Security News > 2021 > February > SitePoint discloses data breach after stolen info used in attacks
The SitePoint web professional community has disclosed a data breach after their user database was sold and eventually leaked for free on a hacker forum.
This week SitePoint users told BleepingComputer that they received extortion and fake cryptocurrency giveaway emails to addresses that they state were specifically created for and only used at SitePoint.
After these users complained to SitePoint, the company disclosed a data breach where they confirm that threat actors hacked their systems and stole member data.
"As a precautionary measure, while we continue to investigate, we have reset passwords on all accounts and increased our required length to 10 characters. Next time you login to SitePoint you will need to create a new password," SitePoint states in a data breach notification shared with BleepingComputer.
While SitePoint has not disclosed the compromised third-party tool's name, it fits the Waydev app breach's description that hackers used to breach other sites over the past year.
If your SitePoint password is used at other sites, you should also change your password to a unique and strong one used only at that site.
News URL
Related news
- Rhode Island confirms data breach after Brain Cipher ransomware attack (source)
- Texas Tech University System data breach impacts 1.4 million patients (source)
- Ireland fines Meta $264 million over 2018 Facebook data breach (source)
- New fake Ledger data breach emails try to steal crypto wallets (source)
- Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts (source)
- 46% of financial institutions had a data breach in the past 24 months (source)
- UN aviation agency investigating possible data breach (source)
- Washington state sues T-Mobile over 2021 data breach security failures (source)
- Largest US addiction treatment provider notifies patients of data breach (source)
- STIIIZY data breach exposes cannabis buyers’ IDs and purchases (source)