I guess I dont understand - I play this game on a few different devices and anytime I log into one, it will always auto-log me off whatever other device it was currently logged into. I even get a message on that device that says I have been logged out because I logged in on another device.
So, unless there is some special setting that allows you to be logged into the same account across several devices at the same time, im not understanding how someone would be able to continue accessing the account even after the password has been changed -- unless we are talking about legit "hacking". And if thats the case, then Kabam should be taking this very seriously.
@Stitch626 , its pretty simple. when you get bumped from the one device, what do you have to do to reconnect on the one you were just on? You just press reconnect, right? It doesn't ask you for credentials, right?
What was found is, if you change your password, email, doesn't matter... that person can just hit reconnect and they're back on. Until they log out they won't have to formally log IN again.
Clearly this is a huge security flaw, and Kabam needs to address it promptly now that it is so widely known.
Old OVPWR got #2 in AM. What a waste of resources ...
Its really Sad to see this , but Mustangjons account compromise and loss of Rank-1 alliance shouldn’t go to waste. This point forward should be lesson for all other Alliance that any account can be compromised.
So better security of accont is must neeeded from kabam
It’s never heard off that when the creds for an account has changed, the server doesn’t ask for re-authentication even if kabam servers are using Apple ID or google play store account to authenticate.
Secondly the least you could do is gather the details on what Apple account or google account is being linked and notify the user about the different ids that are being linked.
Unable to do neither of the above is worrisome. How on earth did you get a server up without base authentication
What a mess, I feel sorry for the victim & his alliance.
This is 100% on you Kabam, if I gave my info to someone or get hacked that’s mean I will never get control on my account?
It is a huge security breach & can’t be good to your business.
This is why you don't share account to stranger, because stuff like this happen. I'm sure Kabam does not allowed account sharing, but it still happen. For hacker to hack someone account they still need their email and password or worst case hacking Kabam server.
The team is aware of this situation and are working with the party involved to rectify the problem. We can't comment on anything related to this in the forums, as this issue affects an individual and their Alliance, and this is a private manner.
Rest assured, we're doing our due diligence in ensuring that this matter is resolved.
Comments
So, unless there is some special setting that allows you to be logged into the same account across several devices at the same time, im not understanding how someone would be able to continue accessing the account even after the password has been changed -- unless we are talking about legit "hacking". And if thats the case, then Kabam should be taking this very seriously.
What was found is, if you change your password, email, doesn't matter... that person can just hit reconnect and they're back on. Until they log out they won't have to formally log IN again.
Clearly this is a huge security flaw, and Kabam needs to address it promptly now that it is so widely known.
Its really Sad to see this , but Mustangjons account compromise and loss of Rank-1 alliance shouldn’t go to waste. This point forward should be lesson for all other Alliance that any account can be compromised.
So better security of accont is must neeeded from kabam
Secondly the least you could do is gather the details on what Apple account or google account is being linked and notify the user about the different ids that are being linked.
Unable to do neither of the above is worrisome. How on earth did you get a server up without base authentication
Me all day today
This is 100% on you Kabam, if I gave my info to someone or get hacked that’s mean I will never get control on my account?
It is a huge security breach & can’t be good to your business.
The team is aware of this situation and are working with the party involved to rectify the problem. We can't comment on anything related to this in the forums, as this issue affects an individual and their Alliance, and this is a private manner.
Rest assured, we're doing our due diligence in ensuring that this matter is resolved.