Denise (![[staff profile]](https://www.dreamwidth.org/img/silk/identity/user_staff.png)
denise) wrote in ![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png)
dw_maintenance2020-05-08 06:31 pm
denise) wrote in dw_maintenance2020-05-08 06:31 pm
(no subject)
In March, we posted several entries about an increase in people breaking into old accounts and using them for spam purposes.
Today has seen another wave of zombie accounts having their profile edited to link to spam and then subscribing to many people. If you see this happen, you don't need to report it to us: we're identifying them automatically and suspending them until their owners can resecure them. If your account is one of the ones suspended, please change your password and edit the profile to remove the spam link from the Website field, then open a support request in the Terms of Service category and we'll get back to you ASAP to unsuspend your account.
We continue to believe the source of the password information is another social media site that many Dreamwidth users also have accounts on. The site in question has declined to investigate the reports we've made to them or to investigate whether the information we've found is legitimate. We will continue not to publicly name them in top-level posts until we're positive we've done everything we can to protect Dreamwidth users who may also have accounts on the site in question, after which point we'll let you know what we know. We're trying to avoid doing that until we think we've caught the vast majority of vulnerable accounts, however.
If you have not changed your Dreamwidth password since May of 2014, we strongly recommend that you change your password. Again: We have no evidence that our servers were compromised, and we have strong evidence that the source of account breakins is another social media site's as-yet-undisclosed breach. However, today's wave of breakins has included a number of accounts that our available methods of figuring out who may be vulnerable didn't catch, so we may need to look more widely for potentially vulnerable accounts.
To verify any email from us about your Dreamwidth password is actually from us, log into your Dreamwidth account and visit the homepage or thedw_news journal. Every email we send you about your account password from here on out will repeat these instructions.
Today has seen another wave of zombie accounts having their profile edited to link to spam and then subscribing to many people. If you see this happen, you don't need to report it to us: we're identifying them automatically and suspending them until their owners can resecure them. If your account is one of the ones suspended, please change your password and edit the profile to remove the spam link from the Website field, then open a support request in the Terms of Service category and we'll get back to you ASAP to unsuspend your account.
We continue to believe the source of the password information is another social media site that many Dreamwidth users also have accounts on. The site in question has declined to investigate the reports we've made to them or to investigate whether the information we've found is legitimate. We will continue not to publicly name them in top-level posts until we're positive we've done everything we can to protect Dreamwidth users who may also have accounts on the site in question, after which point we'll let you know what we know. We're trying to avoid doing that until we think we've caught the vast majority of vulnerable accounts, however.
If you have not changed your Dreamwidth password since May of 2014, we strongly recommend that you change your password. Again: We have no evidence that our servers were compromised, and we have strong evidence that the source of account breakins is another social media site's as-yet-undisclosed breach. However, today's wave of breakins has included a number of accounts that our available methods of figuring out who may be vulnerable didn't catch, so we may need to look more widely for potentially vulnerable accounts.
To verify any email from us about your Dreamwidth password is actually from us, log into your Dreamwidth account and visit the homepage or the
dw_news journal. Every email we send you about your account password from here on out will repeat these instructions.
no subject
no subject
I would not be especially surprised if someone in Rambler has just axed a range of IPs without much thinking.
no subject
- LJ have invalidated a lot of older passwords,
- so any cross-post attempt by any user from DW using an old password results in a login failure,
- and LJ's login failure counter adds to the count from the DW IP address.
- A threshold is passed and the IP address is "temporarily banned".
This could take a while to work its way out...