Cyber attacks trough forums?

Privacy Questions
1

Well, to get down to what happend on a forum with a similar build like this one (looks the same):
-I went online to do some surfing there, clicked login and let Bitwarden fill out the gaps.
Klickt login and got logged in.
-For the email I used I got an email stating I requested a reset password (for this particular site :fearful:)
-but hey, maby I was tired. But honestly going to the procedure “forgot password” I would remember re-entering my email adress (and was logged into the forum)
-I went over to my email account in another browser window and after logging in there I see 168 login attempts :fearful:
-Changed the password to the longest it would accept (40 characters) trough BW.
-Havent seen any extra login attempts after the last 2 login.

What the hell was that?

Hence maby why I’m thinking about hardening Brave more ^^

Browser used Brave, hardend as per DivestOS (think it is same at PG), can’t rember filter list used.

2

Someone (or some bot) tried to “guess” your password, most likely.

2 Likes
3

So you think unrelated to that forum?

4

No idea. Could be someone who doesn’t like you, could be completely random.

1 Like
5

I’m not following mate :crazy_face:
How can someone random (if related to the forum) know/see my email?

The first version is not possible, only made it to 1 post. :laughing:

If it was just some weird coincidence, and not related to that forum then it would make more sense.

6

To add to what Valynor said, I’d suggest checking whether your email address has been leaked in a breach. You can use sites like https://haveibeenpwned.com/ for this purpose. One of my email addresses was leaked through a breach before, which resulted in a lot of spam phishing emails and unknown login attempts.

Practice good digital hygiene and follow OpSec best practices, such as not reusing the same password and using a strong generated password. I also recommend using a service like Simplelogin to generate new email aliases for any logins.

Other than that, there is not much you can do right now other than to monitor the situation and see if anything comes up.

Edit: There is a scenario from a long time ago where a forum was saving passwords in plain text. Given that many users were reusing the same email + password combination, a lot of their email accounts were compromised. It’s relatively unlikely these days, but still a possibility.

4 Likes
7

I was going to say they probably don’t know your email address and requested a password reset with only your username. But it appears discourse (the software used for this forum) requires an email address for password resets.

I’m interested to know that they email you for every login attempt. I never receive such emails. Is that something you have to enable on the forum?

8

No setting to be notified.
I went in the my account of the mail provider to see this.
Went there to check because I found the situation suspicious.
In the mask of the account, top, if you are in desktop mode, if there are failed login attempts it will say how many.