Report URI received a false breach claim backed by real credentials harvested from info-stealer malware (ALIEN TXTBASE). The post explains how info-stealers bypass conventional security controls like strong password policies, bcrypt hashing, and Pwned Passwords checks. It details the gap identified — passwords compromised after account creation — and the new automated account lockout triggered when a login uses a known-breached password. Staff admin controls for manual account locking were also added. Future work on stolen session cookie protection is mentioned, along with user guidance on enabling 2FA, using a password manager, and scanning compromised devices.
Table of contents
Info StealersExisting Account Security ControlsNone of that mattersOur existing processIdentifying the gapThe new account lockout processService-wide improvementsFuture considerationsWhat should users do?Sort: