Post Reply Seems Like My Account was comprimised
Posted 7/22/16
So, it seems like my account was also compromised. The email of my old account was changed and can't log in. My account username is soloassasin. I even paid for the premium membership for this month. Seems like Crunchy Roll accounts could easily be compromised and have the email changed easy peasy and with no notification of an email change.
Posted 7/22/16
to expand on this more, logging in regularly shows that no user has this email. Then tried resetting password just in case I put in the wrong password and also again mentions there is no account with this email
Der Zoodirektor
26133 cr points
Send Message: Send PM GB Post
35 / M / Germany
Online
Posted 7/22/16

wrote:

So, it seems like my account was also compromised. The email of my old account was changed and can't log in. My account username is soloassasin. I even paid for the premium membership for this month. Seems like Crunchy Roll accounts could easily be compromised and have the email changed easy peasy and with no notification of an email change. :(


I've reverted the email change and randomized your password. Go through the password reset functionality to reclaim your account.

You should change your password on every site that you used with the same credentials. Your password was likely stolen in the hack of another website you used the same password/email combination for. Never use the same password multiple times under any circumstances.

Check your devices list in the settings on Crunchyroll and remove any device you do not recognize. Also run a virus scan on all of your devices to make sure that it was not a local issue.
13107 cr points
Send Message: Send PM GB Post
☆Land of sweets☆
Offline
Posted 7/22/16

shinryou wrote:


wrote:

So, it seems like my account was also compromised. The email of my old account was changed and can't log in. My account username is soloassasin. I even paid for the premium membership for this month. Seems like Crunchy Roll accounts could easily be compromised and have the email changed easy peasy and with no notification of an email change. :(


I've reverted the email change and randomized your password. Go through the password reset functionality to reclaim your account.

You should change your password on every site that you used with the same credentials. Your password was likely stolen in the hack of another website you used the same password/email combination for. Never use the same password multiple times under any circumstances.

Check your devices list in the settings on Crunchyroll and remove any device you do not recognize. Also run a virus scan on all of your devices to make sure that it was not a local issue.


if the OP used an iPhone or iPad, it's possible the op became a victim of a hack involving tiff images, which could be used to steal people's passwords.
source: http://www.redmondpie.com/ios-9.3.3-fixes-critical-security-flaw-that-could-allow-password-theft/

Apple fixed the vulnerability on iOS 9.3.3. for those jailbroken, there's tiff disabler.
Otter Modder
51191 cr points
Send Message: Send PM GB Post
24 / M / Florida
Offline
Posted 7/22/16
That is pretty unlikely as there isn't even a PoC for this exploit at the moment and there likely won't be for at least a couple of weeks but probably longer. The report (found here) just details a heap buffer overflow, but not a method to exploit it.
Der Zoodirektor
26133 cr points
Send Message: Send PM GB Post
35 / M / Germany
Online
Posted 7/22/16

namealreadytaken wrote:

if the OP used an iPhone or iPad, it's possible the op became a victim of a hack involving tiff images, which could be used to steal people's passwords.
source: http://www.redmondpie.com/ios-9.3.3-fixes-critical-security-flaw-that-could-allow-password-theft/

Apple fixed the vulnerability on iOS 9.3.3. for those jailbroken, there's tiff disabler.


It is rather unlikely that a software/hardware exploit is involved. Users are MUCH more likely to bring this upon themselves by being lax with their passwords. The lists of compromised logins for various services are HUGE, there are millions of datasets out there. Don't be lazy, use unique, long passwords.
You must be logged in to post.