Your Digital Media Has Never Looked So Good

 
DrTimo
Topic Author
Posts: 1
Joined: Tue Jun 12, 2018 7:34 pm

Grossly negligent account security with Sling TV

Tue Jun 12, 2018 7:47 pm

This past week I was on vacation and logged into my Sling TV account on the Roku-equipped smart TV in the room I was renting. I very unfortunately forgot to log out of the account when I left. When I realized my mistake, I naively assumed it wouldn't be a big deal because I could probably log out of the device remotely via my Sling TV account settings. Apparently, this is not true. While my account does have a handy device list showing me when each device was most recently used, no option to remotely log out is given. I even talked directly with Sling support and they also refused/insisted they could not remotely log out of a device. At the same time, I went ahead and changed my account password multiple times, assuming (naively, yet again), that this would log out any active sessions on my account. Incredibly, this is NOT the case. Recent account activity continues to appear on that device, and I even confirmed this by opening my Sling app on a tablet I own where I had not yet inputted my new password. The app started up fine as if nothing had changed, and even allowed me to rent a movie, automatically charging my credit card of course. This despite the fact that I was logged in with an expired password.

Sling customer support has been utterly unhelpful and ineffective. Their repeated response to my pleas to do literally anything to protect my account is simply "we can't do that." One rep even dared to scold me for not logging out, as if I had forgotten to do so intentionally. The only suggestion they have is to cancel my account and open a new one. Maybe I'm crazy, but I think that is a totally unreasonable "solution" to a pretty minor problem. Of course, ultimately I will have to cancel if they cannot help me, but I will almost certainly not create a new account. A service that takes user security this lightly doesn't deserve my money.

The only upside in all this is that no actual fraud has occurred on my account yet. Whoever is using it right now probably thinks it's just a free account provided with the room. Nevertheless, I think this is a huge security flaw that other people need to be aware of. I was only able to find one article about this from several years ago, and in that article they had an update stating that Sling actually can remotely log out of accounts. Apparently that is NOT true, and customers need to know this.
 
User avatar
RokuShawnS
Roku Engineering
Posts: 6625
Joined: Thu Mar 10, 2011 2:21 pm

Re: Grossly negligent account security with Sling TV

Tue Jun 12, 2018 7:59 pm

Thanks for the feedback!  You did the right thing by contacting the developer first.  We'll take your feedback and pass it on to SlingTV as well.
C. Shawn Smith
Community Liaison

------------
The Cosmos is all that is, and all that was, and ever will be. -- Carl Sagan

Who is online

Users browsing this forum: No registered users and 9 guests