Today there were few new spam posts made to shill cryptocurrency and as I banned first the accounts and deleted the post I noticed that by banning one account I simulateneously had banned 13 more with the same IP address. As I took closer look I noticed that these were all bunch of accounts created varying times, some were very old from all the way from 2011, some were more recent and as it's unlikely somebody would have been registering bot accounts back in 2011 to start posting in 2023 it likely means some outsider has gotten access to them.
I checked the affected accounts with
https://haveibeenpwned.com and most of them had been in databreach (worst ones multiple times!) elsewhere so it seems likely that the users had simply used the same email and password for every place they had registered to including Simscave making their accounts easy target. The few that didn't show up may have used some most common passwords (such as qwerty, 123456789, abc etc) and had gotten their accounts logged in due that
or they might have been in some yet unknown breach. BUT we can't exclude the possibility that there might have been data breach on this site and of course using the same password on multiple sites is a bad idea generally so
I'm urging everybody to change your passwords here and if you use the same email and/or password elsewhere on those sites too. It's also not a bad idea to check your email with the
https://haveibeenpwned.com and sign up for updates for the possibility that your email pops up on future breaches.
Stay safe and practice good cyber hygiene.
Edit: So apparently not everybody knows how to change the password so I made this tiny tutorial:
(click for bigger image) (I made a new test account to test that it works for all users, thus the 0 minutes logged in time)
If you follow text better then these are the steps:
- Click to the "Profile" button on the top panel
- From under the modify Profile section find "Account Related Settings"
- Find the part where is says "New Password" and write your new password there
- Under that line is "Verify password", write the same password in it again.
(optional but recommended: while you're in the settings tick the "Hide email address from public" option, that way if your email has leaked somewhere those looking to hack your accounts can't see you've used it here)
- Finally go to the part where it says "Current Password" and write the password you currently use there
- Click on the "Change Profile" button to save the changes.
- Log out and test that your new password works and if you store them in your browser memory that should prompt to update it too so you won't forget. (if it didn't work for some reason then you should still be able to log in with your old password and you can try again)