Gravatar / WordPress password reset
Posted: Tue Feb 09, 2021 10:58 pm
I got an email today from a server at WordPress.com, saying that someone had initiated a password reset on my account there. The headers and link appear to be genuine, and there was a header which indicated that it's part of a specific campaign.
I had never (consciously) signed up with WordPress specifically, but apparently Gravatar is part of WordPress, and I'd set up a Gravatar account to provide icons for postings on the main Wapsi Square page.
I didn't click on the link (being moderately paranoid about such), but instead logged directly into WordPress.com using my Gravatar username and password. Sure enough, it worked. I went to my profile and gave a new randomly-generated password and saved it, and all seems to be well. Whether the password-reset was generated internally by WordPress/Gravatar, or whether somebody tried to DOS my account, I don't know... I haven't found any information on the Web suggesting that WordPress has had a security breach recently but I suppose it's possible.
Anybody else get such an emailing recently?
Just to be safe, if you do use Gravatar (or WordPress.com) you might want to log into your account there, and change your password (especially if it's one you ever used anywhere else!).
I had never (consciously) signed up with WordPress specifically, but apparently Gravatar is part of WordPress, and I'd set up a Gravatar account to provide icons for postings on the main Wapsi Square page.
I didn't click on the link (being moderately paranoid about such), but instead logged directly into WordPress.com using my Gravatar username and password. Sure enough, it worked. I went to my profile and gave a new randomly-generated password and saved it, and all seems to be well. Whether the password-reset was generated internally by WordPress/Gravatar, or whether somebody tried to DOS my account, I don't know... I haven't found any information on the Web suggesting that WordPress has had a security breach recently but I suppose it's possible.
Anybody else get such an emailing recently?
Just to be safe, if you do use Gravatar (or WordPress.com) you might want to log into your account there, and change your password (especially if it's one you ever used anywhere else!).