Security News > 2021 > February > SitePoint discloses data breach after stolen info used in attacks
The SitePoint web professional community has disclosed a data breach after their user database was sold and eventually leaked for free on a hacker forum.
This week SitePoint users told BleepingComputer that they received extortion and fake cryptocurrency giveaway emails to addresses that they state were specifically created for and only used at SitePoint.
After these users complained to SitePoint, the company disclosed a data breach where they confirm that threat actors hacked their systems and stole member data.
"As a precautionary measure, while we continue to investigate, we have reset passwords on all accounts and increased our required length to 10 characters. Next time you login to SitePoint you will need to create a new password," SitePoint states in a data breach notification shared with BleepingComputer.
While SitePoint has not disclosed the compromised third-party tool's name, it fits the Waydev app breach's description that hackers used to breach other sites over the past year.
If your SitePoint password is used at other sites, you should also change your password to a unique and strong one used only at that site.
News URL
Related news
- ADT confirms data breach after customer info leaked on hacking forum (source)
- CSC ServiceWorks discloses data breach after 2023 cyberattack (source)
- How to Prevent Your First AI Data Breach (source)
- Toyota confirms third-party data breach impacting customers (source)
- National Public Data Breach: Only 134 Million Unique Emails Leaked and Company Acknowledges Incident (source)
- CannonDesign confirms Avos Locker ransomware data breach (source)
- Patelco notifies 726,000 customers of ransomware data breach (source)
- Nearly 1/3 of Companies Suffered a SaaS Data Breach in Last Year (source)
- Park’N Fly notifies 1 million customers of data breach (source)
- GDPR Data Breach Notification Letter (Free Download) (source)