Results 1 to 4 of 4

Thread: Bypassed AAP is now a thing?

  1. #1
    Squire Mimpje's Avatar
    Join Date
    Dec 2016
    Location
    "Such an awesome place"
    Posts
    27

    Exclamation Bypassed AAP is now a thing?

    Hi, recently my account got stolen. Actually stolen, the email of my account got changed without me receiving any mails. I'm extremely confused by how this is possible, my mail didn't get hacked if you thought that was the case. I made this post to aware mods/developers to this issue. I already opened a support case so this is not meant as a scream for help. I just want all of you who are reading this to help me explain this, how is this possible? It seems that there are no others who recently got their account stolen bassed on the SBs I'm seeing.

    I'm trying to figure this out myself but I'm not very successful. I know if you want to change the email associated with an account, you need to have played on the same IP you're connecting with to the webpage. Then you have to have access to the email to continue the process. Then both emails have to accept it and you're done. I know by the looks of it you'd think my PC got ratted but it didn't. I checked everything, only my Growtopia account got stolen NOTHING ELSE. Not my PayPal or bank. All this happened 3/4 days ago, was there anything wrong with the webpage? Also, I use different passwords for everything, growtopia and my mail included. I really hope that someone can clarify this for me. Thanks in advance.
    Donate!

  2. #2
    Master Sorcerer awesome178's Avatar
    Join Date
    Nov 2015
    Location
    Sydney, Australia
    Posts
    1,068

    Default

    Most email providers allow you to view last login details. You can check whether someone has logged into your account besides you. They should also give you IP addresses and location so picking out fishy logins should be easy. You should have two-factor authentication on your email addresses anyway if you're going to store your bank and Paypal stuff there.

    Then, check to make sure that AAP is on. Maybe you never had AAP on the entire time? (note, it's not possible to turn it off, I already asked!) Under personal settings, you can check if it's on. If it is on, then somebody logged in from the same IP address. Family or friends perhaps?

    It shouldn't be possible to bypass AAP, it's designed so you can only get through by following certain steps.
    IGN: awesome187
    Level: 75
    Bureaucrat on the Growtopia Wikia.

  3. #3
    Master Sorcerer Imunity's Avatar
    Join Date
    Mar 2016
    Location
    Lithuania
    Posts
    769

    Default

    It is possible to bypass AAP *SOMEHOW*. Not sure about whole account stealing.
    IGN: Imunity

  4. #4
    Squire Mimpje's Avatar
    Join Date
    Dec 2016
    Location
    "Such an awesome place"
    Posts
    27

    Default

    Quote Originally Posted by awesome178 View Post
    Most email providers allow you to view last login details. You can check whether someone has logged into your account besides you. They should also give you IP addresses and location so picking out fishy logins should be easy. You should have two-factor authentication on your email addresses anyway if you're going to store your bank and Paypal stuff there.

    Then, check to make sure that AAP is on. Maybe you never had AAP on the entire time? (note, it's not possible to turn it off, I already asked!) Under personal settings, you can check if it's on. If it is on, then somebody logged in from the same IP address. Family or friends perhaps?

    It shouldn't be possible to bypass AAP, it's designed so you can only get through by following certain steps.
    I use 2FA on my email and I checked everything, it did not get compromised and even if it did you'd still need to play on the same IP as me to change the Email associated with my account. It just gets weirder and weirder. I think the hacked didn't know my password but found a way to bypass the email change page. I have checked my other account and I still get a message when playing on a new IP with my alt account. So AAP isn't broken. Thanks for your response.
    Donate!

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •