Some sort of flag we can display when a user has recently updated their information (scam prevention via data breaches)

elsparkodiablo

Active member
With the number of data breaches that are happening in the ecommerce world, we've seen a recent uptick in scammers searching for username / password combinations that have been leaked, then coming onto our forums and committing fraud via paypal friends & family.

What we've seen happen is that someone's profile will be compromised, their information changed, and the scammer will then post an ad in our for sale areas for a highly desirable item. They will tell multiple people that it's available, have them send paypal and then continue until they are caught.

Is there a way to have someone put into a member group or have a flag displayed if they've changed their information in the last, say, 72 hours?

Even the ability to have them added to a custom user group for 3 days via the promotions system would help. Something, anything, that we can have show up saying "Hey, this user's info was altered in the last few hours, be careful"
 
Upvote 1

elsparkodiablo

Active member
Xon, can you clarify, with your 2FA detection does this check to see if the user's password is compromised every time someone logs in using it?
 

Xon

Well-known member
Yes. On login it will check if the password hash matches known compromised passwords via haveibeenpwned. And if matches, sends and alert or optionally forces 2FA to be enabled.
 

Dragonfruit

Well-known member
My (free) add-on password tools has breeched password detection (via haveibeenpwned), and can force email 2fa if no 2fa is configured when this condition is detected on login.

This is a fantastic add-on, I've had feedback that it reported user's passwords were potentially leaked, so they immediately changed it to something new.
Thank you for this @Xon
 
Top