CHANGE YOUR PASSWORD! DDF Account Hackers Buying/Selling Gift Cards!

[aishel]

I changed my password, though I never know what my password actually is. I use BitWardern as a PW manager and it generates a password for me automatically that is a random assortment of numbers, letters (upper case and lower case), and symbols. This should be the standard for everyone for all websites you need a password for. I understand the desire to just do a simple one that "doesn't really matter", but creating a habit of always using a password manager to generate your passwords will keep everything secure. And please, for the love of Hashem, PLEASE use 2FA for your email address. Once they have your email, it's essentially game over and they can get your banks and all of your financial stuff.

[Dan]

$100 a month?
IINM it's open source and can be self hosted. I haven't done any research on it.

Would be enterprise pricing, https://www.discourse.org/pricing

[HoKo]

Perhaps we could have 2FA but do it so the system only prompts for 2FA when it's a login attempt from a new IP address

[CountValentine]

Once they have your email, it's essentially game over and they can get your banks and all of your financial stuff.

They can get all 15 of my emails and all they can do is login to DDF. 

[CountValentine]

Perhaps we could have 2FA but do it so the system only prompts for 2FA when it's a login attempt from a new IP address

That would be every login.

[Essen est zich]

Btw Tapatalk is still allowing me to post without changing my password.

[Yo ssi]

Would be enterprise pricing, https://www.discourse.org/pricing

Really? Which category would we be maxing out in?



Either way self hosting is probably cheaper albeit a bit more involving to set up.

[CountValentine]

Can we get an idea of the passwords that were hacked? If it was "1234DDF" I wouldn't worry about it.

[Dan]

Can we get an idea of the passwords that were hacked? If it was "1234DDF" I wouldn't worry about it.

They were all very basic and likely all over the dark web.

[Dan]

Really? Which category would we be maxing out in?



Either way self hosting is probably cheaper albeit a bit more involving to set up.

DDF page views.

[CountValentine]

They were all very basic and likely all over the dark web.

Ok, let's not go overboard then.

[Dan]

Ok, let's not go overboard then.

Right, we'll see if the new PW requirement and reset works before moving onto other options.

[Yo ssi]

!

[HoKo]

That would be every login.

Why? Are you using a VPN?

[CountValentine]

Are you using a VPN?

I thought that was SOP, no?

[aygart]

Can we get an idea of the passwords that were hacked? If it was "1234DDF" I wouldn't worry about it.

The password I changed from was much simpler than that. total of five letters no numbers.

[Yo ssi]

I thought that was SOP, no?

15

[HoKo]

The other concerning element of this attack is that it's an indication DDF is on the radar of scammers. It's going to make doing business/trades with newer members riskier IMO. (And the honesty / general lack of scams is one of the nicer elements of DDF).

[CountValentine]

15

Ouch!

[CountValentine]

The password I changed from was much simpler than that. total of five letters no numbers.

AFAIK