Re-authentication post credential change

My account is still being sabotaged even after kabam recommended solution of changing email and password.
I did let the support personnel know that just changing my account credentials won’t help as if the other person has me logged in from another device, that device won’t prompt a re-login unless the person signs out of the account himself.
But all this explanation is going in vain. I been trying to get them to unlink all devices from my account and they come back with saying they can’t do this.

Am not sure how you design a server which requires login credentials but once the acc is linked with a google play store account or an iTunes account, the server doesn’t require re-authentication once login credentials have been changed. That’s basic login authentication.

The pathetic person who has been logging into my account has been relentlessly logging me out of my own account. Finally I had to take myself out of the alliance so that none of my team members are impacted.

Kabam you need to find a resolution for this today. I need all devices linked to my account kicked. So that the next time the person tries to acces my account atleast your dumb server will ask for authentication.

Regards,

XHiBiT
«1

Comments

  • that1guythat1guy Posts: 374
    Kabam needs to work on their support to stop giving such uninformed responses and actually investigate the issues that players come forward about account security. It only further discourages players to not invest in their accounts due to the lack of faith and trust in Kabam's support system as well as account security system.

    If accounts are being breached as easily as this, then what's the point of playing high level AM if the cheater or hackers continues to get away with crap like this, while honest players are left in their wake?

    This needs to be addressed as the integrity of the game is at stake.
  • Such a response from Kabam is both hilarious and incredibly frustrating. Obviously there is -something- Kabam can do to help in this situation. They have done it before.

    Why do players have to work and work and work to get any helpful solutions to issues? Kabam Miike can't be the only path to getting anything accomplished, or he's just going to rage quit one day :p

    The fact that there is not a fairly simple way to sign out of all devices in concerning. Yes, this is just a game. But some people spend quite a lot of time and/or money in this game...

    If there isn't a way to have players select a "sign out of all devices" button, can we have logins expire after a certain time and people have to sign back in?

    I hate Game Center in iOS anyway, but thats not Kabam's fault :)
  • .Wake up kabam.
    This is serious and worrying issue. Players spends lot of real money nd time in these accounts. Security of the player accounts should never be taken lightly. And if something suspicious is reported to the support then it must be dealt immediately.
    @Kabam Miike
  • DirculesDircules Posts: 509
    Please @Kabam Miike you seem to have the Dev team fix this before for someone else. Need answers and official announcement on exactly what will be done about this and when it will be implemented (I expect it can take time). Before next AM and bot release. Otherwise, well, games been fun and money was burnt, but I’ll go somewhere else. Basic account security such as invalidating every single previously authenticated credentials upon a password change should have been in place before you even let a single person register. It is unfortunate that it comes to light like this, and circumstances under which allow it to happen may be against strict readings of TOS, it is no excuse that accounts cannot be un-compromised by support staff, or by simply changing password.
  • Your own fault for giving away your log in details. Kabam shouldn't care.
  • Let me guess... you also give your Bank PIN away and then complain when you get money taken out of your account...
  • DirculesDircules Posts: 509
    Keymaster wrote: »
    Let me guess... you also give your Bank PIN away and then complain when you get money taken out of your account...

    I totally would if that kept happening after I change it.

  • KingChris2KingChris2 Posts: 101
    edited December 2017
    Keymaster wrote: »
    Let me guess... you also give your Bank PIN away and then complain when you get money taken out of your account...
    :D :D :D
  • TerminalTerminal Posts: 789
    I 100% agree that account security and authentication should be stronger, old credentials should definitely not be able to keep accessing an account.

    That being said, I have zero sympathy for people who are in this situation because of sharing their account. If they followed the rules they wouldn't be in this situation. Account sharing is violation of the terms of service.
    account sharing is also a violation of our Terms of Service. Giving other players access to your account not only tips the balance and fairness of the game, but is also reckless and can result in negative effects for you. The account owner is responsible for their own account’s security, and for any actions taken in their account regardless of who took those actions. Sharing your account in order to gain an unfair advantage is strictly prohibited.

    Each of these cases are handled differently. While account sharing can still give players an unfair advantage and is not allowed, many players simply do not understand that this is a violation of our ToS. After explaining why this is not allowed, most players will understand why this is unfair to other players. For this reason, we generally opt to give a temporary ban as a warning for account sharing, with a permanent ban being handed down if there is a continued pattern of this behaviour following the warning.

    Here we have discovered that some of the strongest accounts in the game (multiple R5s) have done something that gives an unfair advantage. So I wonder, did these account sharers receive any action like a temporary ban? What is the full extent or limit on what they've done in terms of unfair advantage? Did someone else play RoC for them? Does someone log in and do AM for them when they sleep or are busy? Get them extra arena points? Who knows where it started or stopped.

    Where is the consequences of ToS violation?
  • MustangjonMustangjon Posts: 1,146
    The issue at hand is resecuring an account people are already straying from that.
    No one has any clue who is accessing these accounts how they are doing it or if they ever had info. Kabam hasn’t stated any names or done anything to culprits

    As in the far fetched comment above if you change your bank account pin and someone can still take your money are you not going to be demanding change from your bank?
  • Last login is 48 mims ago so someone still playing
  • Terminal wrote: »
    I 100% agree that account security and authentication should be stronger, old credentials should definitely not be able to keep accessing an account.

    That being said, I have zero sympathy for people who are in this situation because of sharing their account. If they followed the rules they wouldn't be in this situation. Account sharing is violation of the terms of service.
    account sharing is also a violation of our Terms of Service. Giving other players access to your account not only tips the balance and fairness of the game, but is also reckless and can result in negative effects for you. The account owner is responsible for their own account’s security, and for any actions taken in their account regardless of who took those actions. Sharing your account in order to gain an unfair advantage is strictly prohibited.

    Each of these cases are handled differently. While account sharing can still give players an unfair advantage and is not allowed, many players simply do not understand that this is a violation of our ToS. After explaining why this is not allowed, most players will understand why this is unfair to other players. For this reason, we generally opt to give a temporary ban as a warning for account sharing, with a permanent ban being handed down if there is a continued pattern of this behaviour following the warning.

    Here we have discovered that some of the strongest accounts in the game (multiple R5s) have done something that gives an unfair advantage. So I wonder, did these account sharers receive any action like a temporary ban? What is the full extent or limit on what they've done in terms of unfair advantage? Did someone else play RoC for them? Does someone log in and do AM for them when they sleep or are busy? Get them extra arena points? Who knows where it started or stopped.

    Where is the consequences of ToS violation?

    There are some people that pay others to do Rok, spotlight mission, or pay to do AM for them, but don't tell Kabam about it they don't know that. ;)

    Yes, there should be better security on account. For someone that never share account, because most of them is connected when my personal email. Is really concerning that someone can stay long in forever on different device. Hearing people that they should change security to another security is not that easy, it can take awhile for them change security. Kabam could do is to unlink any other device that the user is not log in.
  • DirculesDircules Posts: 509
    Terminal wrote: »

    Here we have discovered that some of the strongest accounts in the game (multiple R5s) have done something that gives an unfair advantage. So I wonder, did these account sharers receive any action like a temporary ban? What is the full extent or limit on what they've done in terms of unfair advantage? Did someone else play RoC for them? Does someone log in and do AM for them when they sleep or are busy? Get them extra arena points? Who knows where it started or stopped.

    Where is the consequences of ToS violation?

    Excellent topic, for another thread. This one is about being unable to secure accounts.
  • TerminalTerminal Posts: 789
    No one has any clue? lol please, acting so innocent and clueless, I guess you forgot you already admitted to sharing your account in another thread.

    Re-securing an account, I addressed in my first sentence.

    Although proper re-authentication protocols should be implemented, bottom line is, this problem only exists for you guys because of violating the ToS, which means you don't have clean hands. The way I see it, dirty hands are not really in a position to make such complaints and demand anything. Sharing your account "can result in negative effects for you", and here we are, the consequences of your actions.
  • Regardless of how it happened there should be an SOP in place for just these types of issues. This isn’t kabam only game and I know this isn’t their first time dealing with the issue. Handle it please so that we can feel secure in our investments into this game.
  • that1guythat1guy Posts: 374
    edited December 2017
    Terminal wrote: »
    No one has any clue? lol please, acting so innocent and clueless, I guess you forgot you already admitted to sharing your account in another thread.

    Re-securing an account, I addressed in my first sentence.

    Although proper re-authentication protocols should be implemented, bottom line is, this problem only exists for you guys because of violating the ToS, which means you don't have clean hands. The way I see it, dirty hands are not really in a position to make such complaints and demand anything. Sharing your account "can result in negative effects for you", and here we are, the consequences of your actions.

    If you understand anything about online security or theft, social engineering is the way that most "hacks" are done, look it up to gain a better perspective on it. As Diracles said, this isn't a thread about account sharing, but making sure our accounts are secured completely, as it's part of Kabam's due diligence on security that at the very least is owed when money is being spent, no matter how much.

    We simply want preventative measures.
  • TerminalTerminal Posts: 789
    edited December 2017
    If you don't share your account then your account is secured completely, the best prevention is to not willingly give your account details to a third party. Not only can it give an unfair advantage, it can also produce negative consequences like what's happening here, someone nasty wreaking havoc on their account.

    The cause is relevant. Yes, recovering a compromised account should be improved, no question about it, and it should be done urgently, weeks and no fix is crazy because it could happen in extremely rare situations for legitimate hacked accounts. But what we have right here is no widespread problem potentially effecting every user. We have some isolated incidents due to breaking ToS. We are all safe because, you know, because we don't share our accounts.

    Accounts aren't breached easily like you say. These players gave their info away willingly, potentially to get an unfair advantage. Technically, they are the cheaters. Besides being unfair, the ToS says not to share info for this exact reason, this kind of mess can be a result.

    If you don't give away your details, you're very much safe. There is no widespread danger here.
  • Dircules wrote: »
    Terminal wrote: »

    Blah blah [account sharing is against ToS]

    Excellent topic, for another thread. This one is about being unable to secure accounts.

    This x1000. Account sharing shouldn't happen, but the inability to change your password and have that secure your account is absolutely game breaking and we should NOT have to just put up with it!!
  • If you DID NOT SHARE YOUR LOGIN DETAILS IN THE FIRST PLACE...

    Your account would NOT be on another person's device.

    ----

    Since account sharing is against the ToS... THE PERSON THAT SHARED THEIR ACCOUNT SHOULD BE HELD ACCOUNTABLE FOR problems that arise from these actions. Not Kabam.

    You guys did this to yourself... but hey! Like always... Just blame Kabam for your problems.
  • KeymasterKeymaster Posts: 16
    edited December 2017
    They DID warn you not to share your account. This is the consequence for breaking a ToS.
  • ManthroManthro Posts: 2,732
    Keymaster wrote: »
    If you DID NOT SHARE YOUR LOGIN DETAILS IN THE FIRST PLACE...

    Your account would NOT be on another person's device.

    ----

    Since account sharing is against the ToS... THE PERSON THAT SHARED THEIR ACCOUNT SHOULD BE HELD ACCOUNTABLE FOR problems that arise from these actions. Not Kabam.

    You guys did this to yourself... but hey! Like always... Just blame Kabam for your problems.

    2lnr8shj4spp.jpg
  • WarCatWarCat Posts: 162
    So some goober decided to give his account login to someone else. The friendship goes sour and the goober gets his account wrecked. Then the goober comes on this forum and complains that Kabam won’t fix a problem he created. Did I read that correctly?
  • DirculesDircules Posts: 509
    WarCat wrote: »
    So some goober decided to give his account login to someone else. The friendship goes sour and the goober gets his account wrecked. Then the goober comes on this forum and complains that Kabam won’t fix a problem he created. Did I read that correctly?
    No, but that is what everybody likes to assume.

    Only thing we know is someone, and we don’t know who or how, has gained access to xhibits account and Kabam cannot deal with it.

    Everybody is entitled to their own suspicions and conclusions, and we certainly have our own, but it’s up to Kabam to figure this out as they are the only ones who actually can confirm anything.
  • WarCat wrote: »
    So some goober decided to give his account login to someone else. The friendship goes sour and the goober gets his account wrecked. Then the goober comes on this forum and complains that Kabam won’t fix a problem he created. Did I read that correctly?

    The complaint must have sounded ridiculous...

    Dear Kabam,

    I gave out my login details and someone is messing with my account. I'm just going to tell everyone I have no idea how they got my login so I don't sound like an idiot. He must have hacked me! But deep down I know I gave my details away. Please fix my mess up Kabam.

    Signed, X and MJ
  • that1guythat1guy Posts: 374
    Terminal wrote: »
    A ton of irrelevant crap.

    It's like you don't bother reading at all. Yes, account sharing is not a good idea, but it seems like you and many others are failing to understand is that fact that there should be preventative measures set in place to secure accounts, regardless if shared or not. The security that's currently in place does not hold up to standards that players want, we can all agree on that.

    Seriously, stop writing paragraphs of irrelevant stuff when we have stressed that the topic of account sharing is for another thread. This isn't the thread to discuss it.

    Also, look up social engineering, it's still possible to get accounts comprised even if you haven't shared your account details.
  • TerminalTerminal Posts: 789
    edited January 2018
    It's like you don't bother reading at all. My first sentence said very clearly my position about account security, and I've repeated it several times since.

    Not a good idea? Um, it's against the rules, the terms of service.

    I think you don't know what social engineering is, social engineering is gaining account details through some kind of trick/manipulation, which means they did share it with someone, that's the social part of it.

    But what's the point of talking about scenarios that didn't happen though. Are you trying to say they didn't willingly give away their account info? Jon already said he did in another thread. There's no point even trying to make up some alternate fake scenario about social engineering. Anyway, social engineering, the only difference is they didn't mean or want to, but that's not what happened here. They chose to give their account info to someone (or multiple someones).

    They broke the ToS and the only reason they're in this situation is because they didn't follow the rules.

    I'm not in danger of going through the experience these two are going through because I didn't share my account info.

    Context is completely relevant in this situation. Yes authentication is an issue, but within the context of people who follow the terms of service, this situation will never happen. So as a community, we don't have to be afraid about account security. Yes it shouldn't take weeks to fix it, but they broke the ToS and should be banned anyway.

    These are some of the highest players in the game, who broke the ToS, I think that's a much bigger issue than the problems they're having as a direct result of breaking the ToS.

    Should this be fixed? Definitely, there are scenarios where it could happen to a legitimate user (but not here). Is this actually something that should concern everyone? If you follow the rules, not particularly. Do I care about the consequences these players are currently suffering? Not in the slightest, they brought it on themselves by sharing their accounts. It's a risk they took, they gained some benefits before, now it's come back to bite them.
  • ManthroManthro Posts: 2,732
    Terminal wrote: »
    It's like you don't bother reading at all. My first sentence said very clearly my position about account security, and I've repeated it several times since.

    Not a good idea? Um, it's against the rules, the terms of service.

    I think you don't know what social engineering is, social engineering is gaining account details through some kind of trick/manipulation, which means they did share it with someone, that's the social part of it.

    But what's the point of talking about scenarios that didn't happen though. Are you trying to say they didn't willingly give away their account info? Jon already said he did in another thread. There's no point even trying to make up some alternate fake scenario about social engineering. Anyway, social engineering, the only difference is they didn't mean or want to, but that's not what happened here. They chose to give their account info to someone (or multiple someones).

    They broke the ToS and the only reason they're in this situation is because they didn't follow the rules.

    I'm not in danger of going through the experience these two are going through because I didn't share my account info.

    Context is completely relevant in this situation. Yes authentication is an issue, but within the context of people who follow the terms of service, this situation will never happen. So as a community, we don't have to be afraid about account security. Yes it shouldn't take weeks to fix it, but they broke the ToS and should be banned anyway.

    These are some of the highest players in the game, who broke the ToS, I think that's a much bigger issue than the problems they're having as a direct result of breaking the ToS.

    Should this be fixed? Definitely, there are scenarios where it could happen to a legitimate user (but not here). Is this actually something that should concern everyone? If you follow the rules, not particularly. Do I care about the consequences these players are currently suffering? Not in the slightest, they brought it on themselves by sharing their accounts. It's a risk they took, they gained some benefits before, now it's come back to bite them.

    TL;DR

    Still trying to derail the purpose of this thread. Please, get off your soapbox.
  • Jay32Jay32 Posts: 166
    Please enough of your Stephen King novels @Terminal this can happen to anyone. Account security should be the #1 priority from Kabam. To not be able to stop someone that keeps logging in your device is a shame. I've never gave my info to anyone EVER but recently I got kicked from the game because it said someone logged into my account from another device. When I contact support they know nothing & are unable to help.
Sign In or Register to comment.