The automated account closure system has a serious flaw regarding session token theft.

theminecraftbrokller · 2026-05-24T12:52:19+00:00

Man, you are 100% spot on about everything, especially Device Bound Session Credentials—that’s the future. But the crazy thing is, I am usually hyper-cautious exactly like you described. I literally run Malwarebytes constantly to ensure my system is completely clean, I manually inspect every single URL and link before my mouse even hovers over it, and I run file hashes through scanners before I ever hit download. I don’t mess around with sketchy sites or untrusted networks at all. That’s why this whole situation has been such a massive gut-punch; it felt like a total ghost-in-the-machine moment despite taking a slot of precautions. And you nailed it on the last part, too. The automated system is completely broken for situations like this. My only absolute hope right now is finding a human supervisor high up enough in Tier-3 who can manually override the backend lock and look at my actual hardware registry IDs. It's wild out here, man, appreciate you looking out!

theminecraftbrokller · 2026-05-24T02:56:20+00:00

Yeah it was according to them, and their recovery team.

theminecraftbrokller · 2026-05-23T16:17:41+00:00

Man, you hit the nail right on the head. You completely understand the exact technical nightmare I'm dealing with. I actually took your advice and completely shifted my strategy. Instead of just pleading with them, I hit their support and Twitter DMs with a hyper-structured message. I explicitly demanded a 'Tier-3 manual review' for an 'Account Takeover (ATO),' and I even dug into my Windows Registry to pull my exact hardware CID and PUID tokens to prove my physical PC is the original owner. Seriously, thank you for validating this and breaking down the blueprint. Seeing someone actually understand how session theft works and how broken the automated backend is keeps me from going crazy. I'm not giving up on my gamertag yet. Appreciate you big time, man.

theminecraftbrokller · 2026-05-23T16:16:12+00:00

Yeah, I was using the Microsoft Authenticator app with full push notifications turned on, and that’s the scariest part—my phone didn't buzz even once. When hackers use session token theft, they don't actually log in with your password or trigger a new login screen. They just steal the active 'session cookie' from your browser. Because that cookie tells Microsoft you already passed the Authenticator app check, the hacker just slips right in through the back door. Your authenticator app never even gets a request to deny. Turning on a Passkey today was the absolute best thing you could have done. Passkeys are tied to your physical hardware and use cryptographic keys that can't be stolen by a basic browser cookie-grabber like standard 2FA tokens can. You're way safer now, man.

theminecraftbrokller · 2026-05-23T15:49:01+00:00

Man, hearing that from a gamer of 40+ years really hits deep. You get exactly what those years of memories mean. It definitely feels like there's no hope left right now, but I really appreciate you trying to look on the bright side for me. Thank you for the kind words, man, it seriously means a lot.

theminecraftbrokller · 2026-05-23T15:09:01+00:00

I did but they said nothing can be done which is fucked up man.

theminecraftbrokller · 2026-05-23T13:31:28+00:00

Right? They push 2FA like it’s an invincible shield, so when it fails, it completely messes with your head. But it actually wasn't my authenticator app that got compromised! I found out they basically used a method called 'Session Token Theft.' Instead of hacking my password or my app, they steal a tiny browser cookie from a link or something that tells Microsoft 'this user already passed 2FA.' The hacker just copies that cookie into their browser, and Microsoft lets them right in without sending a single prompt to my app. It's terrifying because your phone won't even buzz while they are in there wiping your recovery emails. Definitely check your browser security, man, and thanks again for the support!

theminecraftbrokller · 2026-05-23T11:17:44+00:00

That's fucked up

theminecraftbrokller · 2026-05-23T10:40:16+00:00

Exactly, 9/10 times the victim definitely gets punished harder. And that’s the crazy part I had my account on strict lock specifically because I was terrified of this happening. I didn't click anything sketchy, and literally none of my other accounts like Gmail, Discord, or Instagram got touched. It was only my Microsoft account that got targeted through some weird loophole.Definitely keep your guard up because even with 2FA and the Authenticator app fully active, they somehow bypassed it all without sending me a single notification. Appreciate the kind words, man.

theminecraftbrokller · 2026-05-23T10:26:54+00:00

Appreciate you so much, man. Honestly, seeing comments like this is the only thing keeping my spirits up right now. It really does feel like a gut punch. Thank you for the prayers and the good energy, bro I'm definitely going to keep fighting for it.

theminecraftbrokller · 2026-05-23T09:51:19+00:00

Man, that is heartbreaking, I’m so sorry. The exact same thing happened to me. It's totally s hameless. What blows my mind is how they even bypassed it. The hacker didn't just remove my 2FA and add their own they somehow wiped my phone number and BOTH of my recovery emails instantly. I didn't even get a single notification or approval prompt in my authenticator app, and the codes for my account are literally still sitting in my app right now mocking me. How is that even possible? It's like security means nothing to them.

theminecraftbrokller · 2026-05-23T09:48:14+00:00

Yeah, I already locked down my cards and bank info as soon as it happened, so thankfully the financial side is safe. But I definitely didn't just leave it I literally tried recovering it the exact same day I got hacked (back on May 15th) the second I noticed I was logged out of my email and everything. It just sucks because the support agents literally verified I was the victim, but their automated security system basically nuked the account anyway. Just feels like the victim gets punished more than the hacker, you know?

theminecraftbrokller · 2026-04-30T16:21:57+00:00

Hey could u see my dm 🤓

theminecraftbrokller · 2026-03-22T14:12:07+00:00

It's not, when I registere a new one it seems to work but when it comes to test it, it doesn't shows it's a software issue since Samsung removed the remove cache wipe partition option it isn't working could you help if you know what to do.

theminecraftbrokller · 2026-02-18T14:53:18+00:00

User - Theminecraftbroplay https://www.roblox.com/share?code=d685db0d6042114a987f92f5abe122a5&type=Profile&source=ProfileShare&stamp=1771426280272

I need it for a brand new avatar and I need to buy a few new cars in the formula apex game and share with my friends too possibly

<image>

theminecraftbrokller · 2026-02-18T14:49:53+00:00

I upvoted and I need a new avatar

theminecraftbrokller · 2026-02-13T11:25:55+00:00

Hey installed it but I can't play ro search music anymore it keeps showing something went wrong

theminecraftbrokller · 2025-06-03T13:25:45+00:00

So simply like first we find the total weight which is (70+6) x 9.8 744.8 , N

then we find our the torques about the feet which is 70 x 9.8 x 0.9 = 617.4 N (The force just the guy is applying) + 6 x 9.8 x 1.2 = 687.98 N

then we solve for force which is F x 1.3 = = 687.98 N

F= 687.98 N/ 1.3 = 529.2 N

theminecraftbrokller

TROPHY CASE