How to log out of all devices?

TLDR: Account hacked, changed password but can’t force hacker’s device to log out of session.

I got my MCOC account stolen recently. I haven’t really been playing consistently in ages and definitely have NOT shared my account with anyone. However, I used a password that’s not secure at all, so I guess someone got into it. That’s totally my fault.

Whoever got in spent all my credits and changed my account name, support said they can’t help me recover those. Whatever, I’ll grind for a bit and make back the credits.

My real problem is that no matter what I have done, I can’t get the other guy out of my account. I changed the account password and I was still logged in on the app. Support said they unlinked my account from all devices, and I was still logged in on my phone. I even changed the email my account is attached to, and it still didn’t log me out of the app.

I know the other guy is logged in too, because I can still see quests being played on my account when I open the app sometimes.

If anybody has any tips for me, I would really appreciate it. I have had this account for nearly 10 years, and have sentimental attachment to it. If I can just get the other guy logged out, they won’t be able to log back in because they don’t know the new password. I have heard of other people having this same problem, but nobody has a solution.

PS: As a former backend developer, if the session/auth tokens are really not invalidated upon password/email change, that’s a pretty big security vulnerability.

Comments

falconXYZ

I’m also just now noticing that this guy is using all of my catalysts that I’ve been saving. Just absolutely ruining my account.

NARWH4L

The only way they were able to login at all is because you gave away your information via account sharing or hiring a merc. There's also the possibility that you bought or sold the account, though those are the least likely options here. Accounts don't get hacked.

Rayven5220

So you sold your acct and now you're trying to screw the guy who bought it? 🤣🤣

falconXYZ

Just to clear that up, I genuinely did not sell the account, hire a merc or anything. I don’t play this game too much anymore, but I’m attached to this account sentimentally. The only reason I know this happened was because I got an email that someone was trying to change the email linked to my account.

I’m also aware that accounts don’t just “get hacked.” I do not know how the other person got my account. I don’t know if I told my account details to someone years ago. But either way, I’ve never paid anyone money to play on my account, nor did I ever sell it.

Anyway, is it impossible to kick whoever is in my account out? Even with the help of support?

BringPopcorn

Lol

SummonerNR

Did you ever pass down an old phone to a sibling or friend, and that device still auto-login's to the game ?
Ir ever borrowed someone else's phone to login at sometime yours was not available or out of battery ?

That's sort of an issue with running this game, is that we are NOT required to actually login to the account to play it (from a device that had already previously been on that account as the default account).

You can even logout from game on your phone and still play in game on your phone because of it knowing default game account.

Yes, maybe security could be a little better, but in theory that is what Support told you in Kabam “clearing out saved devices” for your account. That should have worked.

*conversely, imagine if everyone were always required to manually enter username/password every time you open the game. Or worse, also require 2 factor authorization, just because you want to open the app and do something.

falconXYZ

that might’ve been what happened. I’ve gone through many phones in the last decade. I think I reset all of them before selling them but who knows.

I’m going to ask support to try unlinking the account from all devices again. If that doesn’t work, I know the guys email from when he tried to change the account email. I’ll just email him nicely I guess lol.

BringPopcorn

https://forums.playcontestofchampions.com/en/discussion/comment/2948888#Comment_2948888

Guardian gives you a plausible answer and you decide to say "that might be what happened" but then mess it up by saying you know the email of the person doing it...

You pass down devices to people you can't even recognize their emails?...

Herbal_Taxman

be honest with us OP, when was the last time you were in mexico

SummonerNR

other person trying to do “change email” may have caused a verification/notification email sent to OP himself. So may be how he knows who's email it is that also has access and is trying to do email change.

Doesn’t necessarily mean they know who thar person actually is (unless somehow identifies them as someone they know)

BringPopcorn

https://forums.playcontestofchampions.com/en/discussion/comment/2948917#Comment_2948917

Come on dude... This whole thing magically happens at the time of new challenges, new content and a new progression title. That's a lot of coincidences for someone to "hack" an Mcoc account.…

NARWH4L

https://forums.playcontestofchampions.com/en/discussion/comment/2948917#Comment_2948917

You would not get the email address of the guy trying to change an email address.

Lost____one

You can try delinking the app store you downloaded from all devices other then your current phone. If they are auto signing on it is through the other person's device app store link.

peixemacaco

Plot Twist

You're a merc that want the access to another account

falconXYZ

I know you guys just aren’t gonna believe me lol but here’s the exact notification I got with the guys email. The other guy hasn’t done anything in my account for 20 hours so I think I’m in the clear. I might’ve just annoyed him by keep opening the game.

Also as I’ve mentioned before, I haven’t been playing the game consistently. I don’t care about how stacked my account is or the new challenges. I pretty much have just been playing during the new year and july 4 events the past few years. 💀

BringPopcorn

Is that a Thronebreaker account?

Do you really think a person used his hacking skills to steal a Thronebreaker account?

NARWH4L

https://forums.playcontestofchampions.com/en/discussion/comment/2949221#Comment_2949221

I think someone used other skills to progress a Thronebreaker account...

BringPopcorn

https://forums.playcontestofchampions.com/en/discussion/comment/2949222#Comment_2949222

Plot twist, OP was conqueror and the hacker got him to Thronebreaker

AKTEK

This is not how it works for email change you have to go through security questions.How the other person got the security questions like when you created account? Location of account creation.Original email and in game name.First two real money purchases.

This arises two questions:

1.You are trying to sell account?

2. You bought this account and original owner trying to recover it usi g security questions.

MrSakuragi

https://forums.playcontestofchampions.com/en/discussion/comment/2949240#Comment_2949240

Some time ago, Kabam added an option to the game settings to change your email address. I haven’t gone thru the whole thing but the first screen asks if you still have access to the email connected to the account. It’s possible the above message is from that process.

Roggam

he must be super annoyed when you keep logging in and kicking him out

NoahSansman

https://forums.playcontestofchampions.com/en/discussion/comment/2949240#Comment_2949240

I don't think it's either of those things. If he was selling it, it's a thronebreaker account, so I'm sure that'd be worth like $10, and if he was buying it… again it's a thronebreaker account.

A merc is still possible because he could've hired them to help him get past act 7 or something. But even then, why would a merc be trying to keep the account when it's just thronebreaker?

I think it's more likely OP just gave away his login info on global because he wanted to quit and then now is regretting it.

Vendemiaire

"It's just a Thronebreaker account"

Yea, you can reset from the start and be thronebreaker by tomorrow. Your merc is probably planning to sell the account soon.