Jump to content

Photo

Password Security


  • Please log in to reply
2 replies to this topic

#1 Aevin

Aevin

  • Members
  • Pronouns:He / Him
  • Location:Oregon

Posted 18 August 2019 - 11:46 PM

As many of you are already aware, we had some problems today with someone cracking some member accounts and changing the passwords, then causing a scene in public. Our current theory is that they were able to exploit weak passwords. We don't have any indication that they have a method for accessing the site or database files, and checking the logs shows that nothing in those has been tampered with in any way. They also had to attempt logins multiple times, so it doesn't appear they have a way of directly fetching full password information.

 

As a measure against this, we've increased some of the site's security around passwords and log-ins. We recommend that all members change their passwords to something strong. I'm sure all of you know the deal here. At least 10 characters, avoiding dictionary words, using letters, numbers, and symbols, and all that jazz.

 

The initial IP used to post from the compromised accounts matched the member DeSimpleton, so he has now been banned. Edit: It has since been confirmed that this was perpetrated by the banned member Item. The compromised accounts have also had their passwords reset.

 

If you notice any problems with members acting strangely, or threats being made in public, please don't panic. If you're on Discord, the quickest way to get staff attention is to @staff. Otherwise, you can use the site's report function for posts, or contact us through the Staff Dropbox. We'll do our best to clean up any messes as quickly as we can.

 

Who knows what it's all about? It could be a member bearing a grudge, or just someone out to amuse themselves by messing with people. If they show up again, try not to pay them too much attention until we can work things out.

 

Thanks for your patience and understanding.

-PureZC Staff


  • Anthus, Shane, Jared and 4 others like this

#2 Saffith

Saffith

    IPv7 user

  • ZC Developers

Posted 19 August 2019 - 12:08 AM

I would add that using a password manager is a good idea in general. It's a minor inconvenience for a great deal of security. I use Password Safe myself, but there are plenty of good options.
  • Anthus, Shane, Yapollo and 3 others like this

#3 Hergiswi

Hergiswi

    don't look for me, i'm just a story you've been told

  • Members
  • Real Name:chris
  • Location:house

Posted 19 August 2019 - 08:00 AM

if you make your password "imdumbandlonely" then you'll give hackers an existential crisis whenever they have to type it


  • Daniel, Twilight Knight, Adem and 10 others like this


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users