There has been a similar exploit way back in the day, probably 2012 or 2013. IIRC the URLs for spectating and playing were different. One of the guys I knew gave me his URL instead of giving me spectator link. Sure enough I was on the same page has him, logged into his account and both could make moves. I even stayed logged in after the game was done and could play games from his acc without knowing the password.
Perhaps this is a related issue? I can hardly imagine some random hacker targeting you specifically.
This topic has been archived and can no longer be replied to.