sign in security (2fa)

[NA0K0]

Support! Cant believe that we dont have it already

[arcadia.]

support, especially after what just happened with the reversed trades

[flowergoggles]

big support

[Insomniyote]

Fully supported

[plunch]

support!

ive noticed accounts that havent been active since 2019-20 have been getting targeted. 2fa would not be applicable to those accounts, since theyre not even active in the first place to integrate/activate 2fa into their account. a good alternate solution to this would be to force regenerate passwords for accounts inactive since 2020, and if the original user happens to log in (with their original password) they would be notified that their password has been changed in order to keep their account safe. this would prompt a confirmation link sent to their email to ensure that this is the original user, and they would go to their email to change their password again.

like others have said, if a user has logged in from a new ip address, this should immediately prompt an email confirmation that this is the account owner and recognize that this ip address can now be trusted.

[Lex.]

support!

ive noticed accounts that havent been active since 2019-20 have been getting targeted. 2fa would not be applicable to those accounts, since theyre not even active in the first place to integrate/activate 2fa into their account. a good alternate solution to this would be to force regenerate passwords for accounts inactive since 2020, and if the original user happens to log in (with their original password) they would be notified that their password has been changed in order to keep their account safe. this would prompt a confirmation link sent to their email to ensure that this is the original user, and they would go to their email to change their password again.

like others have said, if a user has logged in from a new ip address, this should immediately prompt an email confirmation that this is the account owner and recognize that this ip address can now be trusted.

Support. There were 2-3 more today.

[lyney]

2 more accounts just got breached in the last like. 20 mins lol. i think this puts us at 13? ish. give or take a few

[VESSEL_mp4]

friendly bump and reinstating my absolute support! the fact more and more accounts are getting take is a sign for immediate action, and if that isn't taken then I'm not sure people will find this site safe enough to play on.

[sirenni]

i’ve put my suggestions in many different threads but I just wanted to give a friendly bump !! In the last week I’ve been personally able to witness THREE accounts be hacked and then deleted (or voided until the actual owner logs in idk) one being just today, a user posted a “I’m quitting take my pets” I didn’t think much of it until they stated that they had a wishlist lock but just to add random wishlist pets and they would accept your trade?? I immediately went to go cancel the trade but it was already reversed. Three is three to many and this needs to be fixed ASAP, more and more hackers are getting into accounts and then “quitting” all the pets of the hacked account, it’s like they are trying to cause an explosion of the cs trading system. If more and more hacked trades are sent or adopted, more and more people will be affected and discouraged from cs.

This is bigger than a trading problem, this is going to cause people to leave to site altogether from fear of being hacked and just general annoyance. This will cause the site to die if measures are not taken.

Here’s a quote from another suggestion forum I made, maybe to get the idea out there

i don’t know if this is possible but discord has a thing set in place that if an unknown IP address/location attempts to login to your account than it prevents you from logging in and has you check your email to click the confirmation code. I feel like this would be a good solution too to catching hackers before they get into the account ~ if you get an email saying an attempted login from an unknown location was sensed but you never left town, than admin can be contacted and maybe the problem can be resolved before it even starts.

This was just a thought, I don’t know how it would work out but I definitely think email safety needs to be used c:

[Lex.]

Agreeing with serenity- here.
This site has proven to be unsafe.
Due to data breaches related to Animal Jam, Webkinz & Neopets, at least a dozen accounts have been hacked into.
If you ever posted on the respective threads for any of these sites or even have a same/similar username or any sort of information ANYWHERE here on CS about said sites, I recommend everyone delete that information and change your passwords immediately. Even if the passwords for both sites aren't the same, the email could be. Change the email linked to your account too, it's only better to be safe rather than sorry.

CS needs to email inactive users saying that there's been a breach and multiple security issues. These people need to be made aware of this so that they can take the proper precautions, or genuinely give their pets away rather than a hacker doing it for kicks.
I was given a gift worth at LEAST 2.5N from a hacked account, but for what reason? It was just going to be reversed, but I think the hacker knew this.

And now, those pets have gone to die on an inactive account. There has been no staff response whatsoever. Every other response has lead to a locked thread. When will it end?