The SitePoint web professional community has disclosed a data breach after their user database was sold and eventually leaked for free on a hacker forum.
SitePoint is a website launched in 1999 that offers content and a community devoted to web professionals and developers. The site offers a premium membership that provides access to over 600 books, courses, and talks.
At the end of December 2020, BleepingComputer learned of a data breach broker selling the user databases for 26 different companies. One of the databases was for SitePoint.com, which the broker stated contained one million user records.
At the time, BleepingComputer contacted SitePoint with this information, but we never received a response to our repeated emails.
On January 26th, 2021, a threat actor known as ShinyHunters shared the database for Learnable.com for free on a hacker forum. The learnable.com redirects to the Sitepoint.com domain.
This database contains 1,020,959 people, including members’ names, email addresses, bcrypt hashed passwords, date of birth, country, IP address used during registration, and other information.
SitePoint discloses the data breach
This week SitePoint users told BleepingComputer that they received extortion and fake cryptocurrency giveaway emails to addresses that they state were specifically created for and only used at SitePoint.
After these users complained to SitePoint, the company disclosed a data breach where they confirm that threat actors hacked their systems and stole member data.
“We have recently confirmed that SitePoint’s infrastructure was breached by a third party and some non-sensitive customer data was accessed as part of this attack.”
“As a precautionary measure, while we continue to investigate, we have reset passwords on all accounts and increased our required length to 10 characters. Next time you login to SitePoint you will need to create a new password,” SitePoint states in a data breach notification shared with BleepingComputer.
SitePoint says the hackers gained access to through a compromised third-party tool used to monitor their GitHub account. Using this tool and stolen API keys, SitePoint believes that the attackers could gain access to their codebase and system.
SitePoint states that they have reset the passwords for all accounts, but those accounts configured to log in automatically, will still do so. For these users, SitePoint advises users to manually change their password via ‘Account > Profile & Settings.’
No financial information, such as credit cards, is stored on their system and was not accessed by the threat actor.
What should SitePoint users do?
If you a member of SitePoint.com, you should immediately login to the system and perform a password reset.
If your SitePoint password is used at other sites, you should also change your password to a unique and strong one used only at that site.
As we know that threat actors are actively using the stolen data to conduct phishing and scam attacks, it is important to be on the lookout for further malicious emails.
These emails will attempt to steal sensitive information or trick recipients into installing malware.