Hi folks, I’m an admin on another Discourse system, and this morning I awoke to four email messages, which indicated an unauthorized login (see sample below).
I live in NH, US, so it is correct for Discourse to have flagged this log-in from Germany. I have always used a good password (15 letter, random, which I have now changed). I am in possession of the two computers which I ever used to log in.
A few questions:
- Any idea how this might have happened?
- My profile page showed another login (also “from Germany…”) in the 24 hours prior to the message below. But I did not receive a notification for that login - either in my inbox or my spam folder. How might that have happened?
- It appears that the attacker may have exported the user list. Is it possible to tell if it was ever downloaded?
- Do you have a standard playbook/procedure for notifying users?
- What other information could I provide to diagnose or investigate this?
[Sorry if this isn’t the right category. @moderators - please move to the right place. Thanks.]