Final Fantasy 14 Players Share Concerns Over 7.2 Security Change

Posted by By our-little-miss-is-home March 28, 2025 22 Views 6 Min Read
Final Fantasy 14 Players Share Concerns Over 7.2 Security Change



Summary

  • The Final Fantasy 14 Patch 7.2 security fix has already been bypassed by a programmer.
  • NotNite and friends cracked Square Enix’s security measures in a few hours.
  • Concerns have previously been raised about the PlayerScope mod accessing sensitive information.

Final Fantasy 14 Patch 7.2 was supposed to fix a security flaw that allowed mods like PlayerScope to track characters without consent, but a programmer stated that Square Enix’s efforts have already been beaten. The programmer posted how they and other Final Fantasy 14 players were able to figure out what Square Enix changed in Patch 7.2 and voiced their concerns.

Patch 7.2, Seekers of Eternity, launched on March 25 following a 24-hour maintenance period. Along with introducing the Cruiserweight tier of the Arcadion raid series and the next chapter of Dawntrail‘s main story, Seekers of Eternity made several Job changes. Among the most notable Job updates, the Black Mage received faster cast times and more damage, while the Pictomancer’s burst damage was nerfed after rounds of player feedback. Patch 7.2 also attempted to shield Final Fantasy 14 player account ID information from malicious actors via a layer of encryption.

final fantasy 14 dawntrail patch 7.2 graphics update emet-selch

Related


Final Fantasy 14 Patch 7.2 Gave an Iconic Character a Huge Glow-Up

A particularly popular character from Final Fantasy 14 reaps the benefits of the ongoing Dawntrail graphical improvements in a big way.

However, Square Enix’s latest security fix has already been proven moot. In a PC Gamer interview, a programmer and Final Fantasy 14 player named NotNite shared how she and her friends defeated Square Enix’s latest security fixes. NotNite said that Patch 7.2 added a layer of network obfuscation to shield account ID information. However, the obfuscation was subsequently cracked via an algorithm. NotNite said some friends consented to testing her work, which proved 100% successful after several hours. NotNite recounted her efforts on Bluesky.

Final Fantasy 14 Patch 7.2 Security Changes Already Rendered Vulnerable

IMPORTANT UPDATE: after a *lot* of testing and a group chat full of my smartest FFXIV friends, we have figured out the obfuscation is vulnerable, and that the account IDs are actually reversible. SE needs to stop sending the account ID entirely to clients and just set a hidden flag or something
NotNite (@notnite.com) 2025-03-25T22:34:23.484Z

While NotNite did not disclose the algorithm used to break Square Enix’s obfuscations, she said that Final Fantasy 14 mods that can read account ID information, including PlayerScope, will likely be updated once the algorithm is figured out. This is not the first time that Final Fantasy 14 players have raised alarms over PlayerScope, which is a mod that tracks all characters associated with a player’s account by accessing client-side information. This could then be used by a malicious actor to stalk or harass another player.

NotNite surmised that the security changes Final Fantasy 14 made were due to potential development time and resource issues. In January, Square Enix acknowledged PlayerScope’s existence and reiterated that mods and third-party tools are strictly prohibited by the game’s terms of service. The Patch 7.2 notes also stated that the Account ID changes would make some player names unable to be shown, but any affected entries could be remade.

Following her tests, NotNite criticized Square Enix’s efforts and stated the company should take steps to stop sending sensitive information to game clients. Between that and a wave of DDoS attacks on Final Fantasy 14‘s servers, only time will tell how Square Enix will respond.

Source link