Unsolicited password resets

Discussion:

David Anderson

2013-12-03 17:25:38 UTC

Hi,

Just wondering.... has anyone else received an unsolicited 'password
reset' email from wordpress.org today?

I received one, and wondered if it's part of a pattern. Obviously a
wordpress.org login is quite powerful if it control SVN access to a
top-100 plugin installed on 50,000 sites, and there are presumably bad
guys who try to crack them.

David

--
WordShell - WordPress fast from the CLI - www.wordshell.net

Otto

2013-12-03 17:33:36 UTC

Permalink

Do you have a username that some user is likely to think is their own?

You'd be surprised at the number of people trying to log into WordPress.org
using their usernames/passwords from their own websites. Then getting
confused as to why they never get the reset email...

-Otto

Post by David Anderson
Hi,
Just wondering.... has anyone else received an unsolicited 'password
reset' email from wordpress.org today?
I received one, and wondered if it's part of a pattern. Obviously a
wordpress.org login is quite powerful if it control SVN access to a
top-100 plugin installed on 50,000 sites, and there are presumably bad guys
who try to crack them.
David
--
WordShell - WordPress fast from the CLI - www.wordshell.net
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers

Shea Bunge

2013-12-04 02:04:55 UTC

Permalink

I have been receiving several phishing emails from both WP.org and Yoast
recently. Just ignore them, you're smarter then that.

Post by Otto
Do you have a username that some user is likely to think is their own?
You'd be surprised at the number of people trying to log into WordPress.org
using their usernames/passwords from their own websites. Then getting
confused as to why they never get the reset email...
-Otto

guys

Post by David Anderson
who try to crack them.
David
--
WordShell - WordPress fast from the CLI - www.wordshell.net
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers

_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers

--
Regards,

Shea Bunge
http://bungeshea.com

Otto

2013-12-04 04:41:53 UTC

Permalink

Post by Shea Bunge
I have been receiving several phishing emails from both WP.org and Yoast
recently. Just ignore them, you're smarter then that.

In specific reference to these, yes, they are spam and fake.

I believe that Gmail and Yahoo are now actively marking them as spam, from
reports of smart users of those services. I've not received the emails
myself, but I've had a few forwards sent to me.

WordPress.org doesn't do that sort of thing. Obviously. Please pass it
along that these are fake and the links contain malware. Also pass along
basic malware-sniffing-smartness, if possible. Better for the world in
general, sort of thing.

-Otto

Continue reading on narkive:

Search results for 'Unsolicited password resets' (Questions and Answers)

replies

Someone's using my email address!

started 2008-08-06 09:45:12 UTC

internet

replies

How do I stop getting these "you requested a new Facebook password" emails/texts?

started 2011-07-12 12:00:43 UTC

facebook

replies

is there a spoof email supposedly from ebay going around with link to 'reset password'?