Back to Home

Forced change of passwords on the site, or concern for my safety. Or free-lance.ru broke?

passwords · hacking · free-lance.ru · phishing · speculation and doubt · low salary

Forced change of passwords on the site, or concern for my safety. Or free-lance.ru broke?

    Just a few minutes ago I received a letter from a site about free-lance.ru, popular in its field, about the following content:

    “Dear XXX!
    The administration of Free-lance.ru conducts an annual change of user passwords, this preventive measure will protect your account from unauthorized access by third parties. Your old password, in the best of your security, has been changed automatically. To change the password to a new one, follow the LINK link. ”


    The first thought: “where is the button to tell Google about phishing?”, But something stops. I look through the headers, links. Everything seems to be honest, it leads where it should be. Or they’ve taken away their base, and they quietly, without planning as they should, launched the newsletter ...

    So tell me, about the site usability guru, did you decide to follow in the footsteps of webmoney and make paranoid decisions for pseudo security in a panic? Or maybe the resource is broken?

    Inside - a couple of speculation and a rhetorical question.
    UPD: there was an intrigue
    Why will I change the password, which I have been using successfully for several years on several similar sites?

    Question of the hour:


    What are you ready to do for the sake of user safety?

    - sacrifice hundreds of accounts of negligent users, and block them, analyzing each situation individually and restoring access to written complaints,
    or
    - once in N time to force people to change their password and conduct acts of caring for users?

    Maybe someone you stole the base?


    A few points that in this situation make you think.
    • the letter of happiness is made up plainly. Thoughts are confused in the testimony: why send me to change the password, if in the previous replica you inform me that everyone has already successfully completed it themselves?
    • I was able to successfully change my old password to my old password. If you say that passwords need to be changed at all costs, then why did you leave such a loophole? Think about the fact that it needs to be changed in principle, and not re-entered
    • Before changing the password, I try to log in with my old data. I see a message “would you not go to the forest, your password is incorrect. Let's restore it. ” Not a word about the planned replacement. For example, I do not look at mail. And only then, in a week, I will find a message in spam, supposedly, we had such a thing
    Why, before such a serious, seemingly, step, they have not thought out anything.
    Okay, there are going to people who understand a little about web technologies. And if it was a needlework site, for example? Everyone would be terrified of Google spam phishing messages. And we would get a safe, like, service, but we lost people who thought that their accounts were taken away.

    If (suddenly?) You have taken away the base, have the courage to admit it, users will understand you. And if you are silent in a rag, it will only be worse for everyone.


    UPD1: Readers report that now an email with a password arrives immediately after trying to login to the site (successful). The difference between authorization and writing is less than a minute. The “Panic” mode was replaced by the “caution” mode. Reader's opinion: this is not an attempt to hack, but simply ill-conceived actions of the administration.

    UPD2: It was recalled that last year there was already a general change of passwords in connection with the DDoS attack. Now it is a true tradition.

    Where is the popcorn?


    UPD3: Unknown people have denied rumors that they were hacked.

    UPD4: On Twitter, they commented that the brains of the base, nevertheless, have leaked, and in the evening they will post on a given topic. “Their bases have leaked. In the evening I’ll add an article about this to the sandbox. ”
    Look forward to!

    UPD5: Developers and information security experts received cooperation proposals on this day:
    “Good afternoon! We are writing to you from your profile on the site Free-lance.ru. Our company requires constant cooperation with a web programmer to write scripts that optimize the work of the enterprise ... ”
    For a laugh: they offer as much as 20 thousand a month.

    UPD6: Here it is, the reason for the annual concern for us and you!


    Meet the article from WildZero : Hole on free-lance.ru . They caught them, caring!


    Remark: initially the article did not contain references to the hero of the occasion, but since such a thing went, here you have all the direct coordinates, inserted it into the content.

    Read Next