm.

We are currently working on getting her character rolled back. For the life of me, I can't think of how she got hacked on an Xbox 360. Not sure what else to say, but I felt I needed to post this, if only to vent and maybe forewarn other 360 players.

-edit: Had my date off. >.<

Edited, Aug 27th 2009 6:59pm by UnicornDaniel

POL IDs are a simple combo of 4 letters and 4 numbers. If you keep mashing random combos of those, eventually you'll hit one that says "incorrect password" instead of "incorrect Playonline ID."

When that happen, log into the LS Community or SE Online, and start spamming passwords til you find one that works.

That's why the security token and one time password are so important. It prevents almost all brute force hacking attempts.

Where there is a will there's a way, and RMT will find. Even with tokens someday soon someone will find away around it. Were living in a very advanced world where people are smart when it comes to this stuff. Its just a matter of time before the tokens fault. By then hopefully some other security measure comes along to take its place for a bit. Its a rinse and repeat cycle with security it gets hacked eventually with time.

We both had signed up for the Linkshell Community Beta site back when it first came out (year or two ago?). We didn't have much use for it and abandoned it shortly after making our shell's page.

Do you think that is our weak link, despite not signing into the site for more than a year? By the way, my character is fine (Daniel on Unicorn), it was just her account that was hacked.

Could they be getting to people through the SE account site where we got our SE passwords?

That's the only place my info has been placed outside of my console.

I don't know how secure that site is from attacks.

Have you or your girlfriend gone to or visited any fake POL sites? Even though you play on console, there is a possibility that a site you may have visited in the past installed something that could easily have modified your host file so that when you wen to playonline's website, it actually takes you to a fake phishing webpage. If you entered in any of your POL ID's there, they would have your information regardless of what system you play on.

Yes, I have a pc with a network setup.



A long time ago I used the linkshell community site.



My old password was 10 character string containing letters and numbers. However no capital letters.



We have one pc hooked into a router with the router going into the modem. The ps2 is hooked into the router via an ethernet bridge from another room.

Only thing I can think of, is that I logged into playonline site to via my account info a while back (6 months or so). I also used the linkshell community when they first began advertising it but I stopped using it a long time back.

I am strictly a casual player. I play in bursts until I get bored and will take a small week or two break and then pick it back up. I have no reason to give my account info out because I'm not involved with any endgame linkshells who might need my character for any reason. Basically, I stay under the radar and I have a few long time FF friends.

I wish I knew how they hacked my account and I'm telling my story so that others may figure this out. At the very least people will know that this is possible.

I went to the playonline site then used the service and support link. It gave different things you can do and I used the special webchat. It set me up with a SE rep who basically took all my info so that they can do the investigation. They told me something should be done within 7 days and if not to contact them to see what's going on.

One time Windows Vista recognized my Xbox 360, one time it asked permission to link with it on the network. Never again will it ask... if you have a Xbox 360 and it is on a network or connected to a router, make sure no other machine on that network can see it. As for getting around the Security token wow, that's scary, time to beef up my paranoia levels on pc security.

Does anyone else play your account in your house? Do you ever visit FFXI community sites of any kind? BG, Somepage, FFXI Atlas, FFXIAH.com etc... If you answered yes to this question, do you use the Firefox browser or IE?

I'm confident that you surfed on a community site like FFXIAH.com or something and your info was compromised. You admitted you were on the Linkshell community site and I do remember them having security issues awhile back. That sounds like the cause to me.

There was no security issue on the community site. When players requested a password reset, the password was 100% predictable... as in pol account ABCD1234 had password reset to 1234. Not a very smart move by SE, because they should have known 95% of users are lazy idiots that don't change an easy password like that.

Ofcourse, then a known FFXI bad boy stumbled across that, whipped up a little script to run every POL ID from AAAA0000 to ZZZZ9999 against their default passwords and presto.

Same thing happens with bruteforcing. Since you only hit each account once, noone gets locked out. There's only 4.569.760.000 POL IDs, so if you use a botnet to spread out the load and use a list of often used passwords you will get a lucky hit once in a while. That's why you want a security token on a PS2 or 360, since it essentially makes your account 99.9999% secure against .cn farming.
PC users have trouble with the recent trojans but with proper safeguards even those problems are avoided.

There's no 100% protection, but the harder it gets the less attractive you are as a target.