Post Reply 2 mail in 1 week regarding password reset
1005 cr points
Send Message: Send PM GB Post
Offline
Posted 8/7/16
One in 1 agust and another in 5 agust I got mail from crunchy roll asking I should reset my password. Mail claims that my password exposed to public and should be changed with link forwarding to cruncyroll's reset password page.

One thing draws my suspicion was in explanation there was link to news website with article says " hackers breached ps3 and amazon accounts". I followed the link and the article was dated to 2014. Also cruncyroll account is not psn or amazon account. Other that this, sender seems offical cruncyroll.

tl;dr , If this happened to someone else too, I want to be sure this not a spam and I should reset or delete account b/c vulnerability issues are real.
10613 cr points
Send Message: Send PM GB Post
Rabbit Horse
Online
Posted 8/7/16
there's a chance it was a phishing attempt. if you reset your info, always do so my manually visiting the official CR page, instead of clicking on any links. and always triple-check to make sure it's not a fake site pretending to be CR.
The Wise Wizard
100931 cr points
Send Message: Send PM GB Post
56 / M / U.S.A. (mid-south)
Offline
Posted 8/7/16

shameness wrote:

One thing draws my suspicion was in explanation there was link to news website with article says " hackers breached ps3 and amazon accounts". I followed the link and the article was dated to 2014. Also cruncyroll account is not psn or amazon account. Other that this, sender seems offical cruncyroll.

The reason PSN or Amazon accounts being hacked is relevant to CR is that many people reuse the same password, or at least a variation of it.

10613 cr points
Send Message: Send PM GB Post
Rabbit Horse
Online
Posted 8/7/16

TheAncientOne wrote:
The reason PSN or Amazon accounts being hacked is relevant to CR is that many people reuse the same password, or at least a variation of it.


i facepalm when i see reports of people being hacked and the most common passwords are "123456" and "passw0rd"
it's not hard to keep separate passwords for different services. having 2-factor authentication is ideal when available, though sms based authentication is apparently vulnerable to hacking.
maybe having CR use 2-factor could be a good idea, at least as an option to paying users, idk.
Amazon does it, and it gives me peace of mind :p
The Wise Wizard
100931 cr points
Send Message: Send PM GB Post
56 / M / U.S.A. (mid-south)
Offline
Posted 8/8/16

namealreadytaken wrote:

maybe having CR use 2-factor could be a good idea, at least as an option to paying users, idk.

It would be, but I honestly don't expect it to be offered anytime in the foreseeable future. After all, CR hasn't implemented something as simple as sending an e-mail to the old e-mail address when the e-mail address on an account is changed. (They only send an e-mail to the new address).

Der Zoodirektor
23405 cr points
Send Message: Send PM GB Post
34 / M / Germany
Offline
Posted 8/8/16

shameness wrote:

One in 1 agust and another in 5 agust I got mail from crunchy roll asking I should reset my password. Mail claims that my password exposed to public and should be changed with link forwarding to cruncyroll's reset password page.

One thing draws my suspicion was in explanation there was link to news website with article says " hackers breached ps3 and amazon accounts". I followed the link and the article was dated to 2014. Also cruncyroll account is not psn or amazon account. Other that this, sender seems offical cruncyroll.

tl;dr , If this happened to someone else too, I want to be sure this not a spam and I should reset or delete account b/c vulnerability issues are real.


We've changed the passwords of some users recently based on reports of compromised accounts by the community, and there is a chance that yours was reset on multiple occasions due to appearing on multiple lists. What you are quoting sounds like our default email for that case.
1005 cr points
Send Message: Send PM GB Post
Offline
Posted 8/9/16
@namealreadytaken - As you suggested, I didn't followed the link, I reset password manually.

@shinryou - Thanks for information, that's makes sense now. Second mail was break point left me confused.
You must be logged in to post.