Post Reply Account deleted? Credit card charged
Posted 10/3/15
I've had my account for over 2 years, I tired to log in and I was told that an account wasn't associated with my email. I went ahead and created my account again with the same email and it's as if the account never existed, my order history is gone. I created a help ticket and haven't received any help for days. I also cancelled my premium membership about a week ago and just now got charged for a membership fee on my nonexistent account, I need this fixed because I don't want to go through a credit card chargeback.
37709 cr points
Send Message: Send PM GB Post
45 / Seattle
Offline
Posted 10/4/15 , edited 10/5/15
Sorry, but it sounds like you're the latest in a long line of people whose accounts have been compromised. Apparently a rogue gang of thieves considers CR accounts a hot commodity, and is doing everything they can to break into them so they can upgrade people's memberships and make them pay for it.

(Either that or CR was hacked and it's easier to blame some other website and/or the victims, but I guess it doesn't make much difference at this point. More importantly, relatively simple but smart fixes have been suggested, and I'm surprised they haven't been implemented.)

Contact CR directly, you might get lucky and not have to wait a few days.


Edit: Sorry, I should have read your post more closely - I hope you get a response soon. FWIW, it does seem like the odds of that go up once you post about it.
Edit 2: Fixing a misapplied link.
18466 cr points
Send Message: Send PM GB Post
43 / M / Finland
Offline
Posted 10/4/15 , edited 10/4/15

arimareiji wrote:

...Either that or CR was hacked and it's easier to blame some other website and/or the victims, but I guess it doesn't make much difference at this point. ...

To be honest, reading the Help section these past months, has been hair-raising at times. Or, rather what I've read here over the past year might be more accurate to say...

No offense to the victims, but it would be somewhat reassuring to know if the takeovers of accounts have been the result of weak/duplicate passwords or compromised client systems, rather than a result of some more nefarious type of hack involving the site itself(that somehow had managed to keep itself in hiding). Any out there who are security-conscious with your systems, use unique strong passes, and still have seen your accounts taken over?

Admittedly, CR does have a large subscriber base, so all cases concentrating in this section might make the situation look much worse than it actually is. On the other hand, a lot of people don't use forums in general, and might only send support tickets should a situation arise...

I always use passwords that are unique and strong enough so I'm not overly worried personally, besides my bank would be quick to react to any odd behavior with the card. In Crunchyroll's case however I have consigned to change the pass frequently, just in case...
The Wise Wizard
99871 cr points
Send Message: Send PM GB Post
56 / M / U.S.A. (mid-south)
Offline
Posted 10/4/15 , edited 10/4/15
I still urge that CR change their account change notification system. As I understand it, when an e-mail address is changed, CR still sends a change confirmation e-mail only to the new address, not the old. This is the reason people aren't aware their account has been taken over until they have to log in again.

An even better system would be to not only send a notification of the change to both e-mail addresses (both old and new), but also include a link in the one sent to the old e-mail address that would allow the change to be reverted, preferably without logging in (as the next step of anyone hijacking an account would be to change the password).

The best security would be to offer the option of two factor security for account changes, but the steps above (especially sending two e-mails instead of one), would be far easier to implement.
Der Zoodirektor
23357 cr points
Send Message: Send PM GB Post
34 / M / Germany
Offline
Posted 10/5/15

Gracias2 wrote:


arimareiji wrote:

...Either that or CR was hacked and it's easier to blame some other website and/or the victims, but I guess it doesn't make much difference at this point. ...

To be honest, reading the Help section these past months, has been hair-raising at times. Or, rather what I've read here over the past year might be more accurate to say...

No offense to the victims, but it would be somewhat reassuring to know if the takeovers of accounts have been the result of weak/duplicate passwords or compromised client systems, rather than a result of some more nefarious type of hack involving the site itself(that somehow had managed to keep itself in hiding). Any out there who are security-conscious with your systems, use unique strong passes, and still have seen your accounts taken over?

Admittedly, CR does have a large subscriber base, so all cases concentrating in this section might make the situation look much worse than it actually is. On the other hand, a lot of people don't use forums in general, and might only send support tickets should a situation arise...

I always use passwords that are unique and strong enough so I'm not overly worried personally, besides my bank would be quick to react to any odd behavior with the card. In Crunchyroll's case however I have consigned to change the pass frequently, just in case...


Entirely weak password management. Many users have the tendency to use the same email/password for everything.
There are people who use the same password for their email, Paypal, Netflix, Crunchyroll ... and also the random privately hosted Minecraft server they play on or illegal streaming sites they frequent as well.
8007 cr points
Send Message: Send PM GB Post
57 / M
Offline
Posted 10/6/15 , edited 10/7/15
I'm having exactly the same problem; I didn't know that CR only sent notifications to the new email address upon a change, that's a pretty questionable security practice. I've also been waiting for well over a week for a response to my support ticket; I sent an email back in September asking about my account being deleted or compromised and was asked for more info, which was then ignored (still waiting on a response). I submitted a second ticket labeled as billing, hoping to at least have someone say "Hey we're working on it" instead of the silence I've been getting since the initial reply. Very unimpressed with the customer service, I pay for three accounts (two are gifts, including this one) and I'd hate to give up the service, but being ignored is a quick way to make me consider it.
37709 cr points
Send Message: Send PM GB Post
45 / Seattle
Offline
Posted 10/8/15 , edited 10/8/15

Gracias2 wrote:


arimareiji wrote:

...Either that or CR was hacked and it's easier to blame some other website and/or the victims, but I guess it doesn't make much difference at this point. ...

To be honest, reading the Help section these past months, has been hair-raising at times. Or, rather what I've read here over the past year might be more accurate to say...


Geez, I don't know why you would feel that way... it's not like a new round of people reporting compromised accounts has started or anything. I feel plenty secure knowing that it must be all their own fault, as was asserted earlier.

And knowing that CR has my card on file, the system is apparently set up to force you to keep a valid card on file at all times (even when you only pay once a year), and that card can apparently be used to buy anything at all from the CR store makes me feel super-secure.
Posted 10/8/15

optimisticpirate wrote:

I'm having exactly the same problem; I didn't know that CR only sent notifications to the new email address upon a change, that's a pretty questionable security practice. I've also been waiting for well over a week for a response to my support ticket; I sent an email back in September asking about my account being deleted or compromised and was asked for more info, which was then ignored (still waiting on a response). I submitted a second ticket labeled as billing, hoping to at least have someone say "Hey we're working on it" instead of the silence I've been getting since the initial reply. Very unimpressed with the customer service, I pay for three accounts (two are gifts, including this one) and I'd hate to give up the service, but being ignored is a quick way to make me consider it.


I can't believe that's what they do when you change email addresses that just seems insane. I cancelled my membership about a week before my account got hijacked but apparently they reactivated it. I would like my account back but I'm close to just saying fuck it and go with the credit card charge back.
The Wise Wizard
99871 cr points
Send Message: Send PM GB Post
56 / M / U.S.A. (mid-south)
Offline
Posted 10/8/15

arimareiji wrote:

And knowing that CR has my card on file, the system is apparently set up to force you to keep a valid card on file at all times (even when you only pay once a year), and that card can apparently be used to buy anything at all from the CR store makes me feel super-secure.

One way around that is to use PayPal. Anyone wanting to change any charge to your account or make any new charge would also have to know your PayPal password. It also has the added benefit of giving one a different route to controlling any CR charges (since any authorization for continuing charges can also be easily terminated from the PayPal side).

37709 cr points
Send Message: Send PM GB Post
45 / Seattle
Offline
Posted 10/8/15 , edited 10/8/15

TheAncientOne wrote:

Thank you for the information, it's worth looking into. (^_^)

By any chance do you know whether adding PayPal as a payment method allows you to delete your card details? The problem I'm running into is that their system doesn't seem to allow you to do so in any form (either outright deleting the card info, or vacating the fields).

If adding PayPal changes that, it would be worth sucking it up and ignoring the fact PayPal also worries me (though much less so). But if it doesn't, it seems like it would just compound the problem.
The Wise Wizard
99871 cr points
Send Message: Send PM GB Post
56 / M / U.S.A. (mid-south)
Offline
Posted 10/8/15

arimareiji wrote:

By any chance do you know whether adding PayPal as a payment method allows you to delete your card details? The problem I'm running into is that their system doesn't seem to allow you to do so in any form (either outright deleting the card info, or vacating the fields).

I fear I can't confirm that. I thought I had used a credit card at one point, but in checking my premium membership history, I see I used PayPal each time, all the way back to when I first subscribed in November 2009.

Der Zoodirektor
23357 cr points
Send Message: Send PM GB Post
34 / M / Germany
Offline
Posted 10/9/15

arimareiji wrote:


TheAncientOne wrote:

Thank you for the information, it's worth looking into. (^_^)

By any chance do you know whether adding PayPal as a payment method allows you to delete your card details? The problem I'm running into is that their system doesn't seem to allow you to do so in any form (either outright deleting the card info, or vacating the fields).

If adding PayPal changes that, it would be worth sucking it up and ignoring the fact PayPal also worries me (though much less so). But if it doesn't, it seems like it would just compound the problem.


As soon as your current subscription runs out you can remove the card at all times. You cannot "live switch" between a credit card and a Paypal account as the payment source.
37709 cr points
Send Message: Send PM GB Post
45 / Seattle
Offline
Posted 10/9/15

shinryou wrote:


As soon as your current subscription runs out you can remove the card at all times. You cannot "live switch" between a credit card and a Paypal account as the payment source.

Makes perfect sense. I don't owe CR any money and haven't since renewing my subscription ten-odd months ago, but you need to keep my card info on hand (and usable by anyone if my account joins the list of those compromised) just in case I do in the future.
Der Zoodirektor
23357 cr points
Send Message: Send PM GB Post
34 / M / Germany
Offline
Posted 10/11/15

wrote:

I've had my account for over 2 years, I tired to log in and I was told that an account wasn't associated with my email. I went ahead and created my account again with the same email and it's as if the account never existed, my order history is gone. I created a help ticket and haven't received any help for days. I also cancelled my premium membership about a week ago and just now got charged for a membership fee on my nonexistent account, I need this fixed because I don't want to go through a credit card chargeback.


Found your tickets and fixed your issue.
You must be logged in to post.