Hello, My identity protection service alerted me that my user name and password associated with this site were compromised and found online. It did not implicate this site specifically, but it is one of the very few websites where I use this particular variation on my user name, so everyone be careful. Dr.Travleler
Can you provide any additional details on this? Specifically: What software are you using that's telling you this? What other web sites is it telling you were hit by this. Do you use a unique username and password for TouchArcade? We did a cursory security audit this morning, and there isn't anything that would indicate any kind of unauthorized access to our database where any passwords (which are all stored encrypted anyway) would have been leaked. The only known security breach across our entire network was in 2013 when the MacRumors forum databased was compromised. As soon as this was discovered we also took TouchArcade offline for a full security audit and where it became apparent that although attackers had also attempted to attack TouchArcade, only MacRumors was impacted. The best practice to protect yourself from these sorts of things is by using a password manager, I like 1Password myself, but they all do the same thing. Once you are set up with the password manager of your choice, use a long, complex password to secure your password vault then use unique passwords for every site you visit online that has any kind of login. That way, if a site gets hacked, it really doesn't matter. The most common attack vector is targeting small sites with a login database that uses forum software (or similar) that isn't up to date and has known exploits (we are running a very modern version of Xenforo, for what it's worth), then using those logins to try to access email accounts, which basically opens a pandora's box of compromising everything and anything you use which could include online banking accounts, cryptocurrency holdings, you name it. If you use a unique password for everything, if TA ever did get hacked, the only thing you'd need to deal with is changing that one password (which we'd force everyone to do anyway in a mass email sent out to alert folks of the hack). Anyway, thanks for the heads up either way.
Hi, It’s a credit/ID theft service provided by the government following a breach of their own servers that had some of my own information. Part of the service is a cyber scan that watches for my email specifically. I get alerts every so often as I use a yahoo address for personal emails and they had a massive breach. I’ve updated passwords repeatedly in the past so it’s not a big deal. This alert was different as it was linked to a user name in addition to my email, Dr.Traveler. This variation of my username (with the period) isn’t a common one I use. I typically use just DrTraveler. Unfortunately it didn’t list a specific site so I’m trying to alert admins at any site where I use this particular username. I’m still working on tracking down any other instances where my yahoo email is associated with this variation. I found one other instance involving a politics message board, so this may not be a touch arcade issue. Also, the Cyberscan isn’t something that happens everyday so it could be a very very old issue. I don’t want to cause a false alarm, but I also don’t want to just say meh. So. By the way, you guys do great work with the site!
