Shopping Cartjtbrown51: Going after the plugin author isn't going to stop the exploit. The problem is that the game client makes account IDs easily accessible. That's a Square Enix client vulnerability.
kman6004: This is such a nothingburger of a response. They aren't going to do jack shit to stop this. At least, this response doesn't actually confirm any actions will be taken at all.
AwesomeArgonanth: This is weird to me as a software dev. It's their fault for exposing this information to the client. If they don't want information getting leaked... stop sending that data to the clients... The solution is on their end and the problem is something they caused with their really shitty design.
TheFirstWarden777: Well the idiot was trying to force people to join his Discord to opt out of being stalked so maybe they found out who he is through that method idk.
Ardethdelumière: It's like what you said you can't even explain it in a way where it isn't a creepy stalker addon.
pedromoreira6218: The issue was reported and they chose to release it anyway, DT in alot of ways has exposed how lazy they have gotten apparently there's an EU law that opens them to being sued(not sure if this one is true or not so dont quote me on it but still) if this happens how do you get to this point I never thought I'd see this game take such a huge nose dive.
The reason they don't wanna do anything is cause if they block all plugins and mods they cut the games population by at least half
jamesvari4332: Yoshi-P Is NOT Taking Action Against FFXIV Stalker Plugin could also have been the title.
Lucien_Crow: Eh, SE/Square won't do anything as they always haven't. Y'all remember the billboard with data mined items on it before release? nothing happened.
hallo-mt5tx: tldr: "we will sue a random guy who decided to exploit a vulnerability we introduced to our client. please stop talking about the vulnerability."
Null_Experis: to everyone saying "SE won't do anything", well, they HAVE TO now. Japan has laws against cyberstalking and bullying. EU does as well, as does several American states.
SE has a lawful obligation to prevent harassment online, which would include blocking access to personally identifiable information such as account IDs that could be tied to a person's identity.
fredy2041: If SE takes it as seriously as Nintendo, you can be very sure the guy will be like overcooked. Btw, correction about the feedback send back on DT's release. The response was "we adressed the issue and we are looking into it" and up to this day it was not fixed. No that "we don't care, there are no problems with the BL". It was neither ignored nor said that they aren't doing anything
Jp96115: "Please don't do that" WTF is that answer! So fking lame, the mods have gotten out of hand, its time for some sort of anti-cheat, the amount of plugins for raids is crazy too, like you dont even had to think or care for the mechanics the plugis do it all for you even your rotation. Why raiders ask for harder content when they dont even play it how is ment to be played?
I finished the raid like 5 months ago and quit, didnt came back for fru bc im not that good or maybe i just dont have the plugins to be good XD
Man i cant wait for the moblie version where is zero shit like this!
YoWABBiiT: If it shows player account IDs, it essentially has part of your login credentials. Account IDs and usernames from a cybersecurity standpoint are part of login authentication protocols used in multi factor authentication.
Something you know (Usernames, passwords, pins…etc)
Something you have (Token, Authenticator app, phone…etc)
Something you are (Fingerprint, Face ID, Iris scan…etc)
Essentially, someone out there can get access to at least one of three factors. Seems like a lawsuit might be in the works bc SE can’t enforce their own policies.
davidepannone6021: This is like putting a band aid over a 12 inches cut lmao. Imagine saying instead of "we'll sue the creator and please stop using it/talking about it" he'd have said "we will immediately look into resolving the issue of this privacy vulnerability and we will make sure something like this will never happen again in the future."... Yeah, imagine.
muovikallo: SE's stance on third party programs is as meaningless as Russia's red lines.
d0tsf0rlife: They could easily go after the guy but considering the time and resources it would take, I imagine they'll just adjust some code somewhere and move on and hope the warning will be enough to handle the rest.
Aurainmaker: The two actions listed would be fine, useless but fine, if they also acknowledged they need to work on changing the fact they're broadcasting this information unprotected and they will change this when possible.
They're not accepting any culpability for the security of your information here, which makes you question the quality of the rest of their data security for your data.
Raven3557: suing doesn't solve the problem that the info is easily obtainable , another plugin similar will appear
DatalusGrimm: With GIT hub they know their home IP address... EVERY commit (upload of a version) has both the user's IP >AND<
N3k0G4m1: I think they've done it as efficient as possible, but efficiency doesn't mean safety. Code could be so efficient if ppl wouldn't always try to misuse it for profit or to harm others...
squaresided: Empty threats. They don't want to crack down on plugins because they'd lose half their subs. It's the state of the game right now. I wish they did but they still kind of somewhat like making money.
Aegea291: Surely the first thing they should do is patch the game so this data can’t be accessed with addons?
I’m not sure at this point it’s that they don’t care about addons - it’s probably more like they can’t stop them without rewriting the client and how it interfaces with the server. And it feels like they won’t ever do this unless something severe happens which forces them to.
jetstream9362: "I don't believe a team that can't even fix the friends list could sue anyone"
Do you think it's the game team that handles lawsuits? Just because you're dissatisfied with the state of the game (as is every creator during a .1 patch), doesn't mean that all of square enix is incompetent, nor the likely private investigators and lawyers funded by a massive company that now has to act given that Japan, Europe, and several states in the US have anti-cyberstalking laws.
"how are they going to find the guy"
Oh idk maybe cause he posted it publicly on GitHub, which like many companies has to comply with subpoenas and legal takedown requests. Valve sent legal requests to Github to remove a commonly distributed TF2 hack, and it worked, the account was banned, with not very much fuss. What's the difference here?
Also, like Idk man, you've said you're pretty stupid a lot of times and you managed to sue a guy and get a default motion from a judge. Granted he was a crazed schizophrenic who never covered his tracks but still, imagine what a team of private investigators funded by Square Enix could pull compared to how much evidence you pulled from your Desolance lawsuit?
No matter what your take is on CBU or Square this week, creating malicious software that interacts with a company's software, no matter how easy the vulnerability is to exploit, makes the company in the right to find and take legal action on you. Yeah, the blacklist was made in the easiest, least secure way to ensure speed and usability, but that doesn't change the fact that the person to blame is still the plugin developer and I'm sick of people acting like this is exclusively SE's fault like they made the plugin themselves. This isn't like New World where a new exploit found exclusively by using only the proprietary software allowed you to say, crash somebody else's game. This is a third party creating malicious software to bypass a system to avoid contact with undesired players, and yet it's being framed entirely as an issue on the game creator's end?
Additionally we don't know what other new features are planned based on that new user ID and we don't know what effects changing the IDs would have nor do we know how rough moving the system server side would be on the system.
The blame they have is the vulnerability and we can criticize it further if they don't fix it. Currently we can say they fucked up and the guy who made the plugin should take 90% of the ire. People are just afraid to criticize plugins and are in a state where you're not allowed to think anything positively about SE even if the positivity is the benefit of the doubt. This has been the norm since at least 6.1 since everyone in the 14 community, be it content creators, raiders, casual or otherwise, have all united to blame CBU and SE for every little hiccup, inside or outside of the game.
I never engage with the 14 community cause it's nothing but spoiled brats who complain that it's never enough and typically I keep my distance, but I'm just so sick and tired of everything somehow being blamed on the team even when it's clearly not. It's like that meme of the planet blowing up with the caption "somehow trans people gotta be behind this" but it's how all you fucks talk about this game and the honest to god passionate people who work on it.
dwaynepipe300: I have a feeling that the cloud of darkness party I joined and got kicked 30 seconds later was the leader using the stalker tool. The party description was "at least 10 clears no mistakes" or something like that.
So the reason I believe I was kicked was because I have my FF Logs set to private. I dont want to debate why I will always keep it that way but I think it is 100% valid.
Me personally, I have to guestimate that my clears of that fight are probably between 50 - 80. Point is, I am competent, but kicked because I choose not to be judged.
That's just not right.
flowerloverbaka8203: this is if anything else a major L for SE, they present us with a nothing burger instead of fixing the actual problem... DT has showed us that SE is getting lazy in an excessive amount
lordvader4526: Bungie has sued hackers for millions of dollars. There's a way to find the author and pursued legal action, I can totally see them do it
Jan 27 2025
USD 
EUR
GBP