Suspicious Activity - Log-In - Even though I have 2FA. | Forums

[UbiDork]

eeZfreeZ: Hi there! Thanks for reaching out about this! I just checked your Ubisoft Account "eeZfreeZ" and I do not see that there were any successful logins as you have 2 Step Verification enabled. Are you possibly reacting out about another Ubisoft Account?

[eeZfreeZ]

(sorry i'm new with posting in forums)

no not other accounts, i meant this account i'm using to post here. Here's a screenshot I took at the time of seeing those login entries

[UbiDork]

eeZfreeZ: Thank you for sharing that screenshot, and no worries! These may have been login attempts to try and access your account to try to bypass your 2 Step Verification, however, due to your 2 Step Verification being enabled, they were not able to access your account to view any account information or to make any changes.

[sp0odermen]

What's the point of having 2FA enabled if bruteforcers can still guess your password? I just received one of these emails as well, someone successfully logging in from Germany, but I have 2FA enabled. That is not how verification is supposed to work. All you've done is allow hackers to be able to gather puzzle pieces to get into unsecured accounts. With the knowledge that someone can just keep trying passwords until they get a specific response saying that the credentials are correct, this is a great way for hackers to put together an Email::Password list to sell to others.

Why should I have to change my password because your security is half-assed?

[UbiDork]

sp0odermen: Thank you for posting about this, and I do apologize that you ran into this instance. Please know that that due to having 2 step verification enabled, the player was unable to successfully login to your Ubisoft Account to make any changes or review any account information. As explained to eeZfreeZ this was an attempt to access your account information, however since they were unable to proceed past your 2 Step Verification, no access to your account was gained.

[VysairYT]

This morning, I received this email saying there was a successful login attempt to my account which I havent been using for longer than 3 months or touch it including the games. I dont use VPN either and Im somewhat careful with site Im visiting and leaking my info. Since I had 2Step on, the attacker shouldnt be be to access it but somehow they did which prompted me to change my password. Here's the thing, Google Auth is a mistake, the most stupid auth app to ever exist. It save everything locally so in the event of a reset (which I did), I will lost to ALL data on Google Auth since it didnt save them on a cloud. Now, the attacker can access MY OWN account which me, the OWNER cant. This situation is ridiculous so I would like to either disable 2 Step Auth or switch to the alternative (which I wont reveal to anyone else where Im even switching but it was from a trusted giant corp). I would like to contact the support but it was not 24/7 so that is a problem for me.

[VysairYT]

https://imgur.com/a/sEGCJin


nvm the previous reply, seems like I was about to recover my account via my phone number on this website and get rid of old google auth.

[UbiDork]

VysairYT: Okay, was this resolved for you and you are able to access you account without issue?

[andu3214]

I do see a successful login. It is likely that the user logged into a website that doesn't require two-step verification -- a website where nothing could be changed.

Why are there such Websites were you are able to login but don't need the 2fa?

Isn't this a big security risk for the Customer?

[dtm17]

I've been getting this same problem for the last few months.

The most recent one -

Login success
Hanoi, Vietnam
about 10 hours ago

Vietnam!? I'm in the UK! wtf!
I'm perfectly willing to abandon my account (Only got a handful of games....and I'm not Ubi's biggest fan)
....But if Ubisoft want to continue receiving money off me - they probably don't want that.

Please sort your security out.