Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Basically someone sniffed my packets and stole my auth token/cookie for a mobile

ID: 657061 • Letter: B

Question

Basically someone sniffed my packets and stole my auth token/cookie for a mobile game I have played on for a year and spent thousands on (crazy I know) and now they are controlling my account through their laptop and are threatening to delete all my progress.

I have tried changing my email address and password many, many times and it does generate new tokens but the old token still works also. I have spent weeks researching and trying to figure out how I can get them off my account.

I have emailed the devs many times, but they are clueless and unhelpful, so this is my last resort, please help.

Explanation / Answer

Unfortunately, the situation you describe appears unsolvable. You need to invalidate the token, but the only ones that can do so are the game developers.

Possibly you can persuade them of your identity, and after creating a new account have them transfer everything from the old to the new. The unknown crackers would then find themselves with an empty, lifeless husk of your old account.

Other approaches could involve trying to locate the unknown parties that have your token. If they're threatening I guess they're communicating somehow. (Just in case -- I'm not advocating recoursing to counter-threats. Things might end badly, or deteriorate anyhow. But knowing enough about the responsible parties might offer leverage [e.g. "they" is a skript kid with reasonable parents], or even be leverage by itself. It is difficult to erase the gaming account of someone who knows who you are and where you live, and might recourse to rubber-hose cryptanalysis).

You could also try and involve the police in this: at least in my country, any identifying access token, be it a stainless steel key, a code on a slip of paper, or a password, is considered my property and e.g. copying it with pencil and paper (with intention to use it to access my data) is a criminal offense. The nature of the data - online game, biscuit recipe or online banking account - is irrelevant.

So e.g. agreeing to release a sizeable amount of money or valuable hardware in exchange for a guarantee of the token being destroyed (a silly proposition - as they say, once you pay Danegeld, you never get rid of the Dane) would likely result in the culprit or culprits, usually not too experienced in the ways of crime, having you leave the booty somewhere and being intercepted by the police as they attempt recovery.

Related Questions

Basic concepts/knowledge testing: (a) In an electrochemical system, when the rea
Question #483743
Basic equations needed for your answers: PLEASE DRAW A DIAGRAM AS WELL P = M x V
Question #1549163
Basic equations needed for your answers: PLEASE DRAW A DIAGRAM AS WELL P = M x V
Question #1600289
Basic facts: The world\'s deepest mine is 2.4 miles deep. Railguns can acheive a
Question #1379488
Basic for loops, while, arrays, still learning, thank you Program 1: There is a
Question #3872717
Basic infiltration theory is used to study infiltration into a loam soil. Two ex
Question #2093944
Basic information $1,571 Assumptions: Sales price per ticket = $1,572 Variable c
Question #2419225
Basic information: Scientists went out and sampled individuals from the populati
Question #98212
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Basically phone based support system work for solutions, complaints, verificatio
Next
Basically strategic management are activities of top management peoples, like st

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.