SitePoint admitted a data breach after finding sale of one million SitePoint user details.
SitePoint — User Data Breach
A Melbourne-based website, and publisher of books, courses and articles for web developers.
Earlier SitePoint disclosed a data breach after their user database was sold and eventually leaked for free on a hacker forum.
In a data breach notification this week, SitePoint confirmed an intrusion into its systems sometime last year.
However the company — believed that information leaked includes:
- user name
- email address
- hashed password
- and, IP address
But, the company believes the stolen passwords are currently safe as they have been hashed and it would be difficult to convert into plaintext which would be lengthy process.
The Waydev tool
The thirdparty tool which SitePoint used to monitor their GitHub account.
Moreover, where hackers gained access to that tool leading to data breach.
“This allowed access through our codebase into our systems. This tool has been removed, all of our API keys rotated and passwords changed,” the company said.
However, SitePoint also send notifications and recommended their users to change their passwords with atleast ten characters long.