Unauthorized Access from Spain Detected Despite Password Reset (ref#AJPOM1)

What’s happening?

· Something else

How can we help?

· None of the above

Other options

· Other

Describe the issue

I received a message stating my account had been logged into from Spain and if this wasn’t me then I should change my password, which I did. However, the logging in from Spain issue remains, yet I am based in the UK and logging in from there. I am concerned my account may have been compromised and resetting my password doesn’t appear to be helping.

Describe your network setup

Unsure

Are you using a VPN on your computer. If so you will get a notification sometimes that does not marry up to the location you may be using on the VPN.
The notifications are generated when you log into Roon, Roonlabs website and the forum website.
Do the notifications line up with your usage?

1 Like

Dear Fergus

Thanks for getting back as below.

I’m not using a VPN on my computer, so that shouldn’t be an issue. In terms of when the notifications were received, the first was when I was not logging in to any of the Roon services (so could be a potential hack) whereas the subsequent notifications were immediately after I changed my password and logged in to confirm all was in order.

Do you think the password change will have remove the hack threat and the subsequent issues are just one of those things? Are there any further checks I can do to confirm matters?

I have a lifetime subscription to Roon and so am not due to make any more payments, so someone looking to hack my details hopefully won’t find any bank information etc, but it would be good to confirm all is safe etc.

Thanks Fergus and I look forward to hearing from you soon.

Kind regards

Simon

1 Like

Hi Simon I’m a user just like you, and that is what has appeared on my reports, but all logins were me, so I would not rule out anything. Hopefully resetting your Password has alleviated any issue.

I’ll just flag @benjamin at support as well and hopefully they will be able to get back to you soon.

Br Fergus

Did you check whether your IP is actually associated with Spain?

Here, you can check what’s your address:

1 Like

So they know the email address associated with your Roon account? I recently had people trying to log into my Amazon account from South Africa and Argentina, Amazon stopped it.
It seems Roon allowed it, which is odd unless it is via ARC or a forum / web log in.

It was a wake up call for me, I shared passwords and I immediately spent an hour changing every password on every log in I use to something impossible to remember.

I would start with your email address associated with your Roon account.

1 Like

This highlights what I think is a security issue with this forum, when you first log in, your real name is used, you have to request a change to a psyeudonym via a forum thread.
This forum is the route for obtaining official help with Roon, a person’s first post here could be a call for help and they post with their real name.
This should be changeable in the profile.

1 Like

Finally, check the security tab for access details, here is mine which is correct.

1 Like

Thanks for your help with this everyone.

I’m new to this forum thread malarkey and had assumed someone at Roon would actually respond to my query, but the advice received from others has actually been very informative, so appreciate the feedback!

1 Like

It was 4th July so they were shut, plus they have limited staff until Monday. That said, the majority of support is done by other users, supporting the software they paid / pay for.

1 Like

Hi @Simon_Harmer,

We can certainly help demystify the situation.

A Roon subscription can only be used on one active server at a time, so if you’re logged into Roon successfully on your account (on Community or within RoonServer itself in the background), then another user can’t login to make changes to the account from another machine elsewhere.

The sign-in geolocation isn’t always accurate or precise and is based on the WAN IP reported by your ISP. We don’t have any records of activity from Spain in diagnostics on your account, but your RoonServer account did update session credentials in the background around that time (a fully predictable, normal, and safe procedure). It’s most likely the case that there was no attempt to maliciously access your account and the email was triggered inadvertently.

Resetting the password regularly and enabling multi-factor authentication with Google Authenticator, Microsoft Authenticator or Authy are best practices for keeping your account safe. Please reach out if you encounter any issues moving forward in a PM or by responding in a new topic thread.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.