Has anyone else received this email about your password being changed because it was found vulnerable?
The message is not at all specific about the exact issue, and it is a no reply email address. I wonder if this is an issue of passwords being revealed. To me it sounds as though a system tool (bot) has been going through lists of passwords and determining the strength or weakness of the password. I personally find the issue of passwords a pain. People can have very complicated passwords and still have them stolen. While others can use simple passwords without them ever being revealed.A vulnerability has been found with your password at UsingEnglish.com ESL Forum. Some passwords are vulnerable to exploitation which may allow a third party to hijack your account.
This may lead to your account being used without your knowledge or permission, and actions being performed under your name.
Vulnerable accounts can also be bad for the board as a whole as they may enable access for automated tools to spam both the forums and other user accounts,
using your username.
As such we have had to reset your password.
You can find your new login details below.
In my opinion, passwords are stolen in three ways: People share them intentionally or unintentially, people install software or code that steals passwords, and people have security vulnerabilities in operating systems. The idea that people sit at computers and guess passwords is a great tool in stories but is not the reality. There are programs that do that, but the chance that someone might log into my account because the password doesn't look complicated is slim. Additionally, any server that does not block programs that try to guess passwords is the problem.
The email was sent to everyone- nothing has been assessing the quality of passwords. Also, we cannot see anyone's passwords. There was a potential vulnerability in the forum software, now closed, which could have allowed someone to get into accounts. Password guessing wouldn't work, because there are limits imposed. However, as there was a vulnerability, it's better to make sure by changing all passwords. Sorry for the inconvenience.