Link to the most recent discussion? I just scrolled through all the topics until I got into November and didn't see a single topic about it on the classic forum over there.

Dubbed password recovery glitch was patched in july afaik.

Not quite sure about an email change glitch.

Ok, what is this "email change glitch" I keep hearing about?

EDIT: I mean, I am pretty sure I get how it would work but would like to hear more about this and if it is still a problem.

This post was edited by Stoneheart on Jan 17 2017 12:15am

Its still a problem outside of bnet, with a lot of services that jspers use (I can list a few, if you care). In fact, database practices hadn't been improved much when jsp was made.
The only reason you can't double reg on jsp is that the creators of invision powerboards (the people who designed this forum who for some reason aren't credited anymore) designed the userlist to allow name changes. If they hadn't expected people like njaguar to charge people $15 to use an automated site feature you would more than likely be able to double reg here. Other forum software is still vulnerable today because the exploit doesn't get much publicity.

This post was edited by Worrywart on Jan 17 2017 01:04am

email change glitch still exists, so yes double reg still exists

Their server has had a verify step since ~august-sept 2016
It checks to see if the email making the change is the one associated with the account.

It doesn't fix the original problem that allowed double reg (blizzard doesn't really fix problems, they just cover them up with wallpaper), but unless you're talking about an entirely different exploit then double reg should not be possible using any of the old methods.

This post was edited by Worrywart on Jan 17 2017 01:55am

Good to know. I assume you have tested out the email change exploit since the patch/fix?

Was the old exploit like the password reset where you just "save" the email change email from blizzard until after the account is expired and remade by someone else, then respond to the email confirming the email change?

This post was edited by Stoneheart on Jan 17 2017 08:43am

Also, good thread to read if you give a damn about this:

https://us.battle.net/forums/en/bnet/topic/20745576199?page=1

Near the end of the thread there is discussion about rhox@jsp and his complaint that he had an account stolen just last November (rhox mentioned this in this thread: http://forums.d2jsp.org/topic.php?t=75208760&f=21&o=0).

The conclusion was that rhox@jsp created the account "logic" back in October but didn't perm the account and it expired within 14 days. Then someone else created the account "logic" in November. So double registration was not the culprit.

This post was edited by Stoneheart on Jan 17 2017 11:40am

You'll notice nobody has lost an account to double reg since September. You can't say it's because people got smarter and stopped using regged accounts because people behave at all times like they want to be scammed.

They tried to fix double reg in may and failed. They tried again around June but only prevented new double regs from being made (the hundred thousand or so already made would still work) Then around September they added the account verification step which is the dumbest, most half-assed fix they could have possibly come up with. All they had to do was put an account number field in the database so that your account name wasn't the key for the record.

I tried it with a new account once I noticed nobody was posting threads about losing accounts anymore.

This post was edited by SuperButt420 on Jan 17 2017 02:51pm

I have a feeling ur the guy hoarding thousands of double reg'd accs trying to convince people making gg acc names
just inb4