Somebody else is watching on my account

Post Reply
1003 cr points
Send Message: GB Post
Offline
Posted 12/31/18 , edited 12/31/18
I want to know who else has experienced the issue where:

Once somebody has logged into your account using an old compromised password they can keep watching on your account forever even though you have changed the password to new strong passwords every month for some time.

All devices have been removed from the list, but the behaviour persists.
They can change the queue, modify preferences, and pretend to be me.

The only thing they can't do is change the password and make purchases, and because no money is involved support doesn't care. Support explicitly said that this is a non-issue to them.

Do I have to cancel my subscription and delete my account to stop this, or is there another solution?
3690 cr points
Send Message: GB Post
M / UK
Offline
Posted 12/31/18 , edited 12/31/18
Changing the passwords and removing certain devices should have solved the problem so you are in quite a strange situation. Is it possible that they are using the device you are currently on to watch videos?
111393 cr points
Send Message: GB Post
58 / M / U.S.A. (mid-south)
Online
Posted 12/31/18 , edited 12/31/18

AnimeObserver123 wrote:

Changing the passwords and removing certain devices should have solved the problem so you are in quite a strange situation. Is it possible that they are using the device you are currently on to watch videos?

Unfortunately, changing the password doesn't expire existing authentication tokens (as it should) and apparently it isn't difficult to edit the cookie CR stores on the users system, to keep that token alive (something that shouldn't be possible if the cookie was encrypted).
15879 cr points
Send Message: GB Post
☆Land of sweets☆
Offline
Posted 12/31/18 , edited 12/31/18
Crunchyroll should revamp their account security system in place. unfortunately given how long peple asked for stronger security measures and


Support explicitly said that this is a non-issue to them.

it seems they just plain dont care.
56586 cr points
Send Message: GB Post
62 / M / Earth
Offline
Posted 12/31/18 , edited 12/31/18

viciousteletuby28 wrote:
Do I have to cancel my subscription and delete my account to stop this

That is the only way to be completely sure. If you do decide to do that, you might wish to consider using a different email address and a password generated by using a secure password manager add-on such as Last Pass, as the email is the way in, and people tend to repeat passwords so they can remember themselves.
3690 cr points
Send Message: GB Post
M / UK
Offline
Posted 12/31/18 , edited 12/31/18

TheAncientOne wrote:


AnimeObserver123 wrote:

Changing the passwords and removing certain devices should have solved the problem so you are in quite a strange situation. Is it possible that they are using the device you are currently on to watch videos?

Unfortunately, changing the password doesn't expire existing authentication tokens (as it should) and apparently it isn't difficult to edit the cookie CR stores on the users system, to keep that token alive (something that shouldn't be possible if the cookie was encrypted).

I see. That is really dumb and unhelpful.
111393 cr points
Send Message: GB Post
58 / M / U.S.A. (mid-south)
Online
Posted 12/31/18 , edited 12/31/18
Since CR finally switched to HTTPS on all pages, snarfing up authentication tokens should no longer be possible, but that isn't much help for those that had it happen to them before that change. Likewise, if someone gets your password once by other means and knows what they are doing, you'll have an issue.
You must be logged in to post.