Post Reply Seems Like My Account was comprimised
Posted 7/22/16
So, it seems like my account was also compromised. The email of my old account was changed and can't log in. My account username is soloassasin. I even paid for the premium membership for this month. Seems like Crunchy Roll accounts could easily be compromised and have the email changed easy peasy and with no notification of an email change.
Posted 7/22/16
to expand on this more, logging in regularly shows that no user has this email. Then tried resetting password just in case I put in the wrong password and also again mentions there is no account with this email
Der Zoodirektor
23373 cr points
Send Message: Send PM GB Post
34 / M / Germany
Offline
Posted 7/22/16

wrote:

So, it seems like my account was also compromised. The email of my old account was changed and can't log in. My account username is soloassasin. I even paid for the premium membership for this month. Seems like Crunchy Roll accounts could easily be compromised and have the email changed easy peasy and with no notification of an email change. :(


I've reverted the email change and randomized your password. Go through the password reset functionality to reclaim your account.

You should change your password on every site that you used with the same credentials. Your password was likely stolen in the hack of another website you used the same password/email combination for. Never use the same password multiple times under any circumstances.

Check your devices list in the settings on Crunchyroll and remove any device you do not recognize. Also run a virus scan on all of your devices to make sure that it was not a local issue.
10589 cr points
Send Message: Send PM GB Post
Rabbit Horse
Offline
Posted 7/22/16

shinryou wrote:


wrote:

So, it seems like my account was also compromised. The email of my old account was changed and can't log in. My account username is soloassasin. I even paid for the premium membership for this month. Seems like Crunchy Roll accounts could easily be compromised and have the email changed easy peasy and with no notification of an email change. :(


I've reverted the email change and randomized your password. Go through the password reset functionality to reclaim your account.

You should change your password on every site that you used with the same credentials. Your password was likely stolen in the hack of another website you used the same password/email combination for. Never use the same password multiple times under any circumstances.

Check your devices list in the settings on Crunchyroll and remove any device you do not recognize. Also run a virus scan on all of your devices to make sure that it was not a local issue.


if the OP used an iPhone or iPad, it's possible the op became a victim of a hack involving tiff images, which could be used to steal people's passwords.
source: http://www.redmondpie.com/ios-9.3.3-fixes-critical-security-flaw-that-could-allow-password-theft/

Apple fixed the vulnerability on iOS 9.3.3. for those jailbroken, there's tiff disabler.
Otter Modder
42364 cr points
Send Message: Send PM GB Post
23 / M / Florida
Offline
Posted 7/22/16
That is pretty unlikely as there isn't even a PoC for this exploit at the moment and there likely won't be for at least a couple of weeks but probably longer. The report (found here) just details a heap buffer overflow, but not a method to exploit it.
Der Zoodirektor
23373 cr points
Send Message: Send PM GB Post
34 / M / Germany
Offline
Posted 7/22/16

namealreadytaken wrote:

if the OP used an iPhone or iPad, it's possible the op became a victim of a hack involving tiff images, which could be used to steal people's passwords.
source: http://www.redmondpie.com/ios-9.3.3-fixes-critical-security-flaw-that-could-allow-password-theft/

Apple fixed the vulnerability on iOS 9.3.3. for those jailbroken, there's tiff disabler.


It is rather unlikely that a software/hardware exploit is involved. Users are MUCH more likely to bring this upon themselves by being lax with their passwords. The lists of compromised logins for various services are HUGE, there are millions of datasets out there. Don't be lazy, use unique, long passwords.
You must be logged in to post.