Summary
Final Fantasy 14Patch 7.2 was supposed to fix a security flaw that allowed mods like PlayerScope to track characters without consent, but a programmer stated that Square Enix’s efforts have already been beaten. The programmer posted how they and otherFinal Fantasy 14players were able to figure out what Square Enix changed in Patch 7.2 and voiced their concerns.
Patch 7.2, Seekers of Eternity, launched on March 25 following a 24-hour maintenance period. Along with introducing the Cruiserweight tier of the Arcadion raid series and the next chapter ofDawntrail’s main story,Seekers of Eternity made several Job changes. Among the most notable Job updates, the Black Mage received faster cast times and more damage, while the Pictomancer’s burst damage was nerfed after rounds of player feedback. Patch 7.2 also attempted to shieldFinal Fantasy 14player account ID information from malicious actors via a layer of encryption.
However, Square Enix’s latest security fix has already been proven moot.In a PC Gamer interview, a programmer andFinal Fantasy 14player named NotNite shared how she and her friends defeated Square Enix’s latest security fixes. NotNite said that Patch 7.2 added a layer of network obfuscation to shield account ID information. However, the obfuscation was subsequently cracked via an algorithm. NotNite said some friends consented to testing her work, which proved 100% successful after several hours. NotNite recounted her efforts on Bluesky.
Final Fantasy 14 Patch 7.2 Security Changes Already Rendered Vulnerable
While NotNite did not disclose the algorithm used to break Square Enix’s obfuscations, she said thatFinal Fantasy 14mods that can read account ID information, including PlayerScope, will likely be updated once the algorithm is figured out. This is not the first time thatFinal Fantasy 14players have raised alarms over PlayerScope, which is a mod that tracks all characters associated with a player’s account by accessing client-side information. This could then be used by a malicious actor to stalk or harass another player.
NotNite surmised that the security changesFinal Fantasy 14made were due to potential development time and resource issues. In January,Square Enix acknowledged PlayerScope’s existenceand reiterated that mods and third-party tools are strictly prohibited by the game’s terms of service. The Patch 7.2 notes also stated that the Account ID changes would make some player names unable to be shown, but any affected entries could be remade.
Following her tests, NotNite criticized Square Enix’s efforts and stated the company should take steps to stop sending sensitive information to game clients. Between that anda wave of DDoS attacks onFinal Fantasy 14’s servers, only time will tell how Square Enix will respond.
Final Fantasy 14
WHERE TO PLAY
For newcomers to FINAL FANTASY XIV Online, this edition includes three award-winning titles - FINAL FANTASY XIV: A Realm Reborn the base game, and the first and second expansions: FINAL FANTASY XIV: Heavensward and FINAL FANTASY XIV: Stormblood. This edition also includes a 30-day free play period. Other expansions for the game include Dawntrail, Endwalker, and Shadowbringers.Join over 30 million adventurers worldwide and take part in an epic and ever-changing FINAL FANTASY. Experience all the hallmarks of the best-selling franchise - an unforgettable story, exhilarating battles, and a myriad of diverse and captivating environments to explore. Party up with friends or play solo! Experience all the main story dungeons on your own by calling upon NPC allies to fight by your side.Will you play as a healing mage or an offensive black mage? Perhaps you want to be a warrior and smash enemies in the face. The famed Final Fantasy job system lets you experiment!
