wakest ⁂This spam account on mastodon.social has made 135 posts and was created in 2023! Yo @staff@mastodon.social come on!?
https://mastodon.social/@Worldbreaker/115123087418075291
wakest ⁂If anyone is tracking the signup date of the spam accounts that might be interesting to look at. Are they mostly new accounts or are many of them old ones that have recently been activated
cc @jerry@infosec.exchange @stux@mstdn.social
wakest ⁂@jerry@infosec.exchange @stux@mstdn.social ah yes I just found another one https://mastodon.social/@imPooYa was registered in 2018! So they are taking over old accounts!
wakest ⁂So I guess the question now is HOW they are taking over old accounts. Are these accounts that all had weak passwords? But I thought old accounts on m.s ask you to verify a email code if they haven't been logged into in a long time
Eugen Rochko@liaizon@social.wake.st I think we’ve had to undo that feature because of how many people were getting locked out and complaining. Now it just sends an email notifying about a new login to the account owner.