Webdev Tutorials Site ‘SitePoint’ has Disclosed a Data Breach

The organization formally admitted a data breach after threat actors have successfully put up a collection of one million SitePoint user’s credentials on a cybercrime forum in December 2020 for sale.  

This week, SitePoint, while confirming the cyber attack on its systems, said in a report, “At this point, we believe the accessed information mainly relates to your name, email address, hashed password, username, and IP address,” the company said. 

On the prevention front, SitePoint is instigating a password reset on all its users’ accounts while giving its users an option for new ones that must be at least ten characters long. 

Also, publishers of web development tutorials and books believe that the stolen credentials are currently in a secure space as they have been hashed with salted and bcrypt algorithms – which makes cracking the password strings to its plaintext version a very long process, which is a complex task. 

“We recommend that you change passwords from any other websites that may be a duplicate of your SitePoint password, just as a precaution,” the company added. 

Besides, the company stated that based on current information, the data breach has taken place after threat actors acquired control of the system of the third-party which they used to monitor their GitHub account. 

“This allowed access through our codebase into our systems. This tool has since been removed, all of our API keys rotated and passwords changed,” the company said. 

“This same tool was also used to breach custom apparel vendor Teespring, whose data was also sold by the same hacker, in the same package, at the same time”, the SitePoint data reads.