Square Enix warned Final Fantasy XIV players about attempts to breach the game’s security and advised vigilance on the part of its player base. According to an update on the Lodestone community site, unspecified third parties are behind a spate of FFXIV account hacking attempts.
According to the news post, the FFXIV account hacking attempts are targeted at the overall Square Enix Account Management System. The hackers are using email addresses and passwords “obtained from other online services of other companies”. Essentially, the hackers are trying out passwords obtained from data breaches of other companies to see if anyone has reused their password for their Square Enix or FFXIV account. Hacking a reused password requires very little technical skill or resources, and can be an efficient way of gaining account access by exploiting a user’s carelessness.
As a precaution, Square Enix advised players to reset their Square Enix passwords. It will restrict accounts it suspects have been compromised and notify their owners via email. Users who notice their accounts have been restricted can learn more at this link. Square Enix warned that if the cases of Square Enix and FFXIV account hacking continue to rise, it may consider initiating a password reset for all accounts as a precaution.
Additionally, Square Enix advised using its One-Time Password system. The Square Enix One-Time Password system is a multi-factor authentication system used for Square Enix accounts, including Final Fantasy XIV. It uses a smartphone app to generate security codes that must be entered at the point of login. Multi-factor authentication makes it more difficult for unauthorized users to gain access to your account because they’ll need to compromise more than a single point in order to take control.
Final Fantasy XIV is available on PC, PS4, and PS5. Multi-factor authentication and password management systems are available from many companies, including Google, Microsoft, and Apple.
