Ask HN: Bugcrowd Forcing Password Reset
Anybody else getting a suspicious e-mail from Bugcrowd to reset your password? Seems their user data has been leaked or infiltrated?
No news reports. No official reports from bugcrowd.com.
(( hope it's not just _poor_ data secops ))
Update: Message itself _seems_ legit. DKIM signed. Originates from AmazonSES. SPF checks out. Link to reset points to bugcrowd.com
Bad engagement from them, had to find their blog that explains its because they are trying to speed up their MFA rollout and forcing users to enroll MFA. https://www.bugcrowd.com/blog/bugcrowd-security-update-passw...
Gotta love a security company using the phrase "for security reasons."
Yes, I got a "Reset password instructions" email from support@bugcrowd.com at roughly 11:13 PM UTC. There is no information in the email nor the linked page about why it is necessary.
How am I supposed to trust this...
Yeah. Really weird e-mail. "Security reasons" immediately made me assume they were compromised.
unironically: https://www.bugcrowd.com/blog/breaking-the-chain-exploiting-...