Jump to content
tinytim

I think I have an account that doesn't belong to me

Recommended Posts

Hello everyone!

Something really strange happened. I used to play here over ten years ago, but have stoppped playing. Yesterday I realized an email from Dragon cave, that told me that I had won a special egg in a raffle. So I was curious and opened the link. Of course I didn't remember my password, so I asked fo anonther one and resetted it.  I logged in and found out that this is definitely not my account, nor my dragons and someone has caught eggs just some hours before and has raised hatchlings in the last days (years). Since I haven't been active for at least 10 years, I have no idea what is going on. I don't think i do want to play again, but someone might have lost acces to his/her account now. Can someone give me advice what to do now??

Share this post


Link to post

@LadyLyzar @@purpledragonclaw - this needs TJ's attention.

 

But it sounds as though someone has hacked in to your account and taken it over.  If you got the email, it must be yours. That being so they shouldn't keep access to it anyway. So I'm glad you changed the password - it serves someone right....

Share this post


Link to post

Someone on the Discord said this sounded like a phishing attempt? I can't be too sure, the mods would know more than us. Also, a thing I might add, they're saying they got the email yesterday- which was September second. 2 days late from when the actual emails are usually sent out. Yeah, something fishy is going on there

Share this post


Link to post
14 minutes ago, Dalek said:

they're saying they got the email yesterday

6 hours ago, tinytim said:

Yesterday I realized an email from Dragon cave

They claim they saw the email yesterday, not necessarily received it. :o

 

I don't know what these observations are worth, but...

  1. The original poster's last recorded activity on the forum (before this thread) was 10 years ago give or take.
  2. Sure enough, the scroll of the same name has a brand new Bronze Tinsel on it.

Anything more advanced than this is 100% the jurisdiction of the moderators and TJ though, so I won't get much deeper, I think. Good luck to OP with sorting this out!

Edited by 0x08

Share this post


Link to post
1 hour ago, Dalek said:

Someone on the Discord said this sounded like a phishing attempt? I can't be too sure, the mods would know more than us. Also, a thing I might add, they're saying they got the email yesterday- which was September second. 2 days late from when the actual emails are usually sent out. Yeah, something fishy is going on there

Emails from DC often take a while to show up.

Edited by Fuzzbucket

Share this post


Link to post
10 hours ago, tinytim said:

Hello everyone!

Something really strange happened. I used to play here over ten years ago, but have stoppped playing. Yesterday I realized an email from Dragon cave, that told me that I had won a special egg in a raffle. So I was curious and opened the link. Of course I didn't remember my password, so I asked fo anonther one and resetted it.  I logged in and found out that this is definitely not my account, nor my dragons and someone has caught eggs just some hours before and has raised hatchlings in the last days (years). Since I haven't been active for at least 10 years, I have no idea what is going on. I don't think i do want to play again, but someone might have lost acces to his/her account now. Can someone give me advice what to do now??

Whoever it is has picked up new eggs on the scroll since when I checked this morning. Are you sure its not a family member or friend that you gave the account and/or email access to those 10 years ago?

Share this post


Link to post

If the email came to the OP, I'd think not. One rarely gets DC emails anyway, if not following threads on the forum.

Share this post


Link to post
1 hour ago, Fuzzbucket said:

If the email came to the OP, I'd think not. One rarely gets DC emails anyway, if not following threads on the forum.

Yes but op said they changed the password. How can the person have access to the scroll after that?

 

 

Share this post


Link to post

Huh, how odd.

 

5 hours ago, 0x08 said:

The original poster's last recorded activity on the forum (before this thread) was 10 years ago give or take.


The scroll in question also has dragons from 2012, then a jump to 2020 which ties into the inactivity period (its in age order). Someone would have gained access 2020. 
 

Its honestly baffling that, if someone did pinch the acc, would they not have changed the email linked to it to their own? I feel that you just need the PW but I could be wrong.

Share this post


Link to post
14 hours ago, Paradisiske said:

Yes but op said they changed the password. How can the person have access to the scroll after that?

 

 

If they had stayed logged in, they'd have been OK till they logged out. (I know this one, as I have been logged in on two devices and changed passwords on my main device once when TJ advised us all to do that; the second (my travelling device) stayed logged in until I logged out again.)

Share this post


Link to post

I would suggest that the OP change passwords for the email account as well as the scroll as well as logging the scroll out of every device.

Share this post


Link to post

Someone is actively using that account even now because they made an offer on one of my eggs.

Share this post


Link to post
1 hour ago, PrincessLucy said:

Someone is actively using that account even now because they made an offer on one of my eggs.

 

That is actually concerning, because it means that whoever's logging on to that account knows the password that OP already changed. I'm pretty sure you'd need to input the password to offer even if you have your action security method to be action name only. OP hasn't logged onto forum since Friday morning though, so I imagine since they didn't want to come back to use their DC account they've probably forgotten about it already.

Share this post


Link to post

As I said before - if that other person didn't log off, they can carry on regardless until they DO log off, as once you're logged in, you don't need the password. But what the OP could do is go to "account" and see what other device is logged in.

Share this post


Link to post
20 minutes ago, Fuzzbucket said:

As I said before - if that other person didn't log off, they can carry on regardless until they DO log off, as once you're logged in, you don't need the password. But what the OP could do is go to "account" and see what other device is logged in.

 

But you still need to input your password in order to trade? That's the part that I thought was concerning, because Princess Lucy said the person offered on her trade and it can't be done without a password, which I assume would need to be the new one after OP changed their password?

 

Either way I don't think OP really cares if someone else is using the account anymore judging by what they said in the first post

Share this post


Link to post

OH - yeah, right; good point. @TJ09 - maybe freeze the scroll to see if the OP cares ?

Share this post


Link to post
47 minutes ago, Moriaty said:

 

But you still need to input your password in order to trade? That's the part that I thought was concerning, because Princess Lucy said the person offered on her trade and it can't be done without a password, which I assume would need to be the new one after OP changed their password?

 

Either way I don't think OP really cares if someone else is using the account anymore judging by what they said in the first post

Does the action setting affect trading? I only use my password, so I don't know if it works for the Magi's BSA

 

image.png.9a5830e5f15d287cf79aa46ee85c3274.png

 

Also, they could force the imposter to log out with the new device settings.

image.png.64db55fe5d11f5b68e21db90ae4c5471.png

 

image.png.0741e2a3cf2cffa4f10f275e7ca9a26e.png

 

If the imposter still has access after the real owner force logs them out then changing the password again should work. If not then that's a serious breach or its someone who can get easy access to their information. 

Edited by Syiren
typos.

Share this post


Link to post
19 minutes ago, Syiren said:

Does the action setting affect trading? I only use my password, so I don't know if it works for the Magi's BSA

 

image.png.9a5830e5f15d287cf79aa46ee85c3274.png

 

 

I did exactly that to test (which was why I insisted it was concerning that the person using the account, if not OP, is able to offer egg on Princess Lucy's trade). I tried changing my setting to action names only and went on trade hub and saw that it still asked me to input a password when I click on one of the trades.

 

On the other hand, abandon and freeze (and I imagine kill too but I don't have attempts left) only need action names after changing the setting, as expected, so I simply don't think trade is covered by this setting

 

54223912_ScreenShot2021-09-07at6_49_48PM.thumb.png.031bd32ece2986bc40806447ccf75f25.png

 

1458997745_ScreenShot2021-09-07at6_49_57PM.thumb.png.a1af7dce6df9c2066be94b907c44df10.png

Edited by Moriaty

Share this post


Link to post
On 9/4/2021 at 2:49 AM, Fuzzbucket said:

If they had stayed logged in, they'd have been OK till they logged out. (I know this one, as I have been logged in on two devices and changed passwords on my main device once when TJ advised us all to do that; the second (my travelling device) stayed logged in until I logged out again.)

It may have been true in the past but I can confirm that this is not the case. I just verified that both the normal password change and password reset flows log you out from all other locations.

 

On 9/3/2021 at 12:26 AM, tinytim said:

Hello everyone!

Something really strange happened. I used to play here over ten years ago, but have stoppped playing. Yesterday I realized an email from Dragon cave, that told me that I had won a special egg in a raffle. So I was curious and opened the link. Of course I didn't remember my password, so I asked fo anonther one and resetted it.  I logged in and found out that this is definitely not my account, nor my dragons and someone has caught eggs just some hours before and has raised hatchlings in the last days (years). Since I haven't been active for at least 10 years, I have no idea what is going on. I don't think i do want to play again, but someone might have lost acces to his/her account now. Can someone give me advice what to do now??

 

If the account is registered to your email (and the email is verified) and you've reset the password, then it's yours. If you don't wish to keep it, you can reach out to me about closing it down.

Share this post


Link to post

Forgive me if I sound foolish, but I am genuinely concerned. How would the person even know the user's email address let alone have access to it. I've seen plenty of phishing attempts (none on DC), but this is really baffling unless I'm just looking more into this than I need to.

Share this post


Link to post

The person wouldn't have needed to access the email. The prize can also be claimed from the "raffle status" under notifications, I think ? But the password would have been needed - IIRC

 

7 hours ago, TJ09 said:

It may have been true in the past but I can confirm that this is not the case. I just verified that both the normal password change and password reset flows log you out from all other locations.

 

 

That's good to hear, TJ - hanks.

Share this post


Link to post

I was assuming OP claimed the prize when accessing the email. Its the other eggs that are potentially concerning.

Share this post


Link to post
10 hours ago, Tetelestai said:

Forgive me if I sound foolish, but I am genuinely concerned. How would the person even know the user's email address let alone have access to it. I've seen plenty of phishing attempts (none on DC), but this is really baffling unless I'm just looking more into this than I need to.

Perhaps it is a friend or relative of the OP. My son can access my email (but doesn't as he has no need to). If the OP hasn't changed their password to their email, whoever got in before can get back in again, as they can request a password/change thru that email and then delete any emailed responses for DC.

 

I do believe that that scroll has offered on trades of mine before. 

Share this post


Link to post

2 minutes ago, that scroll again made an offer on my trade.

Share this post


Link to post
  • Recently Browsing   0 members

    • No registered users viewing this page.