Post Reply Account hijacked?
Posted 11/7/16
Either there's a bug in your server code or someone got access to my original account: kabuto202 and changed the email/password associated with it, since I can't log in using my normal password and when I try to log in using my email I get a message saying no account exists with that email.

Can someone please restore that account's email to the original email (same as this account), and delete this? Also, is it standard practice for email change to be allowed without sending a notification or confirmation email to the original account? Or should I also be concerned about an email breach?
The Wise Wizard
102351 cr points
Send Message: Send PM GB Post
56 / M / U.S.A. (mid-south)
Offline
Posted 11/7/16

ughhhhhh35415135g wrote:

Also, is it standard practice for email change to be allowed without sending a notification or confirmation email to the original account?

Unfortunately, yes. CR only sends a confirmation e-mail to the new e-mail address.

Despite that implementing at least sending the notice to both the old and new e-mail address should be on the "relatively simple" end of the scale of website coding changes, there has been no indication they plan to do so.
Der Zoodirektor
23799 cr points
Send Message: Send PM GB Post
34 / M / Germany
Online
Posted 11/7/16

wrote:

Either there's a bug in your server code or someone got access to my original account: kabuto202 and changed the email/password associated with it, since I can't log in using my normal password and when I try to log in using my email I get a message saying no account exists with that email.

Can someone please restore that account's email to the original email (same as this account), and delete this? Also, is it standard practice for email change to be allowed without sending a notification or confirmation email to the original account? Or should I also be concerned about an email breach?


Restored your account to you. Go through the password reset form to reclaim it.
According to haveibeenpwned.com your credentials were stolen in 12 (!) breaches recently. You should set new passwords for everything you use on the internet, and probably also retire that email address. Also check the devices page in the settings on Crunchyroll and remove any device you do not recognize.
You must be logged in to post.