![[staff profile]](https://www.dreamwidth.org/img/silk/identity/user_staff.png){kind=small}
deniseYesterday, we made a post in dw-maintenance about a collection of Dreamwidth accounts that had been broken into and used for spamming. (If you haven't read that post yet, please read it now!) We suspended the hijacked accounts we were able to identify as definitely compromised, and if yours was one of them, please open a support request in the Terms of Service category and we'll help you resecure it.
After additional research, we're highly confident the account breakins were due to people using the same password for their Dreamwidth account as one they'd previously used on another social networking site. However, because the other site hasn't notified its users of any data breach, we can't say for certain they're the source of the password data -- we can only look at the circumstantial evidence. Because many Dreamwidth users also have accounts on the site in question, we'll be working over the next few days to fully evaluate the risk to you, and we may notify the people we believe are at higher risk for an account breakin. You may get an email from us about this -- if you do, please follow the instructions in it.
As we learn more, it may become necessary at some point to forcibly expire some people's login sessions or reset their passwords for them. We don't currently predict needing to do this, but it's a possible step we may need to take in the future. Please check right now to make sure the email address confirmed on your account is an address where you can get mail. If it isn't, change it to your current email address.
If you've ever used your current Dreamwidth password on any other site, or if you aren't sure if you have or not, please change your Dreamwidth password for all your accounts as soon as you can. Again, we're highly confident we're not the source of the password compromise, but there are people who take the information from other sites who have had a password breach and try them elsewhere.
We strongly recommend using strong, randomly-generated, unique passwords for each different site you have an account on, and downloading and using a reputable password manager such as Dashlane, 1Password, Keeper, LastPass, or Zoho to generate and store your passwords for you.
The tl;dr summary for what you should do for all your accounts:
* Check your current email address, and change it if you can't get mail there.
* Change your Dreamwidth password if you've ever used it anywhere else, or aren't sure if you have or not.
* Share these steps with your friends who aren't subscribed to![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png)
dw_news or don't receive emails when we post a new dw_news post, and ask them to do the same.
All comments to this particular post will be automatically screened. If you need to contact someone about your account, please open a support request in the Terms of Service category and we'll get back to you as soon as we can.
EDIT: We're sorry if you received multiple emails about this! Obviously the thing we tried in hopes it would make the problem better has just made it happen to more people. The same problem has extended the usual notification delay after a news post signficantly longer. We'll get it fixed as soon as we can.
After additional research, we're highly confident the account breakins were due to people using the same password for their Dreamwidth account as one they'd previously used on another social networking site. However, because the other site hasn't notified its users of any data breach, we can't say for certain they're the source of the password data -- we can only look at the circumstantial evidence. Because many Dreamwidth users also have accounts on the site in question, we'll be working over the next few days to fully evaluate the risk to you, and we may notify the people we believe are at higher risk for an account breakin. You may get an email from us about this -- if you do, please follow the instructions in it.
As we learn more, it may become necessary at some point to forcibly expire some people's login sessions or reset their passwords for them. We don't currently predict needing to do this, but it's a possible step we may need to take in the future. Please check right now to make sure the email address confirmed on your account is an address where you can get mail. If it isn't, change it to your current email address.
If you've ever used your current Dreamwidth password on any other site, or if you aren't sure if you have or not, please change your Dreamwidth password for all your accounts as soon as you can. Again, we're highly confident we're not the source of the password compromise, but there are people who take the information from other sites who have had a password breach and try them elsewhere.
We strongly recommend using strong, randomly-generated, unique passwords for each different site you have an account on, and downloading and using a reputable password manager such as Dashlane, 1Password, Keeper, LastPass, or Zoho to generate and store your passwords for you.
The tl;dr summary for what you should do for all your accounts:
* Check your current email address, and change it if you can't get mail there.
* Change your Dreamwidth password if you've ever used it anywhere else, or aren't sure if you have or not.
* Share these steps with your friends who aren't subscribed to
dw_news or don't receive emails when we post a new dw_news post, and ask them to do the same.All comments to this particular post will be automatically screened. If you need to contact someone about your account, please open a support request in the Terms of Service category and we'll get back to you as soon as we can.
EDIT: We're sorry if you received multiple emails about this! Obviously the thing we tried in hopes it would make the problem better has just made it happen to more people. The same problem has extended the usual notification delay after a news post signficantly longer. We'll get it fixed as soon as we can.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}