Account hacking

Dear Kabam,

Our alliance leader’s account was hacked today. In accordance to policy, I won’t say any names, but anyone who pays attention to the very top of AM leaderboard knows who it is.

Our leader has changed his password as per your instruction, yet the hacker is still able to go in and out of his account at will, going as far as removing his account from the alliance mid-AM. And as long as the hacker doesn’t log out on his hacking device, there is apparently nothing to be done to keep him/her out in the future.

Putting aside the fact that we have lost all rewards for this AM, wasted energon and items spent on first 3 days of AM, it’s time for a serious question: If you have no easy way of allowing us to secure our account AFTER it’s hacked, why should we keep spending and investing in your game?

With the new AM map, a compromised account can cripple a whole alliance, so if my account was hacked or in danger of getting hacked, no alliance leader will want me, nor would I want to take part in AM because doing so could jeopardize rewards for everyone else.

So please tell us you are going to take this issue VERY seriously and offer us a solution if you value our business at all! A form paragraph response doesn’t cut it for this.
«1

Comments

  • If you alliance leader has questions about their account, they will need to direct their questions to our Customer Support Team for assistance.

    Contacting support:

    From your Base screen, tap the grey gear icon in the top left corner of the screen. From there, tap on the button that says “Support”. Seek your question, if you’re not able to find the answer and have more questions, touch the button that states, “Need more help? Contact us” to submit a support ticket.
  • MustangjonMustangjon Posts: 1,146
    I already contacted support and they told me to change email linked and password

    Check done it, account accessed again hours later. Follow up emails with support states they can’t do any more and your system is secure. Yet how can the account still be accessed after everything support said to do.
  • ManthroManthro Posts: 2,733
    He has contacted support, and they have tried to swap emails and reset passwords. The fact remains, as long as the thief stays logged in there is no recourse.

    Support has run him in circles, and they don't understand how to fix the issue.

    There is is more than one way to kick the guy off the account and secure it, but it will require more than just changing emails and passwords... It seems the support staff doesn't know what course of action to take despite the owner of the account detailing it for them.

    The question posed on this thread isn't about how to fix it right now, however. The question is, how can an owner of an account take back control without having to go through support for days on end?
  • I suggest each device needs an access code emailed to the email for the account. Only then with login credentials, may a new device access a player’s account.
  • I agree with you Chad. Kindly fix this ASAP dear concerned. This has really sent a shock wave among our alliance members and others. We hope this doesn't happen in the future to any of the players.
  • DavienDavien Posts: 758
    @Kabam Miike please address this. Kabam Password change already done by @Mustangjon yet the hacker is still having access to his account (likely via Google Play or Apple ID sync login). So far emailing Support did not help resolve the issue!!
  • Why is this issue being brought up now? How come this hasn’t been brought up ages ago? If it has, How come people aren’t putting their attention to it?
  • DavienDavien Posts: 758
    Why is this issue being brought up now? How come this hasn’t been brought up ages ago? If it has, How come people aren’t putting their attention to it?

    maybe because the hacker has an agenda? wants to cripple the top alliance's AM? or a personal feud towards @Mustangjon ? It's the first time we see this happening too in the game.

    As long that hacker still holds on to his login on that device he'll keep able to repeat the same process (login via Android account or Apple ID).. Unless if that session is being kicked out manually by the devs/admin that person will keep have the privilege to do so.
  • I think you would take priority in this matter seeing how the alliance only places first 99/100 times equaling large portion of contributions to your company’s employees 401k’s. Just sayin’
  • I don’t see any fair competition for OVP that’s why the above stated issue happened would be my guess. Can’t beat’em. .... cheat’em. That indeed is loathsome to whomever it was/is.
  • It is totally and completely unfair for OVP and it makes all the sense in the world that you guys are frustrated... but that doesn't have anything more to do with me and my alliance than it has to do with your barber or the mail man.
  • Faithz17Faithz17 Posts: 740
    edited December 2017
    Hope Kabam can give a better answer than just running Jon around in circles on changing his password. Believe Kabam should be able to reinstate the items that were fraudulently used in Jon’s account, and perhaps add the new OVPWR’s points to what the old OVPWR achieved in first 3 days. They should also rightfully receive their alliance mission completion rewards. The hacker should not be allowed to get away with his intention of harming Jon or OVP in this despicable manner or it would encourage him further in thinking he has succeeded.
  • Man getting Acc Hacked that sucks.
    I think there should be a option for the real owner that when he change password his should be logged out of all othere devices .
  • DavienDavien Posts: 758
    Man getting Acc Hacked that sucks.
    I think there should be a option for the real owner that when he change password his should be logged out of all othere devices .

    this would solve the issue for sure. just a simple code to enable it to take into effect.
  • DirculesDircules Posts: 509
    Chad218 wrote: »
    I suggest each device needs an access code emailed to the email for the account. Only then with login credentials, may a new device access a player’s account.
    That’s maybe a small part of the problem. This issue is that previously granted (illegitimate or otherwise) rights to access an account on a device can not be revoked by Kabam, as long as that device does not log out of the account. It will always and forever be able to get in no matter how many times you change the password or e-mail addresses. I have to admit this flaw in account security has me questioning whether or not it’s worth putting a lot of time and money in.
  • Man, now I’m feeling a little paranoid...

    Kabam, let’s get this fixed. We have some brilliant suggestions above that may help. Best wishes to those unlucky accounts.
  • DirculesDircules Posts: 509
    A device ban would work. Unlikely that the perp has more than one for this purpose.
  • YourikYourik Posts: 17
    Once Mustang's account was linked with any unknown apple ID or google play ID before, the guy can access to Mustang's account without knowing the new kaham password.

    The link with apple ID or google play ID should be cut off once reset the kaham password.

    That is the point.
  • nomisunomisu Posts: 307
    really hope kabam can resolve this. it will really impact buyers confidence, so to speak.
  • AnubisAnubis Posts: 87
    All I'm going to say is that we will all be watching closely to see how kabam handles this situation because it could happen to anyone and I would be very upset with the way things have been handled so far. #kabam you can do it!!!
  • MustangjonMustangjon Posts: 1,146
    Why is this issue being brought up now? How come this hasn’t been brought up ages ago? If it has, How come people aren’t putting their attention to it?

    Accounts can get compromised for any game or website resecuring the account usually is just a case of changing some info. Well what apparently most of us weren’t aware is after you’ve logged into an account , and never hit the logout option just close app etc. the game never needs credentials to log back in.

    So you can change linked email and or password as many times as you want but it will never be secured until kabam side initiates a kick to the account or tracks the culprit down and bans the ip/device being used.

    After about 20 emails yesterday I had one rep say account was secure with changes, another said as long as the other device has the game bound it’s not secure then a 3rd rep told me account was secure.

    Yet the account was logged in from the other device again after changes had been made

  • kranderskranders Posts: 476
    Mustangjon wrote: »
    Why is this issue being brought up now? How come this hasn’t been brought up ages ago? If it has, How come people aren’t putting their attention to it?

    Accounts can get compromised for any game or website resecuring the account usually is just a case of changing some info. Well what apparently most of us weren’t aware is after you’ve logged into an account , and never hit the logout option just close app etc. the game never needs credentials to log back in.

    So you can change linked email and or password as many times as you want but it will never be secured until kabam side initiates a kick to the account or tracks the culprit down and bans the ip/device being used.

    After about 20 emails yesterday I had one rep say account was secure with changes, another said as long as the other device has the game bound it’s not secure then a 3rd rep told me account was secure.

    Yet the account was logged in from the other device again after changes had been made

    It's unfortunate that the support essentially has no idea how the game operates, features of the game, or basic functionality. I've often gotten conflicting information for even the most basic of issues. Then you essentially get a copy/paste email from them. Considering people spend real money on this game the level of support lately is really lacking. When you clearly articulate an issue to support and they basically ignore it or can't comprehend it, there are serious problems.
  • TerminalTerminal Posts: 789
    A password change really should force a credential check across all logged in devices.

    An option to log out all devices should also be made. At the very least, the function to log out devices should be made available from the support/dev side.

    To not have this kind of basic security is a bit worrying.

    That being said, compromised accounts very rarely happen 'out of nowhere' with brute force. Generally a compromised account comes from credentials being shared with a 'trusted' individual who ends up not being trustworthy or phishing. Did you try one of those websites for unlimited gems/jewels/credits? :p (kidding)

    In either case, it really sucks, it's a terrible situation and there really should be a better system to fix and secure accounts. Not having a proper system is baffling.

    Please improve account security, anyone and everyone could have this problem.

    More troubling is I found on the mcoc forums someone having a similar issue from 2 months ago about the compromised logged in devices not being able to logged out. So it should have already been fixed by now.

    Maybe our TF team needs to have a chat with the mcoc team about how to fix it.
  • If it really is still linked to another device and thereby does not require a login, is it not possible for Kabam to logout the user from all devices?
    It simply must be, anything else would be very, very horribly made or you actually have no way of dealing with hackers at all, it can not possibly be made that stupid.
    They must have some administrative control over their users, even when they are in.
  • MustangjonMustangjon Posts: 1,146
    Danhansen wrote: »
    If it really is still linked to another device and thereby does not require a login, is it not possible for Kabam to logout the user from all devices?
    It simply must be, anything else would be very, very horribly made or you actually have no way of dealing with hackers at all, it can not possibly be made that stupid.
    They must have some administrative control over their users, even when they are in.

    I told support multiple times they need to hard boot all actively linked or freeze account or move account data over to a new account and I’ve been told each time account should be secure change your password again 3 times

  • DirculesDircules Posts: 509
    Old OVPWR got #2 in AM. What a waste of resources ... :disappointed:
  • Jay32Jay32 Posts: 166
    Dircules wrote: »
    Old OVPWR got #2 in AM. What a waste of resources ... :disappointed:

    We should still get our rewards for 2nd place. @Kabam Miike can you look into it please.
  • kranderskranders Posts: 476
    Danhansen wrote: »
    If it really is still linked to another device and thereby does not require a login, is it not possible for Kabam to logout the user from all devices?
    It simply must be, anything else would be very, very horribly made or you actually have no way of dealing with hackers at all, it can not possibly be made that stupid.
    They must have some administrative control over their users, even when they are in.

    It should be possible but you need someone from support that actually knows what they are doing.
  • DIKAIODIKAIO Posts: 18
    Interesting...
This discussion has been closed.