From Staff:

We are currently experiencing a credential stuffing attack. This means someone is attempting to log into accounts en masse based on leaked credentials from other sites, or simply taking large amounts of guesses. The attackers are using a large number of open proxies to avoid IP bans, hence the alerts are coming from a large variety of countries.

We are monitoring the situation and taking steps to mitigate it. There is no particular reason to be alarmed at this time unless you have reason to believe someone has successfully logged into your account.

There is no need to “me too” or +1 these threads. Staff gets the same alerts you do. All I can recommend at this time is to make sure your password is unique to RED, and I highly recommend enabling 2FA

Credential Stuffing Attack

Many of you may be aware of an ongoing credential stuffing attack. This is a kind of attack where stolen account credentials containing lists of usernames and passwords are used to gain access to user accounts. You may have seen messages in your inbox indicating login failures.

The key to thwarting these types of attacks are to use a unique and strong passwords to secure your RED account. Two factor authentication is an extra step that is strongly recommended. Instructions on how to enable 2FA on your RED account is available at Two-Factor Authentication.

You are responsible for your account, even if it is compromised. Make sure you keep your account safe. If your RED password is a password you use on other sites, please change your password now.