GWJ bugs, feature requests, and updates

master0 wrote:

Weird bug where I was logged into another users account. It fixed itself fairly quickly. Was able to see their recent discussions and name. Once I clicked away it was fixed.

Uh, that sounds like a bad one.

Hey this seems like it might be urgent but i don't know where to post it.

I got alerted by chrome that my password for GWJ appeared in a data breach.... I don't think i use this password for anything but GWJ. any chance we need to make everyone change their PW and investigate if there was a breach in security?

I just checked my GWJ password against the Have I Been Pwned system, and it's coming back as being unhacked. However, my password here is strong-ish (not as strong as newer passwords, I should change it), so it might take a good long while for someone to crack it. If yours was weakish (8 characters or less, no special characters), then it would pop up in cracked lists much sooner if the encrypted GWJ password database had escaped.

We'd probably want some more people to check theirs. If we don't really see any sign of mass compromise, the problem might be a local hack on your machine. But if we get a few people saying, 'hey, wait a minute, this GWJ-unique password is cracked', then it could be a site problem.

weird, i just checked the "have i been pwnd" system as well and it says my PW is fine.... very strange. does chrome have different access to data breaches? What evidence should i check for on my local machine?

It might not be on Pwned yet, Google could be further ahead than them. I'd suggest changing it immediately, and then we'll have to wait for more feedback from other people. I changed mine already, and will probably have to change it again if it turns out that GWJ is indeed hacked in some way.

Malwarebytes is probably a good first scanner to check for obvious problems.

Is windows defender decent at this kind of thing or actually a joke? i see Malwarebytes costs about 50 a year.

Oh did they shift to paid? Crap, they used to be free.

Windows Defender isn't terrible, and running a full scan won't hurt a thing, but a negative result won't tell you anything, since pretty much any malware has to get past Defender in the first place. If, however, you get a positive result, you can trust that.

Beyond that, we should probably take this part of the discussion to another thread, but I don't see anything that's quite right.

edit: Malwarebytes looks like they still have a free version that will work for 14 days. That will at least give you a stronger idea of whether you're compromised.

FiveIron wrote:

Hey this seems like it might be urgent but i don't know where to post it.

I got alerted by chrome that my password for GWJ appeared in a data breach.... I don't think i use this password for anything but GWJ. any chance we need to make everyone change their PW and investigate if there was a breach in security?

Hey, thanks! I'll Check with Doogiemac to see if he has any more information. In the meantime, it can't hurt to update passwords.

We're not seeing any reports of breaches for gamerswithjobs.com in a few different sources (google, 1password's watchtower, and another identity monitoring tool Doogiemac uses). Unless we hear more reports, we're not going to be forcing a password change for everyone for now.

The best test would be people who used a unique, but weakish password on GWJ, which is probably a pretty small subset.

My old one hasn't showed up, but it was pretty strong, so it might take a good long while to crack.

fair enough, maybe it was just a glitch with google. i just checked pwnd again and my pw still hasn't shown up there.

thanks for checking!