Account hack without email access
|
Today I received this two emails:
" " Now I ask again as with my last account "freedmo" why it is possible to steal path of exile accounts without access to the email ? Before you ask: It is not possible to access to this email address. Now I also wrote an support mail. But finally you should change your security protocol. Else I will try out self how it is possible to take control of accounts without access to the email of a victim Now it is your turn to do something, example take google authenticator or something like that. It is not ok for a game studio do this like you. |
|
|
It isn't, the email change and password change both need access to an email with a link that is sent to you it can't be done another way.
Ancestral Bond. It's a thing that does stuff. -Vipermagi
He who controls the pants controls the galaxy. - Rick & Morty S3E1 |
|
|
Anyone can REQUEST a change in password for your account. The difference is that only someone with access to the email address can ACTUALLY change the password.
If your account was hacked and your password was changed (or the email was changed) it is because the hackers have access to your email address. There is no other way to get the information changed over without access to the original email account. So once again, if your account was accessed/changed at all and it wasn't by you, then someone else has access your email, whether you want to admit it or not. |
|
|
Sure it possible if they know how you algorithms is working.
If don't use a good algorithm it is your fault. Only a AES or RSA based algorithm will protect accounts safe. So check out your system. I think your system is not more safe that the problem. |
|
" As I said: It is not possible to access to that email address. Strange or not ? |
|
|
also you have opened yourself up to phishing attempts by posting your email here in a thread about hacking...smart
Ancestral Bond. It's a thing that does stuff. -Vipermagi
He who controls the pants controls the galaxy. - Rick & Morty S3E1 |
|
" Would you care to explain what you mean by "it is not possible to access to that email address"? |
|
|
I access to the mail of all game accounts via an other unused email.
Only this unused email have an password. So the game email is not access able via web or programs like Thunderbird, if you like you can self test it. But I can understand that no one trust an guy which you don't know, it is fine :). Finally you should know as computer scientist I know what I say, trust my and please check your system. But to know it fine, I will ask my provider of email who had access to the mail in the last time. |
|
" I have no idea what you're talking about. You have an email address.. with a password. I don't understand where the "cannot access" part comes in. The only way someone would be unable to access your email address is if you had a 2-factor authentication system in place and you were the only one in possession of the authentication token device. But clearly you're not saying that. Any other setup and your email is vulnerable. As a computer scientist, you should know better. |
|
|
So I will handle right now with the email support.
Later more. |
|
