denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)
Denise ([staff profile] denise) wrote in [site community profile] dw_maintenance2020-03-17 04:31 pm
  • Add Memory
  • Share This Entry

(no subject)

Some of you have noticed an uptick in spam accounts following you this week -- it was because a group of spammers were able to take over some legit accounts and use them for spam. (Our usual antispam efforts have worked pretty well to take care of newly created spam accounts, so spammers are going for the old ones instead.) It does appear that the accounts that were hijacked had used the same password they used on Dreamwidth for other sites, and the spammers found that username/password combination in one of the many black market venues for password resale.

We think we've managed to catch and suspend all the accounts that were being used for spamming -- if yours was one of them, open a support request in the Terms of Service category and we'll help you resecure your account so we can unsuspend it. If you spot one that our automated scan missed, open a support request in Anti-Spam and we'll take a look as soon as we get through the backlog of the already-reported ones. If you spot one and it's already been suspended, you don't have to report it.

This is a great time to remind everyone: please don't reuse passwords for multiple sites! The best and most secure way of handling passwords is to download a password manager, like Dashlane, 1Password, Keeper, LastPass, or Zoho. (Everyone has their own favorite, but those are all reputable and secure.) Let the password manager generate and remember passwords for you. This improves security for everyone!

(Edit:) I also forgot to remind people: you can check to see if your information has appeared in a data breach at Have I Been Pwned? It's a legitimate security research site that keeps a database of which account information is for sale on the black market. They don't tell you which passwords were compromised, just whether your email address appears in a collection of passwords, and they don't have every dataset that's circulating on the black market, but if your email address gets a result there, you should change your password on that site immediately, change the password on any site that you used the same password for (and make it a unique password!), and never use that password again. People who have the black market file try those username/password combinations on every site they can find to see how many accounts they can get into.

Page 1 of 2

Flat | Top-Level Comments Only | Expand All
frith: Violet unicorn cartoon pony with a blue mane (FIM Twilight friendly)

[personal profile] frith 2020-03-17 08:40 pm (UTC)(link)
Thank you for the heads-up and for swatting those parasitic spammers. ^_^
alexseanchai: Katsuki Yuuri wearing a blue jacket and his glasses and holding a poodle, in front of the asexual pride flag with a rainbow heart inset. (Default)

[personal profile] alexseanchai 2020-03-17 08:43 pm (UTC)(link)
thank you!
spectrier: a cropped image of a black horse with a purple mane with long white eyelashes. (Default)

[personal profile] spectrier 2020-03-17 08:43 pm (UTC)(link)
I did wonder why I had people subscribing to me out of nowhere! Thanks for the explanation and quick resolution of the issue.
weofodthignen: selfportrait with Rune the cat (Default)

[personal profile] weofodthignen 2020-03-17 08:50 pm (UTC)(link)
Ah, that had gone through my mind when I saw a mystery subscription; sorry to see I was apparently right, and thanks for being on top of things.
commoncomitatus: ([FS] Aggressive negotiations)

[personal profile] commoncomitatus 2020-03-17 08:52 pm (UTC)(link)
Thanks for all your hard work on this! <3
stormy: βͺ ππŽπ“πˆπ‚π„ ❫ 𝑫𝑢 𝑡𝑢𝑻 𝑻𝑨𝑲𝑬 𝑴𝒀 𝑰π‘ͺ𝑢𝑡𝑺 ⊘ (Default)

[personal profile] stormy 2020-03-17 08:59 pm (UTC)(link)
Thank you for the heads up! I double checked and changed any compromised passwords today.
juliet316: (Torchwood: Ianto Jones)

[personal profile] juliet316 2020-03-17 09:06 pm (UTC)(link)
Had a couple of suspicious accounts try to subscribe to me as well. I just ignored them.
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2020-03-17 09:20 pm (UTC)(link)
Check on them if you still have the names, and if they're not suspended, open a support request in Anti-Spam -- I have found a few from user reports that slipped through the cracks of our automated scan, since we were trying to get the spammers and minimize the false positives.

(no subject)

[personal profile] brooksmoses - 2020-03-17 21:54 (UTC) - Expand

(no subject)

[staff profile] denise - 2020-03-17 22:00 (UTC) - Expand

(no subject)

[personal profile] juliet316 - 2020-03-17 22:41 (UTC) - Expand

(no subject)

[staff profile] denise - 2020-03-17 22:43 (UTC) - Expand
naye: tiny raindeer in a hat making happy arms and grinning (yay!)

[personal profile] naye 2020-03-17 09:15 pm (UTC)(link)
Brilliant. Thank you so much for dealing with them!
dewline: Text - "On the DEWLine" (Default)

[personal profile] dewline 2020-03-17 09:16 pm (UTC)(link)
Decided to pre-emptively ban-hammer my three suspects.

Thanks in any case!
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2020-03-17 09:21 pm (UTC)(link)
If you still have the names, check on them, and if they're not suspended, please open a support request in Anti-Spam! We caught a whackload with our automated scan, but I've already identified a few from user reports that slipped through the cracks because they didn't match all our criteria.

(no subject)

[personal profile] dewline - 2020-03-17 21:40 (UTC) - Expand

(no subject)

[staff profile] denise - 2020-03-17 21:42 (UTC) - Expand

(no subject)

[personal profile] dewline - 2020-03-17 21:43 (UTC) - Expand

(no subject)

[staff profile] denise - 2020-03-17 21:58 (UTC) - Expand

(no subject)

[personal profile] paserbyp - 2020-03-17 22:32 (UTC) - Expand
cmcmck: (Default)

[personal profile] cmcmck 2020-03-17 09:54 pm (UTC)(link)
Thanks!

No problem here but I was hearing from friends who had been hit
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2020-03-17 10:01 pm (UTC)(link)

Yeah, it was less than a thousand accounts total, but they were really prolific in following people.

lauand: (Gojyo - Fuck up)

[personal profile] lauand 2020-03-17 09:56 pm (UTC)(link)
Thanks for the info!
navaan: (Default)

[personal profile] navaan 2020-03-17 09:57 pm (UTC)(link)
I just noticed one today. Thank you for the info and all the work you're doing!! β™₯
veritas_poet: (Type)

[personal profile] veritas_poet 2020-03-17 10:20 pm (UTC)(link)
Thanks for keeping on top of this and for informing us. Y'all are the best.

[personal profile] unfavorableinstigation 2020-03-17 10:36 pm (UTC)(link)
Adding to the thank-yous! =D

And thank you to the swift response to my own report, as well; glad it's being taken care of.
paserbyp: (Default)

[personal profile] paserbyp 2020-03-17 10:36 pm (UTC)(link)
How about to add two factors authentication? To much work?
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2020-03-17 10:38 pm (UTC)(link)

It's on our "eventually" list but we're still debating the best way to do it.

(no subject)

[personal profile] paserbyp - 2020-03-17 22:40 (UTC) - Expand

(no subject)

[personal profile] the_beasts - 2020-03-17 23:01 (UTC) - Expand

(no subject)

[staff profile] denise - 2020-03-17 23:08 (UTC) - Expand

(no subject)

[personal profile] the_beasts - 2020-03-17 23:30 (UTC) - Expand

(no subject)

[personal profile] lizvogel - 2020-03-18 19:10 (UTC) - Expand

(no subject)

[staff profile] denise - 2020-03-18 20:41 (UTC) - Expand

(no subject)

[personal profile] alexseanchai - 2020-03-19 01:09 (UTC) - Expand

(no subject)

[personal profile] thenewbuzwuzz - 2020-03-19 11:57 (UTC) - Expand

(no subject)

[personal profile] 20_00 - 2020-03-18 05:10 (UTC) - Expand

(no subject)

[staff profile] denise - 2020-03-18 20:19 (UTC) - Expand

(no subject)

[personal profile] 20_00 - 2020-03-19 02:51 (UTC) - Expand

(no subject)

[personal profile] weofodthignen - 2020-03-18 06:14 (UTC) - Expand

(no subject)

[staff profile] denise - 2020-03-18 20:27 (UTC) - Expand
ex_flameandsong751: An androgynous-looking guy: short grey hair under rainbow cat ears hat, wearing silver Magen David and black t-shirt, making a peace sign, background rainbow bokeh. (happiness)

[personal profile] ex_flameandsong751 2020-03-17 11:07 pm (UTC)(link)
Thank you for the very speedy resolution!
ppk_ptichkin: (Default)

[personal profile] ppk_ptichkin 2020-03-17 11:30 pm (UTC)(link)
I was about to report a spammer or three. Thank you for cleaning this up!
turgutmakbak: (Default)

[personal profile] turgutmakbak 2020-03-23 08:16 am (UTC)(link)
This is not as bad (by far!) as at some other places. E.g. I think Ello has a much bigger problem with legit accounts taken over by spammers.
tanya_salpe: (Default)

[personal profile] tanya_salpe 2020-03-17 11:43 pm (UTC)(link)
Thank you so much!
sheliak: Handwoven tapestry of the planet Jupiter. (Default)

[personal profile] sheliak 2020-03-17 11:53 pm (UTC)(link)
Good to know what's going on!
dragoness_e: Living Dead Girl (Living Dead Girl)

[personal profile] dragoness_e 2020-03-18 02:35 am (UTC)(link)
I know for a fact that all my old LJ accounts are compromised, with the e-mail/account name/passwords being in cyber-criminal hands. Methinks the Russian entity that owns Livejournal now isn't too fussy about security, or something.

Fortunately, I didn't use those passwords anywhere else. If anyone here migrated from LJ, as I did, make sure you don't use the same passwords as you did on LJ.
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2020-03-18 08:58 pm (UTC)(link)
Let me be scrupulously careful here in how I phrase this: There are files ("dumps") on the black market that claim to be from a LiveJournal breach in 2014, and I've never seen anyone who was listed in the dumps say that their information was incorrect (and have seen many who have said it was). However, LiveJournal has never confirmed the breach or informed their users of the problem, so there's a chance the dumps are fake, or that the account info is from another source that the compiler of the file took and tested against LiveJournal to find people whose passwords were reused. We, as a company, are making no statement and have no opinion on whether LiveJournal had a data breach, and we hope that if they had, they would have notified their users.

That having been said, this is exactly why we take every opportunity we can to remind people that it's a bad idea to reuse passwords across sites! If you've ever used your current Dreamwidth password on any other site (not just LiveJournal), please change it. Password managers are a great way to both generate strong, unique passwords and to store those passwords for you so that you don't lose them.

(no subject)

[personal profile] seeitbloom - 2020-03-19 02:15 (UTC) - Expand

(no subject)

[staff profile] denise - 2020-03-19 06:08 (UTC) - Expand
acciochocolate: (Default)

[personal profile] acciochocolate 2020-03-18 02:40 am (UTC)(link)
Thanks! I'm seeing negative reviews on IMDB from these trolls and not sure how to report it there.
rattfan: (Default)

[personal profile] rattfan 2020-03-18 03:27 am (UTC)(link)
I was subscribed to by a "drunkenkitsune" but noticed it was an RU account, also with no entries, so ignored it. Anything else I need to do?
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2020-03-18 08:29 pm (UTC)(link)
If the URL on the profile looks like a spammy porn URL and we didn't catch it yesterday, you can report it to the anti-spam team by opening a support request.
(reply from suspended user)
penguinmayhem: Pictured: a smug moron. (Default)

[personal profile] penguinmayhem 2020-03-18 08:17 am (UTC)(link)
Thanks for the hard work, guys!
madfilkentist: My cat Florestan (gray shorthair) (Default)

[personal profile] madfilkentist 2020-03-18 10:39 am (UTC)(link)
In the past week I got two suspicious-looking followers. That explains it.

LiveJournal refugees should be especially careful not to reuse their passwords from there. A large number of people I know, including myself, got "Caught you on camera watching porn" spam, giving our old LiveJournal passwords as "evidence." In its earlier days, LJ must have been very sloppy about protecting user passwords.
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2020-03-18 08:59 pm (UTC)(link)
I'll repeat what I said above, which is as carefully phrased as I can get it: There are files ("dumps") on the black market that claim to be from a LiveJournal breach in 2014, and I've never seen anyone who was listed in the dumps say that their information was incorrect (and have seen many who have said it was). However, LiveJournal has never confirmed the breach or informed their users of the problem, so there's a chance the dumps are fake, or that the account info is from another source that the compiler of the file took and tested against LiveJournal to find people whose passwords were reused. We, as a company, are making no statement and have no opinion on whether LiveJournal had a data breach, and we hope that if they had, they would have notified their users.

That having been said: this is exactly why we take every opportunity we can to remind people that it's a bad idea to reuse passwords across sites! If you've ever used your current Dreamwidth password on any other site (not just LiveJournal), please change it. Password managers are a great way to both generate strong, unique passwords and to store those passwords for you so that you don't lose them.
Flat | Top-Level Comments Only | Expand All

Page 1 of 2