The Transformers Forged to Fight community has officially moved to Discord. For all the latest news and updates, join us here!
Re-authentication post credential change
 XHiBiT                
                
                    Posts: 3
XHiBiT                
                
                    Posts: 3                
            
                    My account is still being sabotaged even after kabam recommended solution of changing email and password.
I did let the support personnel know that just changing my account credentials won’t help as if the other person has me logged in from another device, that device won’t prompt a re-login unless the person signs out of the account himself.
But all this explanation is going in vain. I been trying to get them to unlink all devices from my account and they come back with saying they can’t do this.
Am not sure how you design a server which requires login credentials but once the acc is linked with a google play store account or an iTunes account, the server doesn’t require re-authentication once login credentials have been changed. That’s basic login authentication.
The pathetic person who has been logging into my account has been relentlessly logging me out of my own account. Finally I had to take myself out of the alliance so that none of my team members are impacted.
Kabam you need to find a resolution for this today. I need all devices linked to my account kicked. So that the next time the person tries to acces my account atleast your dumb server will ask for authentication.
Regards,
XHiBiT
                        
I did let the support personnel know that just changing my account credentials won’t help as if the other person has me logged in from another device, that device won’t prompt a re-login unless the person signs out of the account himself.
But all this explanation is going in vain. I been trying to get them to unlink all devices from my account and they come back with saying they can’t do this.
Am not sure how you design a server which requires login credentials but once the acc is linked with a google play store account or an iTunes account, the server doesn’t require re-authentication once login credentials have been changed. That’s basic login authentication.
The pathetic person who has been logging into my account has been relentlessly logging me out of my own account. Finally I had to take myself out of the alliance so that none of my team members are impacted.
Kabam you need to find a resolution for this today. I need all devices linked to my account kicked. So that the next time the person tries to acces my account atleast your dumb server will ask for authentication.
Regards,
XHiBiT
8        
             
							
Comments
Support is useless and if nothing more they can’t secure an account after compromised how good is their it or dev team.
There needs to be change in the log in credentials verification and this needs to be done soon.
@Kabam Miike
If accounts are being breached as easily as this, then what's the point of playing high level AM if the cheater or hackers continues to get away with crap like this, while honest players are left in their wake?
This needs to be addressed as the integrity of the game is at stake.
Why do players have to work and work and work to get any helpful solutions to issues? Kabam Miike can't be the only path to getting anything accomplished, or he's just going to rage quit one day
The fact that there is not a fairly simple way to sign out of all devices in concerning. Yes, this is just a game. But some people spend quite a lot of time and/or money in this game...
If there isn't a way to have players select a "sign out of all devices" button, can we have logins expire after a certain time and people have to sign back in?
I hate Game Center in iOS anyway, but thats not Kabam's fault
This is serious and worrying issue. Players spends lot of real money nd time in these accounts. Security of the player accounts should never be taken lightly. And if something suspicious is reported to the support then it must be dealt immediately.
@Kabam Miike
And to the loser(s) messing around with this account, get a life. It would be mildly humorous if you were just kicking players out of an alliance but you've actually gone and spent the energon on the account then sold those same rare and hard earned items for gold immediately after purchasing them.
This is not minor stuff, you basically wasting money the guy has legitimately spent on the account.
I totally would if that kept happening after I change it.
That being said, I have zero sympathy for people who are in this situation because of sharing their account. If they followed the rules they wouldn't be in this situation. Account sharing is violation of the terms of service.
Here we have discovered that some of the strongest accounts in the game (multiple R5s) have done something that gives an unfair advantage. So I wonder, did these account sharers receive any action like a temporary ban? What is the full extent or limit on what they've done in terms of unfair advantage? Did someone else play RoC for them? Does someone log in and do AM for them when they sleep or are busy? Get them extra arena points? Who knows where it started or stopped.
Where is the consequences of ToS violation?
No one has any clue who is accessing these accounts how they are doing it or if they ever had info. Kabam hasn’t stated any names or done anything to culprits
As in the far fetched comment above if you change your bank account pin and someone can still take your money are you not going to be demanding change from your bank?
There are some people that pay others to do Rok, spotlight mission, or pay to do AM for them, but don't tell Kabam about it they don't know that.
Yes, there should be better security on account. For someone that never share account, because most of them is connected when my personal email. Is really concerning that someone can stay long in forever on different device. Hearing people that they should change security to another security is not that easy, it can take awhile for them change security. Kabam could do is to unlink any other device that the user is not log in.
Excellent topic, for another thread. This one is about being unable to secure accounts.
Re-securing an account, I addressed in my first sentence.
Although proper re-authentication protocols should be implemented, bottom line is, this problem only exists for you guys because of violating the ToS, which means you don't have clean hands. The way I see it, dirty hands are not really in a position to make such complaints and demand anything. Sharing your account "can result in negative effects for you", and here we are, the consequences of your actions.
If you understand anything about online security or theft, social engineering is the way that most "hacks" are done, look it up to gain a better perspective on it. As Diracles said, this isn't a thread about account sharing, but making sure our accounts are secured completely, as it's part of Kabam's due diligence on security that at the very least is owed when money is being spent, no matter how much.
We simply want preventative measures.
The cause is relevant. Yes, recovering a compromised account should be improved, no question about it, and it should be done urgently, weeks and no fix is crazy because it could happen in extremely rare situations for legitimate hacked accounts. But what we have right here is no widespread problem potentially effecting every user. We have some isolated incidents due to breaking ToS. We are all safe because, you know, because we don't share our accounts.
Accounts aren't breached easily like you say. These players gave their info away willingly, potentially to get an unfair advantage. Technically, they are the cheaters. Besides being unfair, the ToS says not to share info for this exact reason, this kind of mess can be a result.
If you don't give away your details, you're very much safe. There is no widespread danger here.
This x1000. Account sharing shouldn't happen, but the inability to change your password and have that secure your account is absolutely game breaking and we should NOT have to just put up with it!!
Your account would NOT be on another person's device.
----
Since account sharing is against the ToS... THE PERSON THAT SHARED THEIR ACCOUNT SHOULD BE HELD ACCOUNTABLE FOR problems that arise from these actions. Not Kabam.
You guys did this to yourself... but hey! Like always... Just blame Kabam for your problems.
Only thing we know is someone, and we don’t know who or how, has gained access to xhibits account and Kabam cannot deal with it.
Everybody is entitled to their own suspicions and conclusions, and we certainly have our own, but it’s up to Kabam to figure this out as they are the only ones who actually can confirm anything.
The complaint must have sounded ridiculous...
Dear Kabam,
I gave out my login details and someone is messing with my account. I'm just going to tell everyone I have no idea how they got my login so I don't sound like an idiot. He must have hacked me! But deep down I know I gave my details away. Please fix my mess up Kabam.
Signed, X and MJ
It's like you don't bother reading at all. Yes, account sharing is not a good idea, but it seems like you and many others are failing to understand is that fact that there should be preventative measures set in place to secure accounts, regardless if shared or not. The security that's currently in place does not hold up to standards that players want, we can all agree on that.
Seriously, stop writing paragraphs of irrelevant stuff when we have stressed that the topic of account sharing is for another thread. This isn't the thread to discuss it.
Also, look up social engineering, it's still possible to get accounts comprised even if you haven't shared your account details.
Not a good idea? Um, it's against the rules, the terms of service.
I think you don't know what social engineering is, social engineering is gaining account details through some kind of trick/manipulation, which means they did share it with someone, that's the social part of it.
But what's the point of talking about scenarios that didn't happen though. Are you trying to say they didn't willingly give away their account info? Jon already said he did in another thread. There's no point even trying to make up some alternate fake scenario about social engineering. Anyway, social engineering, the only difference is they didn't mean or want to, but that's not what happened here. They chose to give their account info to someone (or multiple someones).
They broke the ToS and the only reason they're in this situation is because they didn't follow the rules.
I'm not in danger of going through the experience these two are going through because I didn't share my account info.
Context is completely relevant in this situation. Yes authentication is an issue, but within the context of people who follow the terms of service, this situation will never happen. So as a community, we don't have to be afraid about account security. Yes it shouldn't take weeks to fix it, but they broke the ToS and should be banned anyway.
These are some of the highest players in the game, who broke the ToS, I think that's a much bigger issue than the problems they're having as a direct result of breaking the ToS.
Should this be fixed? Definitely, there are scenarios where it could happen to a legitimate user (but not here). Is this actually something that should concern everyone? If you follow the rules, not particularly. Do I care about the consequences these players are currently suffering? Not in the slightest, they brought it on themselves by sharing their accounts. It's a risk they took, they gained some benefits before, now it's come back to bite them.
TL;DR
Still trying to derail the purpose of this thread. Please, get off your soapbox.