Two of my LS members and good friends had their accounts stolen by RMT yesterday at around 5:45 PM EST. However these were not ordinary attacks, they were different. Smarter, faster, and at this point they don't seem to be from keyloggers (though that is still the most likely case).

In about 10 seconds from "Disconnected, this PlayOnline ID was logged in from another Terminal", both of their passwords had been changed. That is impossibly fast for a human to do, so they are using a program to change passwords immediately now.

Both of them managed to call GMs from other characters (or have friends do so), and get their accounts locked, but because it was Sunday and they couldn't phone in, the process took too long, somewhere around 45 minutes, so the damage was definitely already dealt.

Today both of them called SE and presented their info only to be told, "The name on the account doesn't match, sorry. There is no way to change the name on the account so it must not be you."

Neither of their accounts were bought, they are the original owners and have been playing for years, their names were definitely on the account prior to the hackings. This means the RMT have found a way to change the names on accounts, and now SE is unwilling to return the accounts to them.

Other peculiarities were that one of them received a PoL message immediately prior to the attack, upon looking at it, it was empty. Completely empty, no from, no message at all, just completely blank. I'm asking the other if it was the same case, but if it is, this spells for an extremely deadly new form of attack. If that was how they were hacked, there is a vulnerability in PoL messages to buffer overflow attacks (maybe). I'm not the greatest with PoL.exe, but considering Taj's malformed character exploit which DC'd players, I'm inclined to believe it is possible.

If you get a PoL message, I would urge you not to open it until this is resolved as either impossible or fixed.

I'll keep you updated with whatever I find out.