[=SteveElbows;709856]
had my forum account logged in, and the epic launcher logged in, from before the password change
[/]
Interesting indeed! The session system should not provide renewal upon password change and most definitely not for long expired session keys. This is a serious flaw in the system and must be fixed immediately!
What i also would like to add to this conversation; everybody is very obsessed by email’s and logins, but nobody seems to suspect the probablity where local computers gets hacked, where the attacker can simply download saved passwords from basically any storage (eg, browser passwords, text files on your desktop/documents, etc). Last time i got hacked over the Auto Update system of puush, they slipped in a malicious program via this service which was simply downloaded and submitted contents from my local computer.
There are great many ways an attacker can gain access to services of any sort, and will not be limited to a profile login or a change to the subscription. People, you must buckle up to the next coming, and make your computers and routers safe as possibly you just can. Avoid fixed ip’s on the network, and use dynamic ones. Restart your modems and routers on regular basis to make sure you are getting new ip address from your provider, this can reduce the chances of getting your computers hacked. Oh, and turn off auto updates as well, especially for the free softwares.