Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

> Account Security - Use of compromised passwords

views
     
TSse7en
post Aug 2 2021, 11:29 PM, updated 2 months ago

resistance is futile
Group Icon
Admin
1,801 posts

Joined: Jan 2003
From: Captain's Cabin, Black Pearl

Dear All,

The following is in relation to a security incident yesterday (1st August 2021) that involved unauthorized access to at least 4 members accounts by a malicious 3rd party. The accounts had their passwords changed, and were then used to post unsavory content before it was locked down.

After an internal security audit, we have ascertained that the accounts were compromised as they used similar credentials (username:password combination) at Reddit.com, which suffered a breach 8 months ago.

user posted image

We have also traced around 20 other accounts (which also appear on Reddit with a similar username) which were attacked in a similar way - but did not result in a breach, possibly due to different passwords/credentials being used.

Feature Upgrade

As compromised passwords and data breaches are quite rampant, over the next few days, we will be upgrading our system to include a compromised password notification powered by Have I Been Pawned (https://haveibeenpwned.com/Passwords). Should your current password exist in the breach database (there are now over 600 million compromised passwords on HIBP), you will receive an email informing you about this and recommending you to change your password. As your passwords are stored in a one way hash in our database, this check will only be done at your next login once this feature is implemented.

 

Change to:
| Lo-Fi Version
0.0160sec    0.63    5 queries    GZIP Disabled
Time is now: 25th September 2021 - 02:58 PM