There is a huge flaw in Riot's account recovery

First Riot Post
Comment below rating threshold, click here to show it.

Elevar

Senior Member

10-26-2013

Bumping for visibility, can we get a red on this?


Comment below rating threshold, click here to show it.

Zephyreal

Player Support Specialist

10-26-2013
1 of 3 Riot Posts

Hey RinEnmui,

First I wouldn't just shrug off a suggestion of doing a virus/malware scan. Having done recoveries for Blizzard for several years before coming to Riot, a large majority of hacked accounts (that weren't stolen from players just handing out their login information via scams) were directly associated with malicious software installed on their computers.

That being said, there is still the possibility it isn't a virus and with what you've posted so far there are probably about 4-5 different possible solutions I can suggest to you to try and remedy the situation. But that would obviously be a huge waste of both of our times to have you go through all of them. As such, I'd like to gather more information about your case specifically to try and narrow it down to 1, maaaaybe 2 at most.

Would I be able to get the summoner name of the account you are trying to recover?


Comment below rating threshold, click here to show it.

wapster

Senior Member

10-26-2013

OP is blaming Riot when he has a keylogger installed on his computer?

GD never ceases to amaze at how dumb it is


Comment below rating threshold, click here to show it.

The MechE

Senior Member

10-26-2013

Dude this should be something you tell player support and not random GD comers.


Comment below rating threshold, click here to show it.

Zephyreal

Player Support Specialist

10-26-2013
2 of 3 Riot Posts

Also, in regards to our account security in general, we are very aware that it can and should definitely be improved. As we announced earlier:

"Additionally, new security features that are currently in development include:

Email verification: all new registrations and account changes will need to be associated with a valid email address (we’ll also require all existing players to provide a valid email address).
Two-factor authentication: changes to account email or password will require verification via email or mobile SMS."

While I am not part of the development process myself, I am pretty certain this is just a small preview of the bigger picture that is Riot's effort towards better account security.


Comment below rating threshold, click here to show it.

uub3r

This user has referred a friend to League of Legends, click for more information

Senior Member

10-26-2013

Zephyreal is on the case!


Comment below rating threshold, click here to show it.

Natsu FT

Senior Member

10-26-2013

Quote:
Originally Posted by Riot Zephyreal View Post
Hey RinEnmui,

First I wouldn't just shrug off a suggestion of doing a virus/malware scan. Having done recoveries for Blizzard for several years before coming to Riot, a large majority of hacked accounts (that weren't stolen from players just handing out their login information via scams) were directly associated with malicious software installed on their computers.

That being said, there is still the possibility it isn't a virus and with what you've posted so far there are probably about 4-5 different possible solutions I can suggest to you to try and remedy the situation. But that would obviously be a huge waste of both of our times to have you go through all of them. As such, I'd like to gather more information about your case specifically to try and narrow it down to 1, maaaaybe 2 at most.

Would I be able to get the summoner name of the account you are trying to recover?
Hello sir, thank you for your time. My main account's name is Balmunglol. On my reddit post someone mentioned if I immediately click the ''forgot password' link after Riot has helped me recover my account then I will receive the same link the hacker has on his email, and his is nullified. Currently that seems to have worked since he has not been able to change my password. At least not yet. I keep getting emails of someone trying to recover my password, so I can only assume it is him thinking he can get it sent to his email.


Comment below rating threshold, click here to show it.

RinEnmui

Junior Member

10-26-2013

Quote:
Originally Posted by Riot Zephyreal View Post
Also, in regards to our account security in general, we are very aware that it can and should definitely be improved. As we announced earlier:

"Additionally, new security features that are currently in development include:

Email verification: all new registrations and account changes will need to be associated with a valid email address (we’ll also require all existing players to provide a valid email address).
Two-factor authentication: changes to account email or password will require verification via email or mobile SMS."

While I am not part of the development process myself, I am pretty certain this is just a small preview of the bigger picture that is Riot's effort towards better account security.
Hello, i'm sorry I forgot I was still logged in to my main account that was compromised when I responded. Balmunglol the post right above this one. ^^^^


Comment below rating threshold, click here to show it.

Zastie

This user has referred a friend to League of Legends, click for more information

Senior Member

10-26-2013

Quote:
Originally Posted by Mechanical Heart View Post
Dude this should be something you tell player support and not random GD comers.
Riot Support doesn't care about big issues you send them, you gotta get attention for something big, otherwise Riot will just spit out a copy/paste response and not do anything.


Comment below rating threshold, click here to show it.

Jimmy Jenkins

Junior Member

10-26-2013

Quote:
Originally Posted by Riot Zephyreal View Post
Hey RinEnmui,

First I wouldn't just shrug off a suggestion of doing a virus/malware scan. Having done recoveries for Blizzard for several years before coming to Riot, a large majority of hacked accounts (that weren't stolen from players just handing out their login information via scams) were directly associated with malicious software installed on their computers.

That being said, there is still the possibility it isn't a virus and with what you've posted so far there are probably about 4-5 different possible solutions I can suggest to you to try and remedy the situation. But that would obviously be a huge waste of both of our times to have you go through all of them. As such, I'd like to gather more information about your case specifically to try and narrow it down to 1, maaaaybe 2 at most.

Would I be able to get the summoner name of the account you are trying to recover?
How Ironic, My account was compromised yesterday morning (3 hours after I finally got to diamond) I sent in a ticket yesterday with all the information they asked for but I have yet to get it back (I do understand it's only been 1 and a half days and that it's a very long process) But I shouldn't even have to be spending all this time recovering it if they would just have a better system, all they have to do Is log into your account and change the email and password, because there is nothing stopping them, you don't even get an email saying that your email/password has been changed confirming if it was you or not. All in all I just hope I get my account back as it's diamond with about 100 champs and at least 1 skin for almost every one of them, along with skins like riot singed, and pax sivir, and lollipoppy. ;n;

@Riot Zephyreal