Hello everybody, I’m fairly new on this website and this is the first post I’ve ever made.

I got a message on my phone saying that my account to this site has been hacked!😱😰

Not wanting to panic I needed to try and contact you guys I tried emailing One of the Admins but it didn’t seem to work for some reason, should I just change both my username and my password? If somebody could respond ASAP that would be greatly appreciated thanks!

Change your password just to be safe. Also change it through here the website and don't click in anything on the email.

Considering you were able to log onto your account / stay on your account and post a message, either you have the most inept hackers in the world or you haven't been hacked. In any way, you should still change your password at minimum; it won't hurt to do so and it helps build a good (but possibly paranoid) habit.

Thanks for the advice guys and the speed of it, really appreciate it😮‍💨🙂

I agree to the others. And give the admins some time (2-3 days). They have a lot to do.

While we are at it, do e621 really sends emails saying we got hacked? I never seen this before, a site telling that you got specifically hacked. I've seen sites warning about your account being logged in from a new device or location, but I don't think e621 does that? 🤔

Yeah, it sounds like somebody was trying to get you to change your password through a fake site in the email so that they'd get your current password and hack it that way. However, it could be some individual that, themselves was able to hack your account and warned you that your password wasn't well protected. Some hackers do so to help people strengthen their security, not to take things from them.

You should absolutely change your password. It definitely wouldn't hurt.
E621 does not really send emails (besides confirmations during registration and password reset), and it definitely does not send text messages.

Scammers are really trying to phish using e6 of all sites?

strikerman said:
Scammers are really trying to phish using e6 of all sites?

For what? Free account with nothing on it?

aobird said:
For what? Free account with nothing on it?

There are quite a ton of implications for valid accounts, empty or not.

bitwolfy said:
You should absolutely change your password. It definitely wouldn't hurt.
E621 does not really send emails (besides confirmations during registration and password reset), and it definitely does not send text messages.

While we're on the subject, has e6 considered adding 2 factor authentication? Nowadays with hackers getting better and better at cracking passwords I feel like that could be a good move.

furrin_gok said:
Yeah, it sounds like somebody was trying to get you to change your password through a fake site in the email so that they'd get your current password and hack it that way. However, it could be some individual that, themselves was able to hack your account and warned you that your password wasn't well protected. Some hackers do so to help people strengthen their security, not to take things from them.

While it's a nice thing to do, it would almost certainly be illegal. Even when the intentions are good and the penetration testing was done right, permission is needed before doing something like that.