Warning: change your password please!

[amirm]

Hello everyone. Found three accounts today that were hijacked and spam posted under their alias. Maybe it is coincident but just to be on the safe side, please change your ASR password as soon as you can.

Thank you.

 

[Blumlein 88]

Oh no! This is becoming a weekly issue all around the internet.

Any chance you'll be able to use passkeys in the near future rather than passwords?

 

[abdo123]

Changed and enabled double step verification.

 

[ObjectiveSubjectivist]

double step verification.

Exactly that. Have been using two step verification for quite some time.

 

[Holmz]

Hello everyone. Found three accounts today that were hijacked and spam posted under their alias. Maybe it is coincident but just to be on the safe side, please change your ASR password as soon as you can.

Thank you.

Three out of how many members?

 

[Blumlein 88]

I didn't even know ASR had 2FA available now. So was good to find that out when changing my password. Have it enabled now.

 

[amirm]

Three out of how many members?

Almost 35,000. But the signature is the same for all three. An existing member all of a sudden posting spam. Just want to be on the safe side and provide early transparency.

 

[syzygetic]

Thanks for the heads up! 2FA FTW!

 

[amirm]

To expand, we get one of these a year or so. Three in a day then stands way out!

 

[MacCali]

Wonder how they manage to do it and the purpose is to steal our money or what’s the stupidity based upon

 

[amirm]

LastPass password manager was breached recently. So maybe that is accelerating things.

Unless you use the same password here as elsewhere, there is no cross contamination with where you keep your money. If you are using the same password, then definitely change and keep them unique in the future.

 

[Blumlein 88]

Almost 35,000. But the signature is the same for all three. An existing member all of a sudden posting spam. Just want to be on the safe side and provide early transparency.

The transparency is much appreciated. Far better this than letting us know a few months from now that you for sure know some breech has occurred. I know you already know this, but thanks anyway.

 

[Mulder]

LastPass password manager was breached recently. So maybe that is accelerating things.

Unless you use the same password here as elsewhere, there is no cross contamination with where you keep your money. If you are using the same password, then definitely change and keep them unique in the future.

It is not the first time LastPass was breached. I have since long stayed away from LastPass. Better to Use KeePass or something similar and store the passwords offline. https://keepass.info/

 

[YSC]

LastPass password manager was breached recently. So maybe that is accelerating things.

Unless you use the same password here as elsewhere, there is no cross contamination with where you keep your money. If you are using the same password, then definitely change and keep them unique in the future.

mostly affect things like emails or so, having a dozen different pw isn't easy

 

[delta76]

Save you one click or two: https://www.audiosciencereview.com/forum/index.php?account/security
it's a good practice to never share passwords on different sites, although that's something I usually violate

 

[jae]

Never use password managers, especially ones hosted on someone else's computer

 

[Doodski]

If the passwords are encrypted then how can it be breached? Either social engineering or scanning for passwords must be done?

 

[Digby]

Never use password managers, especially ones hosted on someone else's computer

What do you suggest, writing them on a notepad and putting in a drawer?

Seriously, if you have a unique password for every site, then you aren't going to remember 10+ login passwords (presuming they are decent passwords).

 

[Feargal]

I've seen warnings elsewhere on other forum sites in the last few days that there's been an uptick of bot attacks on user accounts with weak passwords.

 

[Soniclife]

If the passwords are encrypted then how can it be breached? Either social engineering or scanning for passwords must be done?

If your password is password then it's not hard to crack, these attacks target the low hanging fruit.