New Sign-in To Your Account

[CmdrThor]

I assume many people get the "New Sign-in To Your Account" email EVERY time you log into your DVC account like I do. I received a few the other day that did not correspond to my current location, although they may have just been sent late for a login from a few days prior. However because it seemed suspicious I did a little digging.

Did you know every time Disney sends you one of those emails it contains a link that allows you to change your password without entering your current password? And although the links do expire eventually, it looks like they are good for about 2 weeks. Obviously if someone gets into your email account they would be able to use the forgot password feature to request a new link and take over your Disney account that way, but I can't believe Disney is letting these links sit for weeks without expiring them. I think the emails shouldn't be proactively sent with a Change Password link at all, but if they insist it should be live for a day at the most.

 

[SeaDis]

YES! They drive me nuts. Funny I was on an old Windows 7 computer and never received them. As soon as I upgraded to Win10, they started. Typically you are only supposed to receive these when signing in from new devices. But the cookie is obviously not being placed, or not being checked correctly, to avoid a repeat.

One thing I've noticed last few days is they have been delayed, or may have even missed a couple. So I wonder if they are finally working on it.

A note about location: The location shown for me is for my ISP. It's nearby, but not where I am. I am used to this and see it on other websites.

 

[woodleygrrl]

This is also driving me bonkers. it has been going on since February for me.

 

[CmdrThor]

I submitted a support ticket and they suggested to turn off any "Do not track" settings in my browsers. Not excited about that option, but I will give it a try since the Do Not Track option is not enforced in any way.

 

[GDUL]

It happens to me all of the time too. I put in a support ticket but it hasn't changed anything yet.

 

[gharter]

Happens everytime I log into MDE or the DVC site.

 

[GoingSince1990]

So annoying. And it’s going to be like the boy who cried wolf. If and when an actual fraudster does manage to hack into my account, I will probably disregard the warning email I get because I get the exact same email everytime I log in.

 

[Mathmagicland]

I’d contacted Disney IT back in February after getting the message from some Disney websites but not others, and also as to why it had started. Here is the response I received from them -

****************************

Trusted devices and browsers have been tracked since Fall 2019. This feature was launched in January 2020, and if you logged into a device or browser since then, you would have received a notification. This feature is not yet available for all Disney websites, which is why you're only receiving this message for some sites, and not others.

This notification is sent when our system detects an IP address that it has not seen before or has "forgotten". If you've cleared your cache or browser history, or have cleared Cookies, this can sometimes cause our system to "forget" your device and you may get another notification. You may also receive it if your Internet Service Provider uses dynamic IP addresses, which can cause your IP address to change over time.

These notifications are sent for your security, and if you recognize the device and the location, you need not be concerned. To lessen the amount of times you see these notifications, please ensure you accept Cookies on any Disney websites or apps you're using.