Issue: Password expired?

Whenever I try to log into my normal account I get an error message saying that "Your password is 678 days old, and therefore has expired" and won't let me do anything else besides go to the change your password page.

I didn't even think that password expiration was a thing? Is this part of the "yo shit's broken and we're fixing it" thing or is this a separate problem?

forgive me if this is wrong, but to my understanding we're making everyone change their passwords because of the Site Breaking.

It is part of the we're fixing it and you should be overly cautious thing.. Go ahead and change your password.. we all will be doing it - ya know.. just to be sure.

Better play safe and change your password but I think that the user data weren't in danger because AnonCoders' motive was obviously just spreading message, they had replaced the front page with pro-muslim propaganda. The nature of that message makes it hard to believe that they're interested about the user data because they wouldn't benefit anything from it. You need to know that AnonCoders is an anti-Israeli hacker group who has done this kind of attacks before: https://www.itproportal.com/2015/04/08/exclusive-anoncoders-hits-100-sites-opisrael-campaign/

Only thing I wonder in this attack is why they destroyed almost the entire forum when they would've got same result by just replacing the index.php file, maybe they wanted to make removing their message as hard as possible.

Alright then, I'll go change my password and stuff

mmmm there we go

I'm wary of touching anything until we can confirm how they got in and that the site is no longer compromised. :/

Achromatic and I both had an issue where it made us change the password again, saying the password was a day old and already expired. Just a head's up.

Team Fail said:

I didn't even get a thing stating that my password had expired when I logged in today. I manually went and changed it though to be safe.

Click to expand...

Same here, and I hesitated on changing my password until I read this thread. Now I changed it to prevent that pop-up from happening in the near future.

Ludger said:

Achromatic and I both had an issue where it made us change the password again, saying the password was a day old and already expired. Just a head's up.

Click to expand...

I also had this issue.

I'm surprised how I am not having any issues at all it seems... O.o

Fixed on my end, it seems. Thanks, guys! Unless it's a fluke...then I'll cry.

Kip said:

I'm wary of touching anything until we can confirm how they got in and that the site is no longer compromised. :/

Click to expand...

I kinda get what you're saying but I don't understand why your wariness would stop you changing your password to something else. Strictly speaking, your password should be different for every website anyway. If worst comes to worst and the site is still compromised, then... what use is a unique password to anyone anyway?

I changed my password last night and I haven't got the expired notification. Hopefully everything sorts itself out.

shenanigans said:

I kinda get what you're saying but I don't understand why your wariness would stop you changing your password to something else. Strictly speaking, your password should be different for every website anyway. If worst comes to worst and the site is still compromised, then... what use is a unique password to anyone anyway?

Click to expand...

Strictly speaking, yes it should. I'd be willing to bet a lot of people's aren't though. ;) I find it best practice to find out more about the breach and if the site is no longer compromised before changing to a more-secure password, since if the site is still compromised the new password would simply be passed on along with any other changes we make. That said, I could change to a temporary password for the time being until we know more.