This is real sp5it account owner. That account was stolen/hacked.
I’m not responsible for anything happened during last 2 weeks.
Just recovered that account with help of site admin.
Mike
“You” almost got me
How can we be certain it’s really you now?
Interestingly it’s not the first time recently. Do you know how they got the password? Was there a social engineering attack in the flashlight community or just a good old “used password somewhere else and it got leaked”?
That was my question as well, but he sent me some convincing proof.
So this is a good time to remind everybody that even if BLF is “just” a flashlight forum it’s still important to use a unique and strong password, because it’s almost certain that some other website you registered on with the same username/email and password has leaked that password to the World Wild Web (WWW) at some point.
Unique password for every login + some trustworthy password manager to, well, manage them is the only way.
2FA/auth keys wherever possible.
I’ve said it before, but it’s worth repeating once in a while:
correct horse battery staple
… and some sort of password vault to remember everything for you, so you can easily have different passwords and other data on every site. Ideally, a different email and password for every site, and 2FA using a local TOTP/HOTP app or something. But at minimum, a different strong password for every site.
That way, at least when an account gets compromised, it’s only that account. The damage is limited in scope.
So how did your account get stolen, were the credentials stolen from you or from the BLF server.
The credentials were not stolen from BLF.
There are massive databases online of username/email + password combinations from other sites that were hacked or improperly allowed access to their password records. Hackers often try those same username/email + password combinations on other websites, and they often work because the user registered there with the same combination that another site leaked. Or sometimes they just try with really common/simple passwords.
Another possibility is somehow tricking the user into revealing their password or clicking on a link that installs malware to log their keyboard input.
fwiw, last year both my Verizon and ATT cellular accounts notified me of a security breach that compromised their passwords.
They gave me a year of free credit monitoring… Nothing bad happened… I just created new passwords (yes different for each account) and all has been well.
glad Mike’s account is recovered and secured again…