Page 7 of 28 FirstFirst ... 5678917 ... LastLast
Results 61 to 70 of 275

  Click here to go to the first staff post in this thread.   Thread: How 'secure' is SCID?

  1.   Click here to go to the next staff post in this thread.   #61
    Darian[Supercell]'s Avatar
    Join Date
    May 2017
    Location
    Under a Rock.
    Posts
    5,945
    Quote Originally Posted by JusMe View Post
    Just think of the situation as described in the OP, where NONE of that information is requested by SC and accounts are seemingly handed over to scammers with no verification besides information that's readily available in the API, and the rightful owner of the account is left with the message their SCID has expired without any recourse, however much proof of ownership they provide (because support apparently won't even look at the case anymore).
    This simply doesn't happen. I cannot go into the technical details behind the scenes of how this is impossible, for security reasons, but accounts are not just handed over with no verification. Anyone claiming otherwise is simply not being truthful about their activities. The most likely scenario is that someone shared their account information or the account itself and was scammed out of it and does not want to admit to it.
    AKA Tank Puppy
    https://twitter.com/Devourlick

    If you have account-related questions like account bans or Supercell ID issues, please contact Player Support at this link. Please note that Community Managers and Forum Moderators are unable to assist or answer any account-related questions.


  2. #62
    Furry Bunny wotanwaton's Avatar
    Join Date
    Nov 2017
    Location
    right behind you
    Posts
    16,267
    Quote Originally Posted by Darian[Supercell] View Post
    This simply doesn't happen. I cannot go into the technical details behind the scenes of how this is impossible, for security reasons, but accounts are not just handed over with no verification. Anyone claiming otherwise is simply not being truthful about their activities. The most likely scenario is that someone shared their account information or the account itself and was scammed out of it and does not want to admit to it.
    But that is what people are telling here on forum:
    Never shared village
    Never shared any informations
    Never got scammed
    And also people telling that they recovered their account without any additional informations as name tag and level.

    I dont believe that support would recover villages with such informations everyone can see inthe game.


    Edit:
    Forgot to say that most times these people had many villages and ALL villages got "hacked".
    Last edited by wotanwaton; January 18th, 2021 at 04:39 PM.

  3. #63
    Forum Elder Colin94's Avatar
    Join Date
    Aug 2016
    Location
    Germany
    Posts
    2,347
    I've always wondered whether it's safe to share a screenshot of my base (for example to show a scenery or decorations) where people can see the exact amount of gems of my account. Could an attacker use that information to "recover" my account?

  4. #64
    Forum Hero JusMe's Avatar
    Join Date
    Feb 2017
    Location
    amongst the stars
    Posts
    6,932
    Quote Originally Posted by wotanwaton View Post
    But that is what people are telling here on forum:
    Never shared village
    Never shared any informations
    Never got scammed
    And also people telling that they recovered their account without any additional informations as name tag and level.

    I dont believe that support would recover villages with such informations everyone can see inthe game.


    Edit:
    Forgot to say that most times these people had many villages and ALL villages got "hacked".
    Currently there are multi-accounters of which first one, and then one or a few more accounts were compromised, but not all of them, I think

  5. #65
    Hi Forum,
    I´ve been following this discussion for quite some time now without posting. Finally made up my mind. Might become a bit lengthy though....
    1. personal experience
    I wanted to change one of my SC Ids recently. Wrote down all of the information, they might ask for and contacted support via ingame. The conversation went somehow like this :
    Me : " I would like to change the mail address connected to my SC ID"
    support : " Just give us the new mail address and we´ll send you the unlock code"
    Me : "new mail address is XYZ"
    support : " you should have the code now"
    And that was all. No questions asked. Now I was contacting support from the associated account and support might have seen that I already had access to that account. But still....


    2. personal experience
    some months ago I received an email from SC support with an unlock code, although I didn´t request any. 2 Days later, another mail with another code. I ignored both. Later I heard from a clan mate, that he also received an unrequested unlock code, but it went to the mail account, that he only used for this forum. No coc account attached to this mail address. It was never used for any other purposes as to create a forum account. I must admit, that the mail address I received the code on, was the same, that I used to create a forum account - shame on me. The password for mail and forum are different though.
    Looks like someone "hacked" the forum accounts and got hold of a bunch of mail addresses along with their passwords (probably), and now tries out, if those mail addresses and passwords also work as SC ID in coc.


    3. hearsay
    This one is about "hacked" clans. Looks like, if the clan leader is a low TH, and you contact support to change the SC ID, you might get lucky, as the date, when this account was started is easily guessed, and there probably are no ingame purchases.
    If the guy (or girl) you are talking to has a "good day", you might get through with just the basics.


    I think, account management should be completely in the hands of the "owner". As far as I know, support employees dont´t work for SC. I like to think of them like the people working at the hotline of an internet provider, and I surely don´t like the idea, that getting banned or not might be dependent on someone having a "good day" - to exaggerate it a bit...
    There must be better solutions.
    For one, the code could be sent to a phone number via SMS instead of mail.
    Best would be - in my opinion - if the whole account management thing would be handled via an app, that lists all of your accounts and all of your devices. This app should run on PC and mobile and would be accessed via a master password. New devices would be detected when on the same network and could then be granted access to one or multiple accounts per checkmark. They could also be denied access per unchecking.
    Would take the whole account recovery process off of supports shoulders. Also selling accounts would be very difficult, as it would require buyer and seller being on the same network.
    There might be better solutions, but I think, as it is now, there surely are security issues with SC ID, and they are not exclusively on the user side.
    For every complex problem there is an answer that is clear, simple, and wrong

  6. #66
    Forum Hero JusMe's Avatar
    Join Date
    Feb 2017
    Location
    amongst the stars
    Posts
    6,932
    Quote Originally Posted by Colin94 View Post
    I've always wondered whether it's safe to share a screenshot of my base (for example to show a scenery or decorations) where people can see the exact amount of gems of my account. Could an attacker use that information to "recover" my account?
    You can share a screenshot without that information by going to the base editor and sharing from there, i think?

  7.   Click here to go to the next staff post in this thread.   #67
    Kaptain Kat's Avatar
    Join Date
    Oct 2012
    Location
    Rundum Hause
    Posts
    12,385
    Quote Originally Posted by Colin94 View Post
    I've always wondered whether it's safe to share a screenshot of my base (for example to show a scenery or decorations) where people can see the exact amount of gems of my account. Could an attacker use that information to "recover" my account?
    You know what... it’s better to be safe the sorry in such cases. I can’t give you definite answer if it’s sensitive information.
    However if you want to be safe then you should use the photo mode in your village edit mode.

    It removes all buttons and information and loot and would actually produce a better screenshot.

    Thank you! ClashOfHolmes for an awesome sig!

    Just call me K, my name is too difficult to spell.
    Hay Day | Level: 120 | # VL8GVUL | Main Hay Day Topics | Forum Rules | HD Wiki
    Clash of Clans | Level: lost count at 200 | #Y0VJUJG

  8. #68
    Quote Originally Posted by Tomius View Post
    Hi Forum,
    I´ve been following this discussion for quite some time now without posting. Finally made up my mind. Might become a bit lengthy though....
    1. personal experience
    I wanted to change one of my SC Ids recently. Wrote down all of the information, they might ask for and contacted support via ingame. The conversation went somehow like this :
    Me : " I would like to change the mail address connected to my SC ID"
    support : " Just give us the new mail address and we´ll send you the unlock code"
    Me : "new mail address is XYZ"
    support : " you should have the code now"
    And that was all. No questions asked. Now I was contacting support from the associated account and support might have seen that I already had access to that account. But still....


    2. personal experience
    some months ago I received an email from SC support with an unlock code, although I didn´t request any. 2 Days later, another mail with another code. I ignored both. Later I heard from a clan mate, that he also received an unrequested unlock code, but it went to the mail account, that he only used for this forum. No coc account attached to this mail address. It was never used for any other purposes as to create a forum account. I must admit, that the mail address I received the code on, was the same, that I used to create a forum account - shame on me. The password for mail and forum are different though.
    Looks like someone "hacked" the forum accounts and got hold of a bunch of mail addresses along with their passwords (probably), and now tries out, if those mail addresses and passwords also work as SC ID in coc.


    3. hearsay
    This one is about "hacked" clans. Looks like, if the clan leader is a low TH, and you contact support to change the SC ID, you might get lucky, as the date, when this account was started is easily guessed, and there probably are no ingame purchases.
    If the guy (or girl) you are talking to has a "good day", you might get through with just the basics.


    I think, account management should be completely in the hands of the "owner". As far as I know, support employees dont´t work for SC. I like to think of them like the people working at the hotline of an internet provider, and I surely don´t like the idea, that getting banned or not might be dependent on someone having a "good day" - to exaggerate it a bit...
    There must be better solutions.
    For one, the code could be sent to a phone number via SMS instead of mail.
    Best would be - in my opinion - if the whole account management thing would be handled via an app, that lists all of your accounts and all of your devices. This app should run on PC and mobile and would be accessed via a master password. New devices would be detected when on the same network and could then be granted access to one or multiple accounts per checkmark. They could also be denied access per unchecking.
    Would take the whole account recovery process off of supports shoulders. Also selling accounts would be very difficult, as it would require buyer and seller being on the same network.
    There might be better solutions, but I think, as it is now, there surely are security issues with SC ID, and they are not exclusively on the user side.
    I guess I'm missing something. What is wrong with support sending the code to the email address you control that is associated with your account so that you can then link a different email address? That is how you control your account, through your registered email address.

    Contact SC here. Click here for how trophies are calculated. Click here to see how war map placement of max halls is determined. An idea to improve legends here. I wish max players had a separate loot bank as described here. Caution, I often discuss for the sake of discussion and enjoy having my opinion challenged (or approved of) even when I care little about the actual issue. My balance wish: get rid of tornado trap, make it a decoration.

  9. #69
    Forum Elder Colin94's Avatar
    Join Date
    Aug 2016
    Location
    Germany
    Posts
    2,347
    Quote Originally Posted by Tomius View Post
    Also selling accounts would be very difficult, as it would require buyer and seller being on the same network.
    Could just use a VPN lol

  10. #70
    Senior Member Unobservr's Avatar
    Join Date
    Jun 2015
    Posts
    215
    Quote Originally Posted by Kaptain Kat View Post
    Just think of this situation... how easy is it to get into a “how did you start playing the game” conversation in clan chat. Quite often a time frame of when that person started is casually mentioned or can be easily reconstructed. I’m sure a whole lot have been in such conversations or have seen them...
    Sorry my English is not good. Are you suggesting that whenever that kind of questions asked (in chat, forum, elsewhere) that I/we just have to ignore?

    Wouldn't it be a good idea to put that into a rule (Forum Rules for the forum, ToS for the game)? Something like, "Do NOT ask how/when did you start playing the game"?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •