Post Reply Account multistep verification to prevent change of email addresses
3 cr points
Send Message: Send PM GB Post
25 / M
Offline
Posted 7/13/15
Hello Crunchyroll,

My account no longer states my original email address I signed up for my main account AceofSpikes, exists, and I can not log in as the password has changed.
I emailed on 7/11, with which I'm assuming you were closed as it was Sunday.
Today has ended, and I have not heard any response back.
I paid for a years service of Preimum + membership about a week ago and I now can not access my account.

I'm bringing this to the forums as I do not understand why we can't have a basic 2 step authentication process for removing or changing vital information regarding an account.
Either way, I'm very bummed I can not access Drrr x2 ten for the newer episodes and am going kinda crazy having to watch a ton of ads even though I'm a paying member, on older shows.

Normally your customer service has been great, but thats only when my account is logged in showing me being a premium member, and not when I have any real concerns as I do now.
Please respond relatively fast to my request, so I can get back to my usual business and get my account recovered again.

If I don't hear from someone by end of day Wednesday, I'm going to have to contact my bank to reverse the $100 charge as its not fair for me to wait this long stuck in this situation.
Thats a solid 3 business days. from when the email was sent, which is more than plenty time to respond to an email.

I created this account from my email address I pretty much solely use for itunes just to be able to post here on the forums.

Thank you,

AceofSpikes
Der Zoodirektor
23421 cr points
Send Message: Send PM GB Post
34 / M / Germany
Online
Posted 7/14/15 , edited 7/14/15
Looks like you were done in by weak password management.
You probably used the same email/password combination across several sites, one of which was hacked and had its credentials leaked onto the internet.

I've reverted the email change and changed the password.
Please go through the password reset procedure to reclaim your account.
Set a unique new password. Do the same on any other site you have been using the same credentials for.

Go to the devices page in the settings and remove any device that you do not recognize.

Furthermore run a virus scan on all of your devices to make sure that it was not a local issue.

Your payment details are safe, as we do not show the full details to anyone - not even the owner of the account.
41739 cr points
Send Message: Send PM GB Post
26
Offline
Posted 10/14/15 , edited 10/14/15
I would like to see a 2 step verification. I know of sites significantly smaller then this that incorporate it. If given to the user and let them decide to use it or not I feel it could only benifit the community.

Call me password paranoid but I change my passwords near every other month with 10-15 mix match between uppercase, lowercase and #'s.

Would offer me significant peace of mind to have a Google authenticator (or anything along those lines).
37709 cr points
Send Message: Send PM GB Post
45 / Seattle
Offline
Posted 10/14/15 , edited 10/14/15

LosingHope wrote:

I would like to see a 2 step verification. I know of sites significantly smaller then this that incorporate it. If given to the user and let them decide to use it or not I feel it could only benifit the community.

Call me password paranoid but I change my passwords near every other month with 10-15 mix match between uppercase, lowercase and #'s.

Would offer me significant peace of mind to have a Google authenticator (or anything along those lines).


This, or any number of other ideas that have been proposed to increase account security, would be great.

Unfortunately they don't even have the time to change it so that when an intruder changes your password and email, the system notifies you (old email) instead of the intruder (new email). Let alone email you a link to undo the email change, or change your password back. That would only benefit the vast majority of compromised-account victims, so it's not worth the time. Not to mention that it's not their problem since they're certain it's always the fault of the victim (or maybe some other site where they used the same password), never mind that there have been a disturbing number of these occurring for several months. I wish I were exaggerating.

On the bright side, at least you're a forum user. So if/when it happens to you, you'll get a fairly quick response if you bring it up in public. (Numerous people who only contacted support have reported waiting several days, sometimes weeks, for a response while the intruder continues to make charges.)

Postscript: If you're wondering why I'm saying this when I'm still a premium user, you'd have a valid point. Unfortunately, they won't even let users de-authorize or delete their card information (unless they provide a new card that can be charged) when they pay for a year in advance. They have to keep it on hand and freely-usable by an intruder in the CR store until the subscription you already paid for runs out.
You must be logged in to post.