Page 1 of 2 12 LastLast
Results 1 to 10 of 11

  Click here to go to the first staff post in this thread.   Thread: Sparky support bot is super unsafe

  1. #1

    Exclamation Sparky support bot is super unsafe

    Today I couldn't login into one of my mini accounts (somehow my email wasn't connected to supercell id even when I was using it), so I contacted support there was Sparky. After couple of questions I got my account back.

    So what makes Sparky not safe?
    It asked me 4 questions:
    • Village id
    • Village name
    • Town hall level
    • Clan name (if account was in one)


    This took literarly 5 min. Like 2-3 years back, when I lost my main I was asked all questions Sparky asked, but personal questions too, like when I created it and billing recipe (even I didn't bought anything).
    What makes Sparky dangerous about this, is that all of the questions, that I was asked today can be found in-game by any other player. So any player could if asked only those questions, can literarly steal any account they wants.

    This should be fixed as soon as possible.

  2. #2
    I dont understand in what other simple terms can you be asked other questions rather than the basic questions.

  3. #3
    Forum Master wotanwaton's Avatar
    Join Date
    Nov 2017
    Location
    right behind you
    Posts
    10,096
    sparky was added last year so you cant have had him 2-3 years back. normaly sparky asks this question you mentioned with following "support agent will contact you soon." than the real ownership verification starts.

  4. #4
    Pro Member Ocube06's Avatar
    Join Date
    Mar 2017
    Location
    Look behind you!
    Posts
    727
    Supercell own your accounts lol, you dont steal what you own. They are asking those information to verify if truly you are the right custodian of the said account

  5. #5
    Apparently noone gets that, back then when Sparky wasn't a thing, real person asked you questions about your account that can't be found in-game directly like "when did you created your account", which I was asked by real person (which means date when account was created is writen in database). I don't get why Sparky didn't asked me today. If only "basic" questions (which answers can be found in-game), then anybody who wants someone else's account, then Sparky would give that player's account to them. It can be easily exploitable.

    I am aware that this questions are to verify if you are true owner of account, but this is ridiculous, that you are asked questions, that can be found in-game.

  6. #6
    Forum All-Star MasterEdy's Avatar
    Join Date
    Oct 2016
    Location
    South East of China, not that far away from Shanghai, or Hong Kong, just where my heart is...
    Posts
    4,360
    The only reasonable solution as to why you weren’t asked any more questions I can think of is that the system evaluated that you wrote to support from exactly the same device you played the game from and it evaluated it as secure.

    After all, it is one of the verification questions you’re asked.

  7. #7
    Super Member
    Join Date
    Jun 2015
    Location
    Bumtruck, Egypt
    Posts
    970
    Quote Originally Posted by MasterEdy View Post
    The only reasonable solution as to why you weren’t asked any more questions I can think of is that the system evaluated that you wrote to support from exactly the same device you played the game from and it evaluated it as secure.

    After all, it is one of the verification questions you’re asked.
    This. They know your device and your IP address.

  8. #8

    Join Date
    Sep 2014
    Location
    Digging another tunnel in the data mine
    Posts
    6,543
    Quote Originally Posted by MasterEdy View Post
    The only reasonable solution as to why you weren’t asked any more questions I can think of is that the system evaluated that you wrote to support from exactly the same device you played the game from and it evaluated it as secure.

    After all, it is one of the verification questions you’re asked.
    And also... what was the solution you wanted? Did it get connected to a different email, or did it get sorted out so that the connection to the existing email was working right?

    If the latter case they already know it's you; so it's not so much an ownership test, just making sure they have the right account to fix the problem on. And as others pointed out, even in the former case they can possibly detect the device you are on already had that account loaded.
    Various data posts: Who plays what? CWL data 1 (stars), 2 (3* rates), 3 (rosters), 4 (start times and other) Data at end of old Legends And (non-data) how max bases are ordered in war
    --------------------
    Forum cup organiser. The forum cup discord server is: https://discord.gg/KEUxV2e

  9. #9
    Forum Champion StormHeart's Avatar
    Join Date
    Jan 2015
    Location
    Philippines via Memphis, Tn. USA
    Posts
    5,079
    It sounds like excellent customer support to me.

    You didn't really explain why you think it is unsafe. I guess you fear that anyone could have done that but you don't know that. I have had some issues with support but I think you're beating them up when they did great.

    They didn't give you password info, they didn't transfer the account any place. You didn't explain what they did. If someone has access to your email account then that's another issue. They just fixed it so you could log into it.
    Last edited by StormHeart; 3 Weeks Ago at 02:57 PM.

    Signature Banner from ClashofHolmes
    Stormy Knights Leader
    Join Stormy Knights
    Join us on Discord
    Player Tag: ​#20RRP9UQ8

  10. #10
    Yeah, am sorry. I've overreacted. I forgot that they know all device that you play on. I apologize for missinformation and blaming the system. Maybe you are right, that they ask different question on different circumstances.

    They did greate service.

    Again, I am sorry.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •