That will work! Once….Hah. Next time I have a brain fart and post BS I have a good excuse - musta been hacked.
That will work! Once….Hah. Next time I have a brain fart and post BS I have a good excuse - musta been hacked.
In my case they changed my email address. I lost access to my account while the hacker was selling equipment pretending to be me.After changing my password I've checked my last messages to see if someone is selling cooking ware with my account.
Good luck to everyone. Be safe, be aware...
Alright. Convinced. Enabled 2 way authentication.That will work! Once….
Was it only your account here that was compromised or others elsewhere? Were you using a password which could be guessed (by a computer) relatively quickly. Did you get to the bottom of this?Unless you are like me, whose login is hijacked by someone who were selling equipment through my profile…
I was told at the time that I was the only one for a long while.Was it only your account here that was compromised or others elsewhere? Were you using a password which could be guessed (by a computer) relatively quickly. Did you get to the bottom of this?
They brute forced it with passwords and got lucky. Scary that they picked you out.I was told at the time that I was the only one for a long while.
The password I was using required tens of years to be hacked and it was not listed on the pawned databases. How it was hacked I do not know. The same password was used on my own server (by mistake) but there were no logins to that server. Both passwords are now changed to different ones.
The problem was that after accessing my account they have not only changed the password but changed the email address as well, effectively blocking my access to ASR. I had to create a temporary account in order to reach the admins.
This is easy to fix.Just remember to keep it in the drawer, and don’t use one with this on the cover:
View attachment 258152
Yes, it uses modified salted hash using bcrypt library.Sounds like the site is being targeted but it is only being hit on an individual-by-individual level thus far. I trust only a salted hash is stored behind the scenes, rather than our whole passwords, to limit impact if there were a data breach?
Like a Borg adapting to phaser fire.That will work! Once….
Thanks for keeping us informed.FYI we discovered 3 more today. Our spam filters are catching them after the fact by quarantining the posts. It is possible there are more that we are not seeing although that is unlikely. So scale is small but not zero or random.
Not all encryption is equally well implemented. If they don't salt the codes then they become significantly more susceptible to rainbow tables and such. Or the messages are encrypted but the keys are held in plain text somewhere along the way and no one is auditing the logs, maybe you don't get them all, but you get enough over time.If the passwords are encrypted then how can it be breached? Either social engineering or scanning for passwords must be done?
Captain Amirm: "Change your passwords!"It was only a matter of time until the brains at PS Audio and Audioquest used all of their extensive engineering knowledge to break into ASR...
I use a self-hosted instance of bitwarden (https://bitwarden.com/open-source/). For people using Home Assistant there's an official add-on (https://github.com/hassio-addons/addon-bitwarden)What do you suggest, writing them on a notepad and putting in a drawer?
Seriously, if you have a unique password for every site, then you aren't going to remember 10+ login passwords (presuming they are decent passwords).