Post Reply Unwilling account share
4081 cr points
Send Message: Send PM GB Post
21 / M / Lima, Perú
Offline
Posted 10/8/17 , edited 10/8/17
Hello Crunchyroll team.

A few days ago i notice suspicious activity on my anime-history sections where some episodes were watched and i didnt watch them. After getting into "My Devices" section of the options i found a lot of unknown divices linked to my account and i ended thus links and changed my password. The suspicious activity ended and now there is only my personal divices linked in my account. Problem is that "My Devices" doesnt log where i logged in my account through PC (desktop or laptop) and i'm afraid that even tho i changed password, "they" can still log in into my account by their PC, since i noticed that even when i changed my password my logged account on my laptop did not log out.

Could you please send me a log script of the places where my account was login through PC or at least logout of all my divices so i can loggin again with my new password?

Note: I opened the same topic on the spanish forums as i'm from Latin America but i figured out that i'll get a quicker answer on the US forums. The same topic on spanish forums is http://www.crunchyroll.com/forumtopic-1002941/unwilling-account-share
54519 cr points
Send Message: Send PM GB Post
61 / M / Earth
Offline
Posted 10/8/17 , edited 10/8/17
If such a thing is even possible and/or allowed, you would need to request it from support directly: /contact A public forum isn't the correct place for resolving account issues.
4081 cr points
Send Message: Send PM GB Post
21 / M / Lima, Perú
Offline
Posted 10/8/17 , edited 10/8/17

asharka wrote:

If such a thing is even possible and/or allowed, you would need to request it from support directly: /contact A public forum isn't the correct place for resolving account issues.


Thanks for lettming know about /contact i was looking for it but didnt find it
Lukage 
22058 cr points
Send Message: Send PM GB Post
Offline
Posted 10/8/17 , edited 10/8/17
I find it odd that I noticed the EXACT same thing. Is your queue also screwed up and suggesting this has been an issue for a long time?
54519 cr points
Send Message: Send PM GB Post
61 / M / Earth
Offline
Posted 10/8/17 , edited 10/9/17
If you haven't seen this site yet, you might want to take a look to see how easy it is for this sort of thing to happen.

https://haveibeenpwned.com/

Basically, if you used the same id and password on even one other site, and that got hacked, that pairing gets posted on a publically available "paste" site, and then anyone might try them elsewhere where they have an interest. Really enterprising people test a lot of them and then turn around and sell them as "working" accounts. Some, with an axe to grind, even give them away just to cause chaos.
Lukage 
22058 cr points
Send Message: Send PM GB Post
Offline
Posted 10/8/17 , edited 10/9/17
Appreciated, but not applicable here. Its speculation and odd that a ton of people would around the same time "try" credentials here, not that the username/password are matched.
37757 cr points
Send Message: Send PM GB Post
47 / Seattle
Offline
Posted 10/9/17 , edited 10/9/17

Lukage wrote:

Appreciated, but not applicable here. Its speculation and odd that a ton of people would around the same time "try" credentials here, not that the username/password are matched.


Shhh, that's their favorite thing to claim when people get hacked and a bunch of false charges get run up on the credit card CR forces people to leave available for charges (not just for subscription, but also in their store). They'll swear up and down that it must have been anything other than their system, even when there are tons of known bugs in the subscription / credit-card charge system that they flatly ignore every time they're reported.

It definitely didn't help that on top of ignoring bug reports, at the beginning of the year they outsourced their engineers to Eastern Europe and fired the ones who built the place.

They sometimes publicly claim they'll refund false charges to victims, but if they were hemorrhaging the kind of money it would cost to give every victim a refund... they would have fixed this back when it started happening years ago.
4081 cr points
Send Message: Send PM GB Post
21 / M / Lima, Perú
Offline
Posted 10/9/17 , edited 10/9/17

Lukage wrote:

I find it odd that I noticed the EXACT same thing. Is your queue also screwed up and suggesting this has been an issue for a long time?


I noticed like for 1 month and then i found various devices linked to my account. My queues were not screw, only the history of animes watched which i clearly didnt watch
Lukage 
22058 cr points
Send Message: Send PM GB Post
Offline
Posted 10/9/17 , edited 10/9/17

arimareiji wrote:


Lukage wrote:

Appreciated, but not applicable here. Its speculation and odd that a ton of people would around the same time "try" credentials here, not that the username/password are matched.


Shhh, that's their favorite thing to claim when people get hacked and a bunch of false charges get run up on the credit card CR forces people to leave available for charges (not just for subscription, but also in their store). They'll swear up and down that it must have been anything other than their system, even when there are tons of known bugs in the subscription / credit-card charge system that they flatly ignore every time they're reported.

It definitely didn't help that on top of ignoring bug reports, at the beginning of the year they outsourced their engineers to Eastern Europe and fired the ones who built the place.

They sometimes publicly claim they'll refund false charges to victims, but if they were hemorrhaging the kind of money it would cost to give every victim a refund... they would have fixed this back when it started happening years ago.


I'm not making that accusation either and I don't think its fair to make that assumption. Use the facts you have to decide
37757 cr points
Send Message: Send PM GB Post
47 / Seattle
Offline
Posted 10/10/17 , edited 10/11/17

Lukage wrote:
I'm not making that accusation either and I don't think its fair to make that assumption. Use the facts you have to decide

If I understand correctly, thank you for "getting it". For years, they've been telling people that anyone else is to blame, even though they know that at least their registration system has more bugs than the Amazon jungle. Every time, it must have been a new dump of credentials (from some other website, of course) on the dark web, an untrustworthy server admin, etc, giving away a password that the victim used everywhere (even if this means calling the victim a liar). They're so sure their security is airtight that they don't need to bother with checking it.
52017 cr points
Send Message: Send PM GB Post
40 / M
Offline
Posted 10/17/17 , edited 10/17/17
Just discovered a similar issue with my viewing history. seems that several new devices were added in the last few days, and actually several others in the past. I immediately changed my password and then deactivated every device except the one I actually use.

Thanks for the link to the pwned website, I hadn't updated the password for crunchyroll in years, and the e-mail address I use was in fact leaked from some breach years ago. This is why several years ago I moved to individual passwords per application/website, luckily I didnt see any other nefarious behavior.
12023 cr points
Send Message: Send PM GB Post
26 / M / Unknown
Offline
Posted 10/17/17 , edited 10/18/17
This also just happened to me. Noticed a few shows I hadn't watched in my history then checked my devices to find 2 unknown devices connected to my account within the last week. Immediately changed my password & deactivated the devices. I suggest everyone check your watch history & devices currently connected to your account.
12023 cr points
Send Message: Send PM GB Post
26 / M / Unknown
Offline
Posted 10/18/17 , edited 10/18/17
I also would like to add that once they signed into my account they changed my password from the settings page, which is initially what tipped me off that something was going on when I couldn't sign in.

But I find it odd that Crunchyroll doesn't have a system that emails you that your password/ email have been changed or to verify the change from your current email. If they had changed my email also I would've had to make another email & CR account just to get in contact with support to try to get this account back or have my payment removed from this account.

The point is if someone acquired an account's sign in info & signed in & then went into the settings to take the account by changing the email & password they can do so with a single click & with no email verification of the change. Which could be disastrous. The only time email verification happens is if you forgot your password.

My only concern now is if the culprits signed into my account using a computer also besides the devices they added & are still logged in to my account they can still change my email & password now knowing I've deactivated their devices & changed my password.

As an added bonus they shuffled around some of the shows in my Queue as well.
You must be logged in to post.