Yeah, i saw that. Apparently the servers SE programmed are so incredibly trusting of whatever information gets send from the client that they blindly accept it. It's incredibly stupid and it's the first thing they should program.
Server: Hello "player 100000", would you like to buy that bonechip from "player 100000" for 3 milion gil off the marketplace?
100000: But i'm not player 100000, i'm player 100001.
Server: Alright then, i'll take 3 milion gil from player 100001 and add one bonechip to their inventory!
...
Server: Hello "player 100000", someone bought your Bonechip off the marketplace for 3 milion gil!
Eventually they're going to come across the ID with blind number guessing of a GM with infinite gil and we can all come back when 3.0 comes out.
Seriously, doesn't SE think about things before they code them into the game. People were already able to spoof false "Quest completed" prompts from the server, and they said they fixed it. This was the most logical step, but it seems SE's servers are as trusting as ever.
Also see:
"Hey server, i'm not standing over here, i'm standing over there" - Teleport hacking
"Hey server, my maximum run speed is actually X you know" - Speed hacking
Most likely things to follow:
"Hey server, this bonechip in my inventory is not a bonechip, it's actually a sack of Gold Allegan coins x99" - Inventory spoofing.
"Hey server, person X that came to take a look at me is actually a banned player. Didnt you know? Now you do" - Banning/Unbanning
"Hey server, player Y bought gil off my website, instantly add 3 mil to his Gil amount, would you?" - gil hacking
Seriously, i dont care if SE has to shutdown for a week over this. A server this trusting of whatever information the client sends it should be fixed ASAP.
If they get banned now, they'll just make a new account and do the same thing in seconds again. And it will be atleast a week of free-roaming before SE finds out again.
Edited, Nov 8th 2013 10:37am by KojiroSoma