A few minutes ago two accounts on lemmy.ml started spamming pretty much every community on the instance with some crypto mining trash.
Moderators also noticed because all those posts are gone now, good job btw. Then I remembered, wait, doesn’t .ml have an application process to filter spam and bots? Out of curiosity, I went to have a look at the users profiles and both accounts were about two years old, with no activity.
Are these hacked accounts? Is that an easy thing to do? And how can one prevent it from happening?
cecilkorik@lemmy.ca 4 days ago
Basic rules: Have a strong password. Don’t reuse that password on other sites because it’s more likely one of those sites will get hacked than your account will get hacked. For sites that support it, enable 2FA/MFA codes or email verification. Keep your email accounts locked down like Fort Knox, since Email can be used to password reset just about anything you have, usually with little difficulty.
That said, if the accounts had no activity for 2 years, they were probably created intentionally for the purpose of spamming/selling. They may have been saving them to see if the value goes up. They might have just recently been sold to a spammer and activated in their spambots.