I think my site just got breached, again. Now if someone have the database they could login to any account with the loginkey?
How do I reset or change every loginkey to prevent this?
Also how do I force a password reset?
I guess the quickest and dirtiest way would be to just empty out the loginkey, salt and password columns, and send out a mass mail to all members about why they won't be able to login.
Note that this will remove
all passwords.
UPDATE mybb_users SET loginkey = '', salt = '', password = ''
When you say you
think you were breached though, what makes you think that, and what makes you unsure?
(2016-12-15, 04:11 PM)Matt Wrote: [ -> ]I guess the quickest and dirtiest way would be to just empty out the loginkey, salt and password columns, and send out a mass mail to all members about why they won't be able to login.
Note that this will remove all passwords.
UPDATE mybb_users SET loginkey = '', salt = '', password = ''
When you say you think you were breached though, what makes you think that, and what makes you unsure?
But. I need them to login as usual then change password the first thing they do after login. How?
Thank you.