Security News > 2021 > February > SitePoint discloses data breach after stolen info used in attacks
The SitePoint web professional community has disclosed a data breach after their user database was sold and eventually leaked for free on a hacker forum.
This week SitePoint users told BleepingComputer that they received extortion and fake cryptocurrency giveaway emails to addresses that they state were specifically created for and only used at SitePoint.
After these users complained to SitePoint, the company disclosed a data breach where they confirm that threat actors hacked their systems and stole member data.
"As a precautionary measure, while we continue to investigate, we have reset passwords on all accounts and increased our required length to 10 characters. Next time you login to SitePoint you will need to create a new password," SitePoint states in a data breach notification shared with BleepingComputer.
While SitePoint has not disclosed the compromised third-party tool's name, it fits the Waydev app breach's description that hackers used to breach other sites over the past year.
If your SitePoint password is used at other sites, you should also change your password to a unique and strong one used only at that site.
News URL
Related news
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Henry Schein discloses data breach a year after ransomware attack (source)
- Dutch Police: ‘State actor’ likely behind recent data breach (source)
- Comcast and Truist Bank customers caught up in FBCS data breach (source)
- Internet Archive hacked, data breach impacts 31 million users (source)
- Internet Archive data breach, defacement, and DDoS: Users’ data compromised (source)
- Fidelity Investments says data breach affects over 77,000 people (source)
- Fidelity Data Breach Exposes Data of Over 77,000 Customers (source)
- USDoD hacker behind National Public Data breach arrested in Brazil (source)
- Insurance admin Landmark says data breach impacts 800,000 people (source)