The user WRX on EpicNPC.com that lists items and gil has obtained several items by logging onto players accounts and taking their medium/high value items and gil. I've reached out to this person who also goes by Super73#0396 on Discord and asked him to promise to stop and to share how he has been getting these passwords. I was met with no comment. EdenFFXI on eGamingSupply has also sold stolen items and I suspect, but am not sure that they are the same person or are at least using the same method to retrieve these passwords. I imagine there are various other aliases as well.
WRX is the same person who logged in Atomos' account in early February. We were down for the entire weekend looking for security flaws in the code. We did some patching but the person has still been able to get into Eden. It's not impossible, but it is likely that this is not an issue on our end. Instead our development team is in agreement that the players that are being hacked most likely have either accidentally downloaded an infected program that keylogs or reads memory, visited a website that has malicious code, or are using insecure passwords that have either been brute-forced or reused from a leaked DB table.
I highly suggest that you change your passwords immediately to a sequence of random letters and numbers and a minimum of 8 characters. Things like "Password123!" is not secure and can be cracked fairly quickly. We have added brute-force protection to our website and to our game client but account security is not something that just developers should worry about. It is something that you, as a player, need to worry about too.
I am not certain if all of WRX sells is stolen from or the result of stealing from players but here is what happens when you buy stolen items:
- RMT seller logs onto a players account and ships items. They sometimes try to hide it but we have logs for most activities and have been able to track all of the items that have been stolen so far.
- RMT buyer receives the item from the RMT and pays them.
- Victim player logs in and discovers missing items and reports them
- I look into the exchange logs and find who logged in and where the items have trailed through.
- You lose your accounts and the money you paid for it typically within a few days.