"A search engine query will tell them which sites any particular username is on."
A bot can search Google for usernames that match the usernames with known passwords in a database file.
Many of the impacted are dormant accounts, so the spammer may login before the user. If the spammer has access to the password, couldn't they setup 2FA on the account after logging in?
If the entity is using an old list of usernames and passwords and randomly trying to match them up with found accounts with the same names around the web, they should be detected by services like Cloudflare by now for millions of failed login attempts at Wordpress sites and forums. This attack...
The most recent accounts we can see that are impacted were registered in late 2021. The oldest accounts are many years old. That data must be from late 2021, 2022 or 2023, which could line up with a LastPass leak in 2022.
One way to help pinpoint where this is coming from would be to find an active user who has had their account taken over and ask them if they use a third party service to store their passwords. Most of the accounts appear to be abandoned, but there have been a few mentions of active accounts...
We have confirmed that at least one account that was taken over has a strong password. We have also confirmed that at least two accounts are not listed on HaveIBeenPwned.
Does anyone think this might be related to the recent LastPass leak...
There is another thread about this week's forum user takeovers here if anyone is interested in discussing it.
https://xenforo.com/community/threads/spammers-posting-through-existing-accounts-with-no-need-to-login.211713/
Thank you for the suggestion. We have a very experienced server administrator managing our servers, and they have tried various MySQL optimizations without any luck. Since this issue is specific to XenForo, and the forum runs fast when we aren't trying to move or remove posts, we are hoping to...
We have run into an issue where we can't move or delete posts or threads on a large XenForo install and I would like to get some advice.
We are running XenForo v2.2.9 with 50+ million posts and 2+ million registered users.
When we try to move or delete posts using the inline moderation (even...
I see this post about it from 2014, but does one of the experts know if editing the PHP file is still the preferred way to change font sizes for users in the XenForo editor?