#1 Posted by BuddyleeR (96 posts) -

Just now, I picked up my iPad to open up Giant bomb to watch Unprofessional Fridays, when believe it or not, I was logged in as a completely random user when I first opened Google Chrome. I could access the entire profile, including settings. I quickly logged off, and was able to log in under my own account, but the fact that somehow I was logged into another person's account, has me a bit freaked out. I'm the only one in my household with a Giantbomb account, and no one has had physical access to my iPad since the last time I was logged in. I can help out with details if need be. Please contact me for this user's name, as I'm not sure if it's appropriate to post the username directly into the forums.

#2 Posted by TheBrokenPinion (229 posts) -

that's crazy haha

#3 Edited by Zleunamme (777 posts) -

I encountering the same problem. I'm using Google Chrome on my iPhone 4s. I tried connecting through Facebook. It takes me to the Facebook moble page where it asks for my email and password. When I enter the information, I'm logged on Giant bomb as a different user. I had access to the other users settings. I logged out then used the manual login to get back to my account.

#4 Posted by RonGalaxy (3684 posts) -

That's kind of scary...

#5 Posted by ToTheNines (1105 posts) -

what.. the.. fuck..

#6 Edited by BigJeffrey (5138 posts) -

lol what

#7 Edited by Capum15 (5139 posts) -

@buddyleer: Should contact @rorie for this, I would think? Seems like a pretty big thing.

#8 Posted by TheManWithNoPlan (6345 posts) -

Wow, yeah. Hope that gets resolved soon.

#9 Posted by mrpibb (478 posts) -

@buddyleer: @zleunamme: please send me a PM with the username that you were able to login as. Thanks

#10 Posted by Rorie (3408 posts) -

Thanks guys, we'll look into this ASAP.

#11 Posted by Nux (2558 posts) -

You must not use this power for evil.

#12 Posted by Yummylee (23478 posts) -

Hey guys, BuddyleeR over here. Seems this glitch is still going strong for me!

#13 Posted by RonGalaxy (3684 posts) -

Is giant bomb haunted?

#14 Edited by Corevi (6793 posts) -

Maybe GB has hit critical mass of accounts?

#15 Posted by I_Stay_Puft (5023 posts) -

How do we know that Rorie is Rorie? Shits gone crazy.

#16 Posted by RonGalaxy (3684 posts) -

Oh wait, giant bomb isn't haunted. Its the entire plot of John Carpenters The Thing. I'll need blood samples from all of you

#17 Edited by falserelic (5721 posts) -

I think out of all the crazy glitches on this site. This is the best and the fuckin worst.

#18 Posted by MariachiMacabre (7097 posts) -

Dude, it's an internet body switch comedy!

#19 Posted by PandaBear (1484 posts) -

Brilliant. Like many others my credit card information is stored on this site for my subscription. Makes me feel safe.

#20 Posted by Chaser324 (7181 posts) -

@pandabear: I don't think there's any way to actually view your stored credit card info, so I think you should be fine if someone by random chance gained access to your account.

#21 Posted by Rorie (3408 posts) -

@pandabear: Your credit card data isn't stored anywhere on the site; all of that is stored off-site and is thoroughly hashed. Even I can't access it.

#22 Posted by Rorie (3408 posts) -

Also, as an update, it looks like this is probably being caused in an error in one of the third-party login services that lets people make or login to accounts via Google or Facebook or Twitter. We're still looking into it but it's the highest-priority bug we have right now (obviously).

#24 Posted by crimsinf (157 posts) -

This just happened to me for the second time in as many weeks (with different random users logged in each time). I've only seen it happen using Chrome on my phone. I was logged in as somebody else as soon as I loaded up the site even though I was signed in as myself on this device last night. When I closed the tab and reloaded the site, the other account was no longer logged in.

#25 Edited by White (1575 posts) -

Huh... And I here I thought it was something related to logins based off IP addresses.

#26 Posted by Rorie (3408 posts) -

At this point I've seen this happen twice on imgur and at least once on another site (that I bookmarked on my work computer but can't remember at the moment). Everything seems to be pointing to something that's wonky with a third-party login system.

#27 Posted by Scratch (647 posts) -

Well this just happened to me. I was logged into skateandordie's account on my phone. Seems like a pretty major security bug to me.

#28 Posted by themightymonarch (49 posts) -

@mrpibb: @rorie: I opened up Giant Bomb in Chrome for iOS, both with the latest updates, and found myself logged in as skateandordie shortly before 3 AM Pacific today. I don't use any third party system to log in, but my username and password are saved in Chrome. The only recent change is that I started using Last Pass after the Heartbleed bug was publicized, but I don't use it on iOS. When I got home from work this morning I logged in on my desktop and everything appears normal.

#29 Posted by EVO (4029 posts) -

Yep, this just happened to me. I was browsing Giant Bomb on my phone (iPhone 4, Chrome) and was logged in as skateandordie. That user has been banned and their status reads "Have I hacked your account?", so it's a bit worrying.

#30 Posted by Chaser324 (7181 posts) -

Well, at least we've maybe progressed to people only accidentally getting signed in as a banned user. That's progress.

#31 Posted by mrpibb (478 posts) -

@chaser324: @evo: we have a fix going out for this. Been a hard bug to run down.

#32 Edited by Baillie (4595 posts) -

Yeah, it's pretty weird.