Security Update

Justis

Community Member
Administrator
Feedback score
61
Posts
2,120
Reactions
2,409
Resources
1

832245_1569f8977f4c6f28f9086094c4704913.png

Hey everyone!

Many of you are probably pretty annoyed right now at having to update your account credentials and enable 2FA. That’s completely understandable. So we wanted to take a minute to explain what’s going on and why it needed to happen.

Up until now, 2FA has been optional. Nobody likes having to navigate to their emails or find their phone in order to log into a website they frequently access, and we’ve always wanted to make using MCM a painless process.

However, unfortunately, not everyone can be trusted to use a strong and unique password for their MC-Market account, and in a marketplace like ours, trust is everything. If a resource buyer uses the same password for their MC-Market account as they use on another platform and that platform’s database is compromised, the resource authors that user purchased from are instantly at risk of having their products leaked.

Leak sites know this, and they’ve recently increased their efforts to get into the accounts of users of MC-Market as well as other resource oriented platforms, and download both the products the user has purchased as well as the products the user has authored themselves. We’ve even traced back the source of the credentials they’re using to be their own leaked database.

If you have an account on a leak site, you should assume that they’re going to use that account’s password to try logging into your accounts on other websites.

In a marketplace like ours, your account security doesn’t just impact you. It impacts everyone who relies on you to keep your account secured.

That’s why, starting today and for the foreseeable future, everyone will be required to set up 2FA. This way, we can trust and everyone can trust, that the only person who will ever be accessing your account is you. We may replace the 2FA requirement with other security features as we look for other options, but for now, this is how it must be.

If you have not already set up 2FA and you haven’t changed your password within the last week, you should have received an email prompting you to change your password as well.

We’d like to clarify for those who aren’t familiar with the terminology, that MC-Market’s database has not been leaked or compromised. It is merely 3rd party databases that are being used to test credentials against our platform. Nonetheless, this poses a threat to our users and we intend to protect against it.

A reminder to everyone, never under any circumstances use a password on more than one website. Also, please secure your emails. Your email is your last line of defense. If someone compromises your email, they have effectively compromised every account linked to that email. If you are at all unsure in your email’s security, go secure it now.

Thank you everyone for your patience and understanding.
 

xism4

Premium
Feedback score
1
Posts
9
Reactions
26
Resources
5

Hey everyone!

Many of you are probably pretty annoyed right now at having to update your account credentials and enable 2FA. That’s completely understandable. So we wanted to take a minute to explain what’s going on and why it needed to happen.

Up until now, 2FA has been optional. Nobody likes having to navigate to their emails or find their phone in order to log into a website they frequently access, and we’ve always wanted to make using MCM a painless process.

However, unfortunately, not everyone can be trusted to use a strong and unique password for their MC-Market account, and in a marketplace like ours, trust is everything. If a resource buyer uses the same password for their MC-Market account as they use on another platform and that platform’s database is compromised, the resource authors that user purchased from are instantly at risk of having their products leaked.

Leak sites know this, and they’ve recently increased their efforts to get into the accounts of users of MC-Market as well as other resource oriented platforms, and download both the products the user has purchased as well as the products the user has authored themselves. We’ve even traced back the source of the credentials they’re using to be their own leaked database.

If you have an account on a leak site, you should assume that they’re going to use that account’s password to try logging into your accounts on other websites.

In a marketplace like ours, your account security doesn’t just impact you. It impacts everyone who relies on you to keep your account secured.

That’s why, starting today and for the foreseeable future, everyone will be required to set up 2FA. This way, we can trust and everyone can trust, that the only person who will ever be accessing your account is you. We may replace the 2FA requirement with other security features as we look for other options, but for now, this is how it must be.

If you have not already set up 2FA and you haven’t changed your password within the last week, you should have received an email prompting you to change your password as well.

We’d like to clarify for those who aren’t familiar with the terminology, that MC-Market’s database has not been leaked or compromised. It is merely 3rd party databases that are being used to test credentials against our platform. Nonetheless, this poses a threat to our users and we intend to protect against it.

A reminder to everyone, never under any circumstances use a password on more than one website. Also, please secure your emails. Your email is your last line of defense. If someone compromises your email, they have effectively compromised every account linked to that email. If you are at all unsure in your email’s security, go secure it now.

Thank you everyone for your patience and understanding.
Quite understandable, many security problems, in my opinion it is even better
 

Ally

gσ∂∂єѕѕ σƒ мαтнѕ αη∂ мєℓσηѕ χσ
Supreme
Feedback score
37
Posts
2,053
Reactions
2,193
Resources
1
I wish we would of settled for a tri monthly password reset? Not as safe, but also significantly less annoying IMO.
Mandated password resets come with their own issues. Firstly, they're still only a first line of defence. Secondly, people are lazy. Lastly, spamming out 3 emails per month per user with almost guarantee that MCM's noreply address will be put on a spamlist. Don't know if you've ever seen one, but they're notoriously difficult to get off of.
 

BOOP

Ops Director, Blinkoh
Supreme
Feedback score
23
Posts
2,393
Reactions
1,092
Resources
0

Gunny

キング
Supreme
Feedback score
13
Posts
2,714
Reactions
1,404
Resources
3
I use 2fa for literally everything anyways. It just makes sense nowadays.
 

XER0GRAVITY

Editor
Supreme
Feedback score
13
Posts
359
Reactions
112
Resources
0
I have 2FA on all my critical accounts, It's your last line of defense against hackers.
 

Yakuzaan

Feedback score
0
Posts
4
Reactions
0
Resources
0

Hey everyone!

Many of you are probably pretty annoyed right now at having to update your account credentials and enable 2FA. That’s completely understandable. So we wanted to take a minute to explain what’s going on and why it needed to happen.

Up until now, 2FA has been optional. Nobody likes having to navigate to their emails or find their phone in order to log into a website they frequently access, and we’ve always wanted to make using MCM a painless process.

However, unfortunately, not everyone can be trusted to use a strong and unique password for their MC-Market account, and in a marketplace like ours, trust is everything. If a resource buyer uses the same password for their MC-Market account as they use on another platform and that platform’s database is compromised, the resource authors that user purchased from are instantly at risk of having their products leaked.

Leak sites know this, and they’ve recently increased their efforts to get into the accounts of users of MC-Market as well as other resource oriented platforms, and download both the products the user has purchased as well as the products the user has authored themselves. We’ve even traced back the source of the credentials they’re using to be their own leaked database.

If you have an account on a leak site, you should assume that they’re going to use that account’s password to try logging into your accounts on other websites.

In a marketplace like ours, your account security doesn’t just impact you. It impacts everyone who relies on you to keep your account secured.

That’s why, starting today and for the foreseeable future, everyone will be required to set up 2FA. This way, we can trust and everyone can trust, that the only person who will ever be accessing your account is you. We may replace the 2FA requirement with other security features as we look for other options, but for now, this is how it must be.

If you have not already set up 2FA and you haven’t changed your password within the last week, you should have received an email prompting you to change your password as well.

We’d like to clarify for those who aren’t familiar with the terminology, that MC-Market’s database has not been leaked or compromised. It is merely 3rd party databases that are being used to test credentials against our platform. Nonetheless, this poses a threat to our users and we intend to protect against it.

A reminder to everyone, never under any circumstances use a password on more than one website. Also, please secure your emails. Your email is your last line of defense. If someone compromises your email, they have effectively compromised every account linked to that email. If you are at all unsure in your email’s security, go secure it now.

Thank you everyone for your patience and understanding.
Very good!! Let's stay safe
 

CodesterDubs

I operate some big block game servers..
Supreme
Feedback score
1
Posts
66
Reactions
13
Resources
0
this 2fa enforce system changed the activity of mc market a lot lesser than earlier

in previous day before implementing the 2fa , i get daily 5-6 customers but now i got nothing after this implemented so i guess its mc market loss in this
same with me, havent gotten a single customer in the last 2 days
 

BeepSterr

Feedback score
0
Posts
1
Reactions
0
Resources
0
good shit, entering a code isn't even hard if you use a password manager or a decent 2fa app. (would be nice to be able to read this posting before setting it up though :p)
 

KFC

Supreme
Feedback score
0
Posts
9
Reactions
5
Resources
3

Hey everyone!

Many of you are probably pretty annoyed right now at having to update your account credentials and enable 2FA. That’s completely understandable. So we wanted to take a minute to explain what’s going on and why it needed to happen.

Up until now, 2FA has been optional. Nobody likes having to navigate to their emails or find their phone in order to log into a website they frequently access, and we’ve always wanted to make using MCM a painless process.

However, unfortunately, not everyone can be trusted to use a strong and unique password for their MC-Market account, and in a marketplace like ours, trust is everything. If a resource buyer uses the same password for their MC-Market account as they use on another platform and that platform’s database is compromised, the resource authors that user purchased from are instantly at risk of having their products leaked.

Leak sites know this, and they’ve recently increased their efforts to get into the accounts of users of MC-Market as well as other resource oriented platforms, and download both the products the user has purchased as well as the products the user has authored themselves. We’ve even traced back the source of the credentials they’re using to be their own leaked database.

If you have an account on a leak site, you should assume that they’re going to use that account’s password to try logging into your accounts on other websites.

In a marketplace like ours, your account security doesn’t just impact you. It impacts everyone who relies on you to keep your account secured.

That’s why, starting today and for the foreseeable future, everyone will be required to set up 2FA. This way, we can trust and everyone can trust, that the only person who will ever be accessing your account is you. We may replace the 2FA requirement with other security features as we look for other options, but for now, this is how it must be.

If you have not already set up 2FA and you haven’t changed your password within the last week, you should have received an email prompting you to change your password as well.

We’d like to clarify for those who aren’t familiar with the terminology, that MC-Market’s database has not been leaked or compromised. It is merely 3rd party databases that are being used to test credentials against our platform. Nonetheless, this poses a threat to our users and we intend to protect against it.

A reminder to everyone, never under any circumstances use a password on more than one website. Also, please secure your emails. Your email is your last line of defense. If someone compromises your email, they have effectively compromised every account linked to that email. If you are at all unsure in your email’s security, go secure it now.

Thank you everyone for your patience and understanding.
cool but people can't even view this page without enabling 2FA first haha
 

inferno

Supreme
Feedback score
15
Posts
843
Reactions
310
Resources
2
if you can't be bothered to enable 2fa you're just not an HQ user or don't use the site seriously. Simple.
 

Ted

B.Sc in Information Technology
Supreme
Feedback score
56
Posts
1,410
Reactions
803
Resources
2
If people haven't started using 2FA yet in 2022, they are dumb. Easy peasy, thank you for adding this to MCM.
 

Belmont

👾
Supreme
Feedback score
0
Posts
14
Reactions
8
Resources
1
2FA should be optional like any other sites in my opinion (just look at google, amazon, etc..) they aren't forcing to their users to enable 2FA
 

Optage

Feedback score
0
Posts
3
Reactions
0
Resources
0
2FA should be optional like any other sites in my opinion (just look at google, amazon, etc..) they aren't forcing to their users to enable 2FA
The issue is that if someone gets their account details leaked it not only affects them, but also anyone that they purchased resources from (as the person who accessed their account can download anything that they own.
 

Basper

Supreme
Feedback score
0
Posts
8
Reactions
2
Resources
0
It's honestly heart warming and nice to know this feature exists
 
Top