Is there a way to completely prevent Custom ID accounts from being created? Lets say I have no code that calls createAccount wiht custom ID. I only have create playfab account method. I believe a hacker can call the custom ID function from Playfab regardless of what I have in unity.
I am not entirely sure what hackers do, but we recieved one of these attacks recently. We had 100k+ accounts created from all over the world and from all kinds of devices. These seem to happen to popular VR and non VR games that use playfab. The hackers seem to be used to doing this to playfab games.
Do hackers need the game to be running in order to spam the calls? Or do they automate a bot, to create an account somewhere and make the api call? Our code for oculus check for entitlement. If the entitltement doesn't go through, the app is shutds down. If they have a bot they can create accounts in a split second.
So for the sake of making it harder. Is there a way to cancel ALL custom ID accounts? On playfab manager? Could I select to never accept custom ID account creation? Because this is really chaotic. Having playfab be at the mercy of these hacks. I wouldn't mind the email spam.Because is limited to emails.