Square Enix warns users about unauthorized login attempts by a third party

Square Enix has posted a notice titled “Precautions for Guarding Against Unauthorized Account Access” on its website. A notice with the same content was also posted to the news section of the official Final Fantasy XIV community site.  

According to the notice, Square Enix is currently experiencing an attack by a third party that is trying to gain access to its Account Management System by using a combination of email addresses and passwords thought to have been obtained from the online services of other companies.

Square Enix accounts are used in a range of different online services offered by the company, including for logging into online titles like Final Fantasy XI, Final Fantasy XIV, and Dragon Quest X.

If the email address and passwords being used by the third party in its attack happen to match the combination of a user’s Square Enix account, then this increases the possibility that the third party will gain unauthorized access. Moreover, even if the email address and password combination is not identical to the one used for a user’s Square Enix account, there is still a high risk of the account becoming compromised if the password contains a date of birth or other easily discernable sequences of numbers.

Square Enix is currently restricting access to accounts that it believes may have been compromised by the attack. Any users whose account has been restricted will receive an email delivered to the email address associated with their account that includes instructions on how to reset their password.

An effective way to defend against this kind of unauthorized access is to use One-Time Passwords with your account. Those who wish to use One-Time Passwords with their Square Enix account can purchase a Square Enix Security Token from the Square Enix Store that can display One-Time Passwords on an LCD screen. Additionally, users who have purchased either Final Fantasy XI, Final Fantasy XIV, or Dragon Quest X (Japan only) can display One-Time Passwords with the Software Token app available on iOS and Android. The Software Token app is available for free and is highly recommended for players who wish to protect their accounts.

Anyone whose account for an online game becomes comprised is not only at risk of having their personal information stolen but also faces the possibility of adverse in-game consequences, such as losing items and money, or having their character deleted. There is also the danger of shared resources of guilds or other groups being stolen, and it could cause trouble for the friends you play with. Even for users who don’t play any online titles, anyone who has used the Japanese Square Enix Store, which also requires a Square Enix account, could have personal information such as names and home addresses stolen.

Square Enix also noted that if there is a continued rise in unauthorized attacks, then it may initiate a forced password reset for all Square Enix accounts. Anyone who is using the same login credentials for their Square Enix account as for another service or is using a low-strength password is urged to change their password immediately.

Written by. Marco Farinaccia based on the original Japanese article (original article’s publication date: 2022-10-07 16:41 JST)