Password Recovery BUG - Attention please

Comment below rating threshold, click here to show it.

Dr PoisonGG

This user has referred a friend to League of Legends, click for more information

Senior Member

12-07-2012

Hello Riot / Summoners


My accound is currently under control of hacker. I have already sent an email to Riot. They sent me password recovery. But it did not help ! Hacker can still be on my account . And he still is .
So I spent last 3 hours by searching that possible " way " he does that . I found out critical bug that Riot should know of .

Quote:
- If hacker gets your password once - does not matter how .. Keylogger or anything .. you are screwed to be honest
- Once he logs off from your account - All he has to do is go to password recovery - and send it to his email. Link will be there for 24 hours - Yea he can have ful control
- Even if Riot gives you back your password .. all what HACKER needs is to do is go back to his email and click one of those recovery mails he has in his inbox, and tadaa, he gets the account back! Now all he needs to do is spam some more "forgot your pw" request recovery links and hes safe for the next 24hours, or until the poor guy who got hacked gives up.

I think this needs special attention . I have never gave my password to anyone and still somebody hacked my account.


Thanks. I hope that I helpe at least a bit . And sorry for my english I am not native speaker