TRS-80 Posted March 14, 2021 Posted March 14, 2021 I received an email notification same as title of this post 2 days ago. Just now I changed my password. But I thought I would make a post to see if anyone else might have been targeted (as I am a Moderator), especially any other Admins or Moderators. I am going to ping everyone I can think of (actually, I simply use the list here) below, but please add anyone else who I miss. @Igor @lanefu @Werner @TonyMac32 @SteeMan @soerenderfor @pfeerick @NicoD @JMCC @balbes150 @_r9 4
soerenderfor Posted March 14, 2021 Posted March 14, 2021 @TRS-80 - I have not received email notification related to the topic, have you noticed from any other sites also?
Werner Posted March 14, 2021 Posted March 14, 2021 Nothing here but I would not care much about it either. Good strong password and 2FA. Nothing to worry in terms of common login.
TRS-80 Posted March 14, 2021 Author Posted March 14, 2021 7 minutes ago, soerenderfor said: have you noticed from any other sites also? Not as of yet. I will update of course should that change. You remind me though that I wanted to point out I use an offline password manager (and additional protocols which I will not detail here) and every login I have everywhere is some unique long random password. So that particular attack vector (using same passwords different places) should not apply to me. To be clear, it also appeared they were not successful in logging in to my account as far as I can tell. But I changed my password here anyway.
soerenderfor Posted March 14, 2021 Posted March 14, 2021 @TRS-80 - Is it possible in any way, the login did come from you with 2 login attempts almost same time, if you follow me?
TRS-80 Posted March 14, 2021 Author Posted March 14, 2021 4 minutes ago, soerenderfor said: Is it possible in any way, the login did come from you with 2 login attempts almost same time, if you follow me? Thinking long and hard about that was actually the very first thing that crossed my mind. But I would say no, for all these reasons: 1. The [...] I left out from OP title was a location where I do not log in from. 2. My password management setup supports auto type which almost never makes a mistake. Much less 3 in a row. 3. I simply don't recall anything like that happening on Friday. I am maybe 80% certain of #3, by itself. But when you add the other 2 factors, it is approaching mid-high 90-something% level of certainty in total.
soerenderfor Posted March 14, 2021 Posted March 14, 2021 @TRS-80 - Okay, but better safe than sorry ;-)
pfeerick Posted March 15, 2021 Posted March 15, 2021 I also got the same email, three days ago now ... three failed attempts from London UK, and three from Finland... not even the right continent... needless to say, nice long new password generated. 1
balbes150 Posted March 15, 2021 Posted March 15, 2021 (edited) I haven't received any such messages. But perhaps someone is systematically trying to find passwords to all known accounts with the necessary rights. Edited March 15, 2021 by Werner Remove offtopic
Recommended Posts