Boards[ARCHIVED] Miscellaneous

Weak Account Security

Zanko9·1/14/2016, 12:57:41 PM·9 votes·861 views

I have just recently learned that 1 of my accounts has been compromised. Basically after finding out the password is incorrect, i tried resetting the password or clicking the lost username link and I did not receive an email from either one of the links. After checking if the reset password and lost username links work on my other account (and finding out that they do), I came to a conclusion that my account has been hacked. What shocks me is that I haven't received a single email from riot informing me that a) My password has been changed b) My email has been changed. What shocks me even further is that after changing the email on 1 my other accounts, I found out THAT RIOT DOES NOT REQUIRE VERIFICATION FROM YOUR CURRENT EMAIL TO CHANGE THE EMAIL. I can't believe that any of this is true since companies like Blizzard inform you when your battle.net password is changed and require you to verify an email change through your current email that is registered to the account. This is seriously a major account security flaw and it makes it more complicated to recover your account (since you have to go through submitting a ticket through account recovery and god knows how long that is going to take). If i had known that the email to an account can be changed so easily, I wouldn't have given Riot a single dime. This account that got compromised is pretty much my main and I have poured over 500$ into it (at least). Luckily none of my other accounts have been compromised (including steam, battle.net etc) so i dont think that i have a keylogger on my computer. Furthermore, riot doesn't have any other security measures to my knowledge such as a secret word, answering security questions, having sms authorization for email/pw changes etc. I am disappointed in RIOT because this game has been out for a long time now and for security features to be this lackluster is just unacceptable. I really hope that riot does more to improve security features to our accounts otherwise I'm gonna consider stopping to play this game altogether.

7 Comments

Zoran Sumadinac 1/14/2016, 1:32:15 PM1 votes

Yeah it's total bull. Nothing we can do but pray nobody gets our passwords.

DrCyanide1/14/2016, 1:35:20 PM1 votes

I found out THAT RIOT DOES NOT REQUIRE VERIFICATION FROM YOUR CURRENT EMAIL TO CHANGE THE EMAIL. I can't believe that any of this is true since companies like Blizzard inform you

That's nothing... I found out the hard way that EBay doesn't require a verification email before changing your email address. They send you an email saying "we did it!" after it's done.

Zero0001/14/2016, 1:36:22 PM1 votes

I just test it and i did get a E-Mail. Did you even verified your E-Mail?

Hilary Clintbag1/14/2016, 5:38:53 PM1 votes

Law Suit awaiting to Happen should someone obtain your password and begin to hack other accounts of yours across the web =)

EU SRB TOP GUN1/14/2016, 10:23:48 PM1 votes

same happened to my friend, he quit league after finding out you can change the email so easily