Hey pervs, once again we experience an ongoing credential stuffing attack. The attackers are using a recently leaked dataset of breached records.We would like to emphasize the fact that although those leaks do not come from our own database they affect those users that re-use their credentials on multiple sites, when one of said sites experience a breach. This is the reason why some of you might have been requested to update your password here.

We've had quite a few cases where the attackers entered valid credentials. Not all of these correct "guesses" were actually successful, as a pleasing number of users protected their accounts with 2FA. The attackers were not able to breach them and the users were able to seamlessly continue using their accounts. However, if an account is not protected by 2FA, we have to lock it and verify the user. This means quite a bit of work for us and it takes time, during which, the user will not be able to access the site.
Now is a good time to complete an account health checkup across your trackers:

Rotate passwords
Enable MFA
Backup MFA recovery codes
Confirm you can still access the email associated with the account
Remove unused whitelisted seedbox IPs
Remove unused whitelisted VPN IPs
Remove unused API keys
Take a screenshot of your profile page including stats