I think some of you may be missing the point here, it doesn't matter really how it was done, of course these vulnerabilities are going to be patched. The anti-virus companies are dealing with 30-40 new viruses and variants every day specifically targeted towards MMORPGs.
It's unlikely these were the only sources for the malicious code and the player base is not the only angle of attack. It is 100% certain that Square is fending off attacks every day,
EVERY MMORPG is.
For those of you with their heads buried in the sand...or any other dank dark place, there are a lot of people exchanging a lot of information in this thread. To just repeat time after time "proof or it didn't happen" and to repeat the same tired dogma "it's your own fault" would do better to put some effort into research rather than sitting there waiting for others to find it for them.
As for Taj, did he hack through the chat...probably. It isn't that hard:
Quote:
For instance, there is a known vulnerability linked to in-game player chat. If the chat environment is not isolated from the game's database and if special symbols/ commands are not checked, then a malicious user can access the player database directly from player chat either manually or by using a dedicated utility.
The hackers job is to blitz everything continuously until something gives, so everyone at some time will be vulnerable. To blame the average computer user for this is ridiculous, there is no way he/she should be expected to withstand this onslaught.
Ultimately, we need to be able to retrieve our accounts when they are stolen, we need to be able to do this quickly before the character is stripped and we need Square on our side to facilitate this.