- Joined
- Jun 13, 1999
- Messages
- 25,158
We've identified a handful of user accounts were hijacked in the last couple of days and used to post inappropriate content. Our investigation points to those accounts using the same password on multiple websites and that password being made public in a data breach on one of those other sites. Please note that there is no evidence of a data breach occurring on this site.
If you're not familiar with how passwords can be leaked in data breaches, here's a FAQ about them.
To check if your passwords have been leaked in a data breach go to https://haveibeenpwned.com/, enter your email address and it will report whether it has been part of a leak, how and when. Given the high profile nature and volume of some of these breaches I'd be surprised if most people haven't been impacted.
The main thing to understand is that you should always use a unique and strong password for every different website/app account you have. That means even if your password is leaked in one system's data breach, your other accounts aren't then vulnerable as they're using a different password.
Given that, we strongly encourage you to take the following steps on this site:
Note: If your email is not up-to-date please take the chance to update that as well using this form.
One more tip: Use a password manager
If you're not already using a password manager it's well worth taking to time to get one. It will make your passwords more secure, and take away the hassle of organising and remembering them.
Modern browsers and operating systems have built in password management so that's always a good option. But if you're using multiple devices (desktop, laptop, mobile, tablet etc) syncing your password data across all devices may be tricky. A dedicated password management app can help with that. Here's a guide to password managers, both free and paid.
If you have any questions about any of this please post here or PM me directly.
If you're not familiar with how passwords can be leaked in data breaches, here's a FAQ about them.
To check if your passwords have been leaked in a data breach go to https://haveibeenpwned.com/, enter your email address and it will report whether it has been part of a leak, how and when. Given the high profile nature and volume of some of these breaches I'd be surprised if most people haven't been impacted.
The main thing to understand is that you should always use a unique and strong password for every different website/app account you have. That means even if your password is leaked in one system's data breach, your other accounts aren't then vulnerable as they're using a different password.
Given that, we strongly encourage you to take the following steps on this site:
- update your password with this form.
- we highly recommend taking a moment to enable two-factor authentication to add an additional layer of security and guard against your account being hijacked.
Note: If your email is not up-to-date please take the chance to update that as well using this form.
One more tip: Use a password manager
If you're not already using a password manager it's well worth taking to time to get one. It will make your passwords more secure, and take away the hassle of organising and remembering them.
Modern browsers and operating systems have built in password management so that's always a good option. But if you're using multiple devices (desktop, laptop, mobile, tablet etc) syncing your password data across all devices may be tricky. A dedicated password management app can help with that. Here's a guide to password managers, both free and paid.
If you have any questions about any of this please post here or PM me directly.