Hacker News new | past | comments | ask | show | jobs | submit login

I don't know if they've invalidated my password, or if the attacker has already accessed my account, but I can't login with my details.

I can't help but think that they would be better off just doing an UPDATE users SET password='';, and relying on the forgot-password functionality to let users get access again

edit I received my forgot-password email after 4-5 minutes waiting (their servers are under quite a bit of stress right now .. understandably) Once I was logged in via the forgot-password link, everything was quite snappy. Just give it a few minutes and it'll reach you too, then you can reset your password to something random. (I can't recomment 1Password[1] enough)

[1] https://agilebits.com/onepassword




Ditto. I'm unable to login with my credentials, and have yet to receive the password reset I requested (although I assume they are getting a lot of those right now, so it may be queued). All these compromises sure are getting tiring. I've already been hit with Evernote, LivingSocial and Linode so far this year (that I'm aware of).


I think they already reset all passwords, because I'm in the same boat. I put in a reset request, which was accepted, but didn't yet get the email with the reset link.

I'm guessing whatever mailing queue they have set up is completely back logged right now until it finishes sending out the general account compromise email (displayed elsewhere in this thread). At least, that's my best guess. I haven't gotten that email yet.


Your password was scrambled, which is why you cannot login.

> UPDATE users SET password='';

That would be an extremely bad idea. Never set pass to empty on Drupal 6 sites.


Also not able to login. I ran the forgot password functionality but their FAQ says it could take up to 15 min. to receive the email.


It took me about 4 minutes to receive the email - once I got it, the servers were quite responsive. Just give it a few minutes ... it'll get to you eventually


The servers are responsive because all the rest of us are locked out, still waiting on our reset email :-/

It's been 20 minutes since I submitted the reset, and I still don't have the email.

Edit: got email after 40 min.


Our email systems are somewhat loaded from the email announcement so it might be a little slow. Things are slowly improving in speed however.


Same here, I know I used one of three passwords, and I'd like to know which one I stupidly used.


I linked to this in my edit, but it's worth re-linking here: https://agilebits.com/onepassword

Use it. And never look back :)


I much prefer lastpass, and keepass for everything else.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: