1

How difficult is it to determine whether an account got hacked or why do games allow account recovery while refusing to lift bans for hackers' deeds?

Ppl want to close this question as off-topic.

I don't understand.

I tried to word my question very carefully so that it'd be on-topic.

From my question:

  1. Does the policy not to lift bans issued for hackers' behaviours arise from the difficulty of determining whether the account was indeed hacked?
  2. If the above is true, is it more difficult to determine whether the account was used by its legitimate owner on a given occasion than who is the legitimate owner and whether its current user is the legimitate owner (since support does trouble itself with account recovery)?

These are technical questions. About information security. IIUC.

Notice I do not ask:

Why do sites / games tend to have a policy not to lift bans issued for hackers' behaviours?

Such a question would be off-topic. Possibly it would be on-topic on community management SE.

But instead I ask if it is very difficult to determine if an account was used by its legitimate owner on any occasion. And if it's more difficult to determine if an account is currently being used by its legitimate owner. This seems to me to be about information security.

What's wrong with my question, again?

1 Answer 1

Reset to default
5

The "difficulty" is entirely up to how the application was designed and what resources they have to analyse player behavior. That makes the question too broad and up to interpretation. One game will be easy, while another will be difficult.

Once you put in the LoL example, then it becomes about LoL, and only LoL staff can answer your question. If you remove the example, then you are back to "it depends on how the game was designed."

I have designed user behavior algorithms and even I cannot give you a definitive answer to the question because it is up to:

  • the available data
  • the tools in place to analyse that data

So, what's wrong with the question is that the answer is a non-committal shrug.

Also, the whole "account recovery" angle is not a clear logical connection to your question. It is based on a corner-case specific action of a malicious actor, and you appear to make it central to any potential argument.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .