There is a huge flaw in Riot's account recovery

First Riot Post
Comment below rating threshold, click here to show it.

Zephyreal

Player Support Specialist

10-26-2013
3 of 3 Riot Posts

Hey Balmunglol,

I am glad you were able to get back into your account, and it seems that you are still in control of it.

From investigating your account it looks like that when the hacker stole your account after your initial recovery it was through having access to your e-mail address. If you haven't already, I would recommend changing the password on that e-mail... although to be honest I'm not entirely sure if just doing that would fix the problem.

As was suggested previously you should do a virus/malware scan. Keep in mind a scanning software dedicated towards detecting viruses may not necessarily detect malware, and vice versa. Once you are positive your entire computer is secure, it should then be safe to secure up your e-mail to then ultimately secure your LoL account. I would even go as far as making a new e-mail address that has no correlation to your current one and using that for your LoL account, then doing a password reset through that email (again, after you are sure your computer is clean).

Jimmy Jenkins: The account recovery process involves a lot of personal information being exchanged between you and our recovery team. As such I will be unable to assist you with the actual recovery here. Please wait for us to respond to you through the ticket you submitted. It sucks to wait but unfortunately that's just how it needs to go.


Comment below rating threshold, click here to show it.

Oak Senpai

Member

10-26-2013

Quote:
Originally Posted by Riot Zephyreal View Post
Hey Balmunglol,

I am glad you were able to get back into your account, and it seems that you are still in control of it.

From investigating your account it looks like that when the hacker stole your account after your initial recovery it was through having access to your e-mail address. If you haven't already, I would recommend changing the password on that e-mail... although to be honest I'm not entirely sure if just doing that would fix the problem.

As was suggested previously you should do a virus/malware scan. Keep in mind a scanning software dedicated towards detecting viruses may not necessarily detect malware, and vice versa. Once you are positive your entire computer is secure, it should then be safe to secure up your e-mail to then ultimately secure your LoL account. I would even go as far as making a new e-mail address that has no correlation to your current one and using that for your LoL account, then doing a password reset through that email (again, after you are sure your computer is clean).

Jimmy Jenkins: The account recovery process involves a lot of personal information being exchanged between you and our recovery team. As such I will be unable to assist you with the actual recovery here. Please wait for us to respond to you through the ticket you submitted. It sucks to wait but unfortunately that's just how it needs to go.
Thanks for your help


Comment below rating threshold, click here to show it.

Jimmy Jenkins

Junior Member

10-26-2013

Quote:
Originally Posted by Riot Zephyreal View Post
Hey Balmunglol,

I am glad you were able to get back into your account, and it seems that you are still in control of it.

From investigating your account it looks like that when the hacker stole your account after your initial recovery it was through having access to your e-mail address. If you haven't already, I would recommend changing the password on that e-mail... although to be honest I'm not entirely sure if just doing that would fix the problem.

As was suggested previously you should do a virus/malware scan. Keep in mind a scanning software dedicated towards detecting viruses may not necessarily detect malware, and vice versa. Once you are positive your entire computer is secure, it should then be safe to secure up your e-mail to then ultimately secure your LoL account. I would even go as far as making a new e-mail address that has no correlation to your current one and using that for your LoL account, then doing a password reset through that email (again, after you are sure your computer is clean).

Jimmy Jenkins: The account recovery process involves a lot of personal information being exchanged between you and our recovery team. As such I will be unable to assist you with the actual recovery here. Please wait for us to respond to you through the ticket you submitted. It sucks to wait but unfortunately that's just how it needs to go.
Yah waiting does suck, I'm just worried the hacker will delete all my friends then I wont be able to do things such as send mystery gifts once harrowing comes because i'll have to wait an additional 2 weeks to gift. I'm confident I've sent enough info to prove it's my account, It just worries me what he could be doing to my account as I had quite a bit of rp and friends that I don't want to get deleted. They already removed me from the leader position on my diamond 3v3 team and kicked me, I don't want to lose anything else ;n;


Comment below rating threshold, click here to show it.

MarkedPariah

Senior Member

10-26-2013

Hey in regards to the security are one of the new security features being looked at the security key being used by blizzard for WoW accounts and for the TOR accounts? That seems like a really secure way of preventing someone from logging into your account even if they do know your password.


Comment below rating threshold, click here to show it.

Shiister

This user has referred a friend to League of Legends, click for more information

Senior Member

10-26-2013

Quote:
Originally Posted by MarkedPariah View Post
Hey in regards to the security are one of the new security features being looked at the security key being used by blizzard for WoW accounts and for the TOR accounts? That seems like a really secure way of preventing someone from logging into your account even if they do know your password.
I remember on a Nexon game I use to play called...Vindutus or something like that they had 2 password layers.

The password to sigh onto the account, and password to sign in(which I usually forgot)


Comment below rating threshold, click here to show it.

Samurai Jax

Member

10-27-2013

Quote:
Originally Posted by Riot Zephyreal View Post
Hey Balmunglol,

I am glad you were able to get back into your account, and it seems that you are still in control of it.

From investigating your account it looks like that when the hacker stole your account after your initial recovery it was through having access to your e-mail address. If you haven't already, I would recommend changing the password on that e-mail... although to be honest I'm not entirely sure if just doing that would fix the problem.

As was suggested previously you should do a virus/malware scan. Keep in mind a scanning software dedicated towards detecting viruses may not necessarily detect malware, and vice versa. Once you are positive your entire computer is secure, it should then be safe to secure up your e-mail to then ultimately secure your LoL account. I would even go as far as making a new e-mail address that has no correlation to your current one and using that for your LoL account, then doing a password reset through that email (again, after you are sure your computer is clean).

Jimmy Jenkins: The account recovery process involves a lot of personal information being exchanged between you and our recovery team. As such I will be unable to assist you with the actual recovery here. Please wait for us to respond to you through the ticket you submitted. It sucks to wait but unfortunately that's just how it needs to go.
Hi zephyreal, my main account xcpt jax was also hacked as well 5 days ago and the recovery process is just frustrating. its a diamond 1 account that ive put time into since season 1 and im just scared about what might happen to it.