Warning: change your password please!

[AdamG]

Hah. Next time I have a brain fart and post BS I have a good excuse - musta been hacked.

That will work! Once….

 

[sarumbear]

After changing my password I've checked my last messages to see if someone is selling cooking ware with my account.

Good luck to everyone. Be safe, be aware...

In my case they changed my email address. I lost access to my account while the hacker was selling equipment pretending to be me.

 

[HarmonicTHD]

That will work! Once….

Alright. Convinced. Enabled 2 way authentication.

 

[Doodski]

Well... Ima glad I changed mine out for a very very strong password because I previously used a very simple one temporarily and forgot to go back and update it. It would not be a biggie if it was cracked because all my stuff has different passwords. Have funnnn scanning for passwords whack job(s).

 

[Digby]

Unless you are like me, whose login is hijacked by someone who were selling equipment through my profile…

Was it only your account here that was compromised or others elsewhere? Were you using a password which could be guessed (by a computer) relatively quickly. Did you get to the bottom of this?

 

[sarumbear]

Was it only your account here that was compromised or others elsewhere? Were you using a password which could be guessed (by a computer) relatively quickly. Did you get to the bottom of this?

I was told at the time that I was the only one for a long while.

The password I was using required tens of years to be hacked and it was not listed on the pawned databases. How it was hacked I do not know. The same password was used on my own server (by mistake) but there were no logins to that server. Both passwords are now changed to different ones.

The problem was that after accessing my account they have not only changed the password but changed the email address as well, effectively blocking my access to ASR. I had to create a temporary account in order to reach the admins.

 

[Doodski]

I was told at the time that I was the only one for a long while.

The password I was using required tens of years to be hacked and it was not listed on the pawned databases. How it was hacked I do not know. The same password was used on my own server (by mistake) but there were no logins to that server. Both passwords are now changed to different ones.

The problem was that after accessing my account they have not only changed the password but changed the email address as well, effectively blocking my access to ASR. I had to create a temporary account in order to reach the admins.

They brute forced it with passwords and got lucky. Scary that they picked you out.

 

[mhardy6647]

Just remember to keep it in the drawer, and don’t use one with this on the cover:
View attachment 258152

This is easy to fix.

 

[restorer-john]

Mine is changed and is now unique to this site. Thanks @amirm for the heads up.

 

[restorer-john]

I would argue that the best place to keep your passwords in 2023 is ironically, on a piece of paper somewhere in your house. It limits potential access to the one random burglar who is more likely to be interested in your iPads, laptops, jewelry, cameras, cash and gaming consoles.

 

[amirm]

Sounds like the site is being targeted but it is only being hit on an individual-by-individual level thus far. I trust only a salted hash is stored behind the scenes, rather than our whole passwords, to limit impact if there were a data breach?

Yes, it uses modified salted hash using bcrypt library.

 

[amirm]

FYI we discovered 3 more today. Our spam filters are catching them after the fact by quarantining the posts. It is possible there are more that we are not seeing although that is unlikely. So scale is small but not zero or random.

 

[Astoneroad]

That will work! Once….

Like a Borg adapting to phaser fire.

 

[Mr. Widget]

FYI we discovered 3 more today. Our spam filters are catching them after the fact by quarantining the posts. It is possible there are more that we are not seeing although that is unlikely. So scale is small but not zero or random.

Thanks for keeping us informed.

 

[Keened]

If the passwords are encrypted then how can it be breached? Either social engineering or scanning for passwords must be done?

Not all encryption is equally well implemented. If they don't salt the codes then they become significantly more susceptible to rainbow tables and such. Or the messages are encrypted but the keys are held in plain text somewhere along the way and no one is auditing the logs, maybe you don't get them all, but you get enough over time.

Three to one to me suggests sockpuppets which are endemic on forums and to be expected without necessarily malicious intent.

Either way the alert is appreciated, but something going out via email would probably be best next time. I didn't see this until I specifically clicked into the reviews list.

 

[BlackTalon]

It was only a matter of time until the brains at PS Audio and Audioquest used all of their extensive engineering knowledge to break into ASR...

 

[Beershaun]

Updated and 2FA added. Thanks for the head's up!

 

[JaMaSt]

It was only a matter of time until the brains at PS Audio and Audioquest used all of their extensive engineering knowledge to break into ASR...

Captain Amirm: "Change your passwords!"

 

[Calin]

Done ! Thanks for the warning

 

[bakker_be]

What do you suggest, writing them on a notepad and putting in a drawer?

Seriously, if you have a unique password for every site, then you aren't going to remember 10+ login passwords (presuming they are decent passwords).

I use a self-hosted instance of bitwarden (https://bitwarden.com/open-source/). For people using Home Assistant there's an official add-on (https://github.com/hassio-addons/addon-bitwarden)