There is a new possibility for account traders to 'get away with' account trading.
Previously, we were able to identify account trades through bpip.org, which displays:
- When an account woke up
- When a password had been changed
- When an email had been changed
However, recently two-factor authentication (2FA/OTP) has been added, creating a new possibility for account traders, where account ownership can change by the new owner changing the OTP. The password and email can theoretically stay the same.
I've asked on several occasions if Vod has any way to be able to detect OTP changes, though so far there hasn't been any feedback.
If possible, theymos should grant the ability for bpip.org to detect changes to 2FA/OTP on an account, to eliminate this new possibility for account traders.