Summary

  • The Final Fantasy 14 Patch 7.2 security fix has already been bypassed by a programmer.
  • NotNite and friends cracked Square Enix's security measures in a few hours.
  • Concerns have previously been raised about the PlayerScope mod accessing sensitive information.

Final Fantasy 14 Patch 7.2 was supposed to fix a security flaw that allowed mods like PlayerScope to track characters without consent, but a programmer stated that Square Enix's efforts have already been beaten. The programmer posted how they and other Final Fantasy 14 players were able to figure out what Square Enix changed in Patch 7.2 and voiced their concerns.

Patch 7.2, Seekers of Eternity, launched on March 25 following a 24-hour maintenance period. Along with introducing the Cruiserweight tier of the Arcadion raid series and the next chapter of Dawntrail's main story, Seekers of Eternity made several Job changes. Among the most notable Job updates, the Black Mage received faster cast times and more damage, while the Pictomancer's burst damage was nerfed after rounds of player feedback. Patch 7.2 also attempted to shield Final Fantasy 14 player account ID information from malicious actors via a layer of encryption.

final fantasy 14 dawntrail patch 7.2 graphics update emet-selch
Final Fantasy 14 Patch 7.2 Gave an Iconic Character a Huge Glow-Up

A particularly popular character from Final Fantasy 14 reaps the benefits of the ongoing Dawntrail graphical improvements in a big way.

By 

However, Square Enix's latest security fix has already been proven moot. In a PC Gamer interview, a programmer and Final Fantasy 14 player named NotNite shared how she and her friends defeated Square Enix's latest security fixes. NotNite said that Patch 7.2 added a layer of network obfuscation to shield account ID information. However, the obfuscation was subsequently cracked via an algorithm. NotNite said some friends consented to testing her work, which proved 100% successful after several hours. NotNite recounted her efforts on Bluesky.

Final Fantasy 14 Patch 7.2 Security Changes Already Rendered Vulnerable

IMPORTANT UPDATE: after a *lot* of testing and a group chat full of my smartest FFXIV friends, we have figured out the obfuscation is vulnerable, and that the account IDs are actually reversible. SE needs to stop sending the account ID entirely to clients and just set a hidden flag or something — NotNite (@notnite.com) 2025-03-25T22:34:23.484Z

While NotNite did not disclose the algorithm used to break Square Enix's obfuscations, she said that Final Fantasy 14 mods that can read account ID information, including PlayerScope, will likely be updated once the algorithm is figured out. This is not the first time that Final Fantasy 14 players have raised alarms over PlayerScope, which is a mod that tracks all characters associated with a player's account by accessing client-side information. This could then be used by a malicious actor to stalk or harass another player.

NotNite surmised that the security changes Final Fantasy 14 made were due to potential development time and resource issues. In January, Square Enix acknowledged PlayerScope's existence and reiterated that mods and third-party tools are strictly prohibited by the game's terms of service. The Patch 7.2 notes also stated that the Account ID changes would make some player names unable to be shown, but any affected entries could be remade.

Following her tests, NotNite criticized Square Enix's efforts and stated the company should take steps to stop sending sensitive information to game clients. Between that and a wave of DDoS attacks on Final Fantasy 14's servers, only time will tell how Square Enix will respond.

Rating block community and brand ratings Image
Final Fantasy XIV Tag Page Cover Art

Final Fantasy 14
Display card tags widget
MMORPG
Display card system widget
Systems
PC-1
Display card community and brand rating widget Display card open critics widget Display card main info widget
Released
August 27, 2013
ESRB
T for Teen - Language, Mild Blood, Sexual Themes, Use of Alcohol, Violence
Developer(s)
Square Enix
Publisher(s)
Square Enix
Engine
Originally the Crystal Tools engine, but currently it's a custom engine using parts of the Luminous Engine.
Multiplayer
Online Co-Op, Online Multiplayer
Franchise
Final Fantasy
Steam Deck Compatibility
Playable
PC Release Date
August 27, 2013
Display card main info widget end Display card media widget start Display card media widget end

WHERE TO PLAY

DIGITAL
Checkbox: control the expandable behavior of the extra info

For newcomers to FINAL FANTASY XIV Online, this edition includes three award-winning titles - FINAL FANTASY XIV: A Realm Reborn the base game, and the first and second expansions: FINAL FANTASY XIV: Heavensward and FINAL FANTASY XIV: Stormblood. This edition also includes a 30-day free play period. Other expansions for the game include Dawntrail, Endwalker, and Shadowbringers.

Join over 30 million adventurers worldwide and take part in an epic and ever-changing FINAL FANTASY. Experience all the hallmarks of the best-selling franchise - an unforgettable story, exhilarating battles, and a myriad of diverse and captivating environments to explore. Party up with friends or play solo! Experience all the main story dungeons on your own by calling upon NPC allies to fight by your side.

Will you play as a healing mage or an offensive black mage? Perhaps you want to be a warrior and smash enemies in the face. The famed Final Fantasy job system lets you experiment!

Xbox Series X|S Release Date
March 21, 2024
PS5 Release Date
May 25, 2021
Genre(s)
MMORPG
How Long To Beat
99½ Hours