We have come a long way from the days of Limewire, where every download was a dice roll between an MP3 of Cascada’sEvery Time We Touchand a virus that would make your computer usable only in name.
Thecybersecurity landscapehas changed monumentally in the last two decades, and occasionally, something as innocent as an MMORPG opens the door to nefarious business.
This is precisely what is happening inFinal Fantasy XIVafter players spotted glaring vulnerabilities introduced in theDawntrail releaseupdate.
Final Fantasy 7 Rebirth PC Features Showcased
Final Fantasy 7 Rebirth on PC will have more than just visual enhancements; it’ll even feature a way to customize the NPC count.
Asreported on Destructoid,the game made changes to the Blacklist system which inadvertently gave access to a lot more data than it lets on.
Final Fantasy XIVplayers discovered that certain plugins,like PlayerScope, allow others to see each player’s account ID on alt characters, which isa nightmare scenario for harassment and stalking.
The Final Fantasy XIV Vulnerability Explained
The current iteration of the Blacklist feature assigns a unique ID to each account rather than individual character IDs as before.
The change was introduced with theDawntrail patchin July 2024 to make it easier to block interactions from someone else as a whole, including their alt characters.
Nothing special so far, you may think. What makes the new system troublesome is the execution.
As explained byuser Forymanarysanar on Reddit,the blacklist feature inFinal Fantasy XIVworks clientside. Rather than filtering interactions on the server, it sends the full data package to you and then lets your instance of the game sort out what to show you based on your settings.
Multipleexisting plug-ins for the game can extract the account IDs of players, and doing so requires no direct interaction in-game. As explained by Forymanarysanar, “one just needs to open a player search, and the game client receives the Account IDs of everyone who is displayed.”
Delta Force Bans 1729 Cheaters In A Week After Invasive Anti-Cheat Backlash
The cheater horde persists, despite that.
Recently, another user on Reddit found that the PlayerScope plug-in could track account IDs and server retainers for players around you, and the data was stored at a centralized server.
With access to someone’s account ID, it makes it impossible to avoid stalkers by creating alt characters, as the plugins allow them to see whose account the character is linked to.
The only way to avoid getting tracked by PlayerScope is toopt out by joining the plug-in’s Discord server, a move that has caused fury inFinal Fantasy XIVcommunities.
Many are calling for the data tracking to be changed from opt-out to opt-in, while others believe the plug-in needs to be removed from GitHub altogether on the grounds of terms of service violations.
Square Enix has yet to pronounce itself on the issue, but there is fear that it may betoo late to patchasaccount IDs have been exposedfor over half a year now, with centralized databases likely to exist already.
10 Best MMORPG Raid Bosses, Ranked
Raids offer veteran MMO players a chance to really test their mettle against fantastically designed Raid Bosses. Here are the best around.
