A few minutes ago two accounts on lemmy.ml started spamming pretty much every community on the instance with some crypto mining trash.

Moderators also noticed because all those posts are gone now, good job btw. Then I remembered, wait, doesn’t .ml have an application process to filter spam and bots? Out of curiosity, I went to have a look at the users profiles and both accounts were about two years old, with no activity.

Are these hacked accounts? Is that an easy thing to do? And how can one prevent it from happening?

  • cecilkorik@lemmy.caEnglish
    34·
    4 days ago

    Basic rules: Have a strong password. Don’t reuse that password on other sites because it’s more likely one of those sites will get hacked then all your accounts with the same password will get hacked. For sites that support it, enable 2FA/MFA codes or email verification. Keep your email accounts and cell phone number/identity locked down like Fort Knox, since email and phones can be used to password reset just about anything you have, usually with little difficulty.

    That said, if the accounts had no activity for 2 years, they were probably created intentionally for the purpose of spamming/selling. They may have been saving them to see if the value goes up. They might have just recently been sold to a spammer and activated in their spambots.

  • MemmingenFan923@feddit.org
    10·
    4 days ago

    Hacking is basically guessing the correct password.

    If you use 123 as a password it is fairly easy for the hacker. That’s why some gibberish like j72kp>70q72kw7ayn is considered a better password.

    Also look for a password manager since those strong passwords are hard to remember.