Not trying to create a panic but this morning, someone on Twitter claimed that ResetEra had been breached and user data including emails and passwords had been leaked online. I posted this in the site issues thread and messaged staff, but no one has responded so far. Given how serious this is, I wanted to make sure everyone was aware so users could change their passwords on Era and emails / other accounts as soon as possible.
I'm not sure how reliable this person is, but regardless, it would be a good idea for everyone to change their password and enable two factor authentication just in case this turns out to be real.
[Mod edit: Switched to screengrab]
Staff response:
I'm not sure how reliable this person is, but regardless, it would be a good idea for everyone to change their password and enable two factor authentication just in case this turns out to be real.
[Mod edit: Switched to screengrab]
Staff response:
Official Staff Communication
Let's clear this up: Our tech team investigated claims of a data breach and found no evidence of such on our end. We have no reason to believe our database has been compromised. What appears to have happened is that a determined troll gained access to a small number of accounts through known-leaked passwords (from breaches on other sites) and/or brute forcing weak passwords. One of the IPs used by the troll in question, not to mention the writing style, matches those used by a banned member who has long been engaged in alt right harassment against our community.
With all of that in mind we declined to engage the troll. What we did do is force the affected accounts to reset their passwords, and each of those individuals was contacted to inform them of what happened. We also updated our General Guide with recommendations on personal and account security.
Again, we have no reason to believe there has been a data breach, but both here and everywhere all members should take care to use strong passwords that are unique to each site.
With all of that in mind we declined to engage the troll. What we did do is force the affected accounts to reset their passwords, and each of those individuals was contacted to inform them of what happened. We also updated our General Guide with recommendations on personal and account security.
Again, we have no reason to believe there has been a data breach, but both here and everywhere all members should take care to use strong passwords that are unique to each site.
Last edited by a moderator: