BoardsPlayer Behavior

How low account hijackers had become

Regenos·5/14/2017, 2:03:07 PM·483 votes·21,515 views

Hello guys, I'm writing from my banned account to share some story with you. I've created my account long time ago, I've invested a lot of time and cash to improve it. Bought lots of skins, champs. It was great adventure. But sometimes u can get bored from playing one game. I made a break from League Of Legends in last days of December and didn't really bother checking the account. I came back to league, tried to log in and saw: http://i.imgur.com/bHJc9Oq.png

I was like: "Wait what...? It must be some kind of mistake". I logged into my support and saw this: http://i.imgur.com/dPAEeP9.png Translation to English: "Someone is hijacking my account and i want to change password but to do that i need old email" He then writes that he lost access to his email 4 years ago (It's not true, the real owner has it even now) and wants to convince support that he is the real account owner by telling about champ and skin refunds (it's not like he could see it in history). He then says about account creating location, which is untrue. Unlucky for him support isn't so eager to let him change the e-mail and sends him to the other page.

He got access to my account probably because of Brute Force method, because none of my other accounts (for ex. facebook or email) were stolen and I had the same login and summoner name. He played few games, mainly rankeds (lost a lot of them). I think he just couldn't get this account for himself so he thought "if i can't, nobody will" and used scripts to get my account banned.

After I realised what happened I wrote to support about my acc being compromised. I got answer that my account was disabled because of using scripts, exploits or other third-party programmes. I wrote to support once again with clarification that I wasn't the one who used them. Their answer was negative.x Had I known, I would have changed my summoner name or used even harder password, so they wouldn't get it so easy.

When I was checking the boards I saw topic about some scripters being unbanned... It was sad for me considering the fact they said they won't be able to help me...

I know there is almost no chance to get my account back, but if there's any Rioter who reads this, i've got two questions and a request.

First of all... Is it possible to know when were the scripts used on my account, so I could be 100% sure when was it done? I didn't get email notification and found out about ban when logging to my acc.

Second is: Is there anything I could do in this situation or is it just lost forever?

Third is: Could u please implement some kind of authorisation feature? Many different sites or programmes are using it and it helps a lot. I'm pretty sure if it was at that time on League, I wouldn't be here right now. It would prevent many other uncomfortable situations.

Thank you If you read it up to the end and thank you in advance for any kind of information.

109 Comments

Only Play Darius5/14/2017, 3:25:31 PM119 votes

Let's get this upvoted and see if we can't get your account back. The Rioters here are much more effective than player support.

Digital Badger5/14/2017, 3:31:33 PM50 votes

A lot of games have SMS verification these days. Perhaps Riot could look into something similar to try and prevent similar things in the future?

Rough luck though. Here's hoping you can get it all sorted out!

ModCaptainMårvelous5/14/2017, 5:52:43 PM38 votes

The fact that League doesn't have two-factor authentication in 2017 is borderline insane.

Joseph Gladstone5/14/2017, 4:04:16 PM35 votes

perhaps riot could become a better company

Legacy Hydralpha5/14/2017, 3:46:18 PM23 votes

Could someone at Riot notice this? I've always seen Riot support be really bad at helping, but the Rioters who post here do a great job of letting people know what's going on and looking into it.

RiotRiot Bartosz5/19/2017, 10:06:15 AM17 votes

Hey guys,

Just to give you all a heads up - this is quite complicated case including a lot of sensitive information and currently we're discussing with Regenos privately in the support ticket. We'll grant him an exception as we discovered multiple facts over the course of this case, which is not necessarily all his fault. Case is ongoing and we're actively looking into that to solve the case with the best possible result for him.

Sorry for the messy communication from our side but as Glar mentioned before, we're not dragging out the personal info and investigation over the boards, due to the privacy and compliance rules that we have to obey.

Thanks for bringing this up to our attention, we put our players always on top of everything and I assure you, that we'll do our best to not leave anyone behind.

Karfuss5/14/2017, 11:16:11 PM15 votes

Upvoted for vision.

Riot Support is seriously lacking. You will not get an unscripted response unless you consistently press the issue, in which they'll refer to someone higher ranking and more qualified. Their job is simply to filter complex issues from routine ones using initial scripted responses, which unfortunately, is a role that exists in all customer support and complaint services.

ModAttysu The Poro5/14/2017, 4:54:40 PM14 votes

There is actually a chance your account got banned as a fail-safe to protect it from being broken into! I'd recommend contacting support and giving them as much info as possible as to when the account was made, time zone, IP if possible, and a Rioter should be able to help you figure this issue out and see if you were actually perma-banned for breaking the rules, or if it was someone breaking into it. [slayer-jinx-catface]

PS: If scripts were used while your account was not in your possession, they should be able to see that and not penalize you for it. At most they'll ask you to make your account more secure.

Regenos5/15/2017, 10:15:02 AM13 votes

Okay guys, here's a little update: Sadly, Riot still hasn't contacted me in any way, so I'll try once more to settle this with support, maybe they'll tell me something other than "your account has been banned because we have detected third party programs". And honestly I'm really surprised that this thread got over 300 upvotes in 24 hours, with mostly positive responses! Thank you all! And well, if I don't get my acc back, let's hope that Riot at least implements 2FA to prevent such situations in the future.

RaigaPL5/14/2017, 3:49:36 PM11 votes

Absolutely disgusting. I hope you get your account back.

TwitchInMyPants5/14/2017, 11:42:40 PM9 votes

Badger the support and keep posting updates here. Rioters can't ignore this if we give it visibility and you're actively trying to get the attention of higher ups. As dumb as the automated messages are persistence is key to get them to redirect you to someone. Rioters view the boards here a couple times a day but you have to get the right person to see this thread unfortunately, if you want your account you need to be persistent.

FROScountered5/14/2017, 4:03:48 PM9 votes

I hope you get your acc back one of my account got suspended because a chargeback of 347 USD and they didnt even tell me the reason in question they only threw me this like that and send email bot to respond to me . Riot wont help you if youre in a situation as harsh like this .

ShinkoMinori5/14/2017, 8:01:08 PM7 votes

You should post it on reddit.

Ulquiorra9955/14/2017, 8:32:36 PM6 votes

I just can't comprehend how can this game be so popular for so long and still not implement even the most basic security measures; with "you're held responsible for everything involving your account" policy it is just unacceptable.

AwesomeChad5/15/2017, 1:50:28 AM6 votes

I find it funny just how the community piggybacks all Rioters as if they're all good people even though these people don't know these Rioters on personal level nor know anything about what they've done for the community. Let me make it clear: there are GOOD rioters and there are BAD rioters. These are people (human beings just like you and me) who can have bad and good days. They could also love or hate their jobs. Just because they have a badge and a title that says "Riot" doesn't excuse them from doing bad things nor being negligent. My main point is this: Regenos, keep on posting this until you find that one rioter that actually cares and listens to your post. Keep doing it and I will keep upvoting your post to make sure this gets recognition. I hate those rioters that treat each case like any other and you can tell who they are by the fact that they'll give you some generic response and try to pass your case onto someone else.

R2D205/15/2017, 6:44:44 PM6 votes

BUMP

I'd love 2 factor authentication (have it on blizzard, steam, facebook, everything really...)

bro0rtega5/14/2017, 4:51:32 PM4 votes

I hope you can get your account back. I think you deserve a second chance.

Captainn Ginyu5/14/2017, 9:03:50 PM4 votes

i had a situation like that a while back but i manage to catch the guy in the middle of the act (he was playing a game as jhin at the time in ranked) an just changed my password as soon as i found out guess i was lucky

but yea if you can prove it wasnt you you should get your account back

58697132DEL15/14/2017, 9:06:54 PM4 votes

Something similar happened to me. Someone banned my ofrig account by going into RANKED of all things (at this time in league i wasnt ever considering playing ranked) and feeding and being toxic. next thing i know im informed im banned. tried telling riot they said we have no way to prove that wasnt you so you're SoL.

Now they implemented some "soft lockout" thing that prevents instabanning accounts but too little too late for us guys unfortunately.

LunarStrike5/14/2017, 10:04:49 PM4 votes

if riot dont unban this im leaving lol

Siegfriedx15/14/2017, 5:53:28 PM4 votes

i support @tantram giving a look on this case!

brockbridges5/15/2017, 7:43:07 AM4 votes

300 likes, 20 hours on the boards, and no Riot comment lol

Glar5/16/2017, 5:58:07 PM4 votes

Hey Regenos,

This is Riot Glar from the EU Player Support, since your account is on EUNE I will try to answer to your questions.

  1. We can't share any information regarding what or when the exploit was detected. As revealing any information can compromise our future investigations.

  2. We can review the case if you submit another request to the player support. I can't discuss with you on the Boards about your account due to privacy reason (pretty big thing in EU XD) , but we can provide you with all the context there.

  3. I personally don't have an answer to this topic, since I work in Player Support, but I will pass this feedback to team that takes care of login and security. Nevertheless, I can tell you that we have a lot of systems in place within Player Support to keep the security of all your accounts and we are always improving them. Unfortunately, I can't give you the specifics of these systems, due to security reason, and I know this might sound like not too much for you, but you'll have to trust me on this.

I hope this information can help you!

Fayrii5/14/2017, 7:51:28 PM4 votes

I had a similar case and in my ticket i asked the support about some authorisation feature and this question was simply ignored, wich for me indicates that they dont really care about security related topics.

Smiljonsey5/16/2017, 7:48:38 AM4 votes

We definitly need something like this. To be quite honest I don't get why Riot hasn't looked into 3 step verification yet. Every big company has it (Google, Facebook etc). We need to get a push notification on the League Friends app or just a message to our phones every time we log in from a new IP-adress.

Hopefully some Rioter reads this and will look into implementing it soon.

Gimpy895/15/2017, 12:18:12 PM3 votes

Security issues are real man. I had someone do the same thing to my smurf, but I am very active and noticed quick enough to get my account back before it was perma banned.

Martensitic5/15/2017, 1:43:47 PM1 votes

Third is: Could u please implement some kind of authorisation feature?

They did.

Its called a "Password".

If the one you have chosen was breakable by a brute force or dictionary attack, then sorry to tell you this, but its your responsibility to chose a password of sufficient strength.