Hundreds of millions of email addresses have recently been compromised in security breaches relating to Gmail, MySpace, and a variety of other sources. Many users reuse their passwords on multiple websites, and we believe your password was exposed from a different website’s security breach. As identified by the TurboSquid Security Team, a handful of accounts have been compromised.
We have forced a reset password on those accounts that were included on the compromised list. Those impacted by the must create a unique password to regain access. It is also recommended that a new password, one that is unique to TurboSquid, as an increased security measure.
TurboSquid also offers multi-factor authentication (MFA) for all accounts, as an increased security measure. This optional member setting, when enabled, ensures that any new device attempting to access TurboSquid with your credentials, is approved by you. Changes to your MFA settings can be made on your My Account page.
Recently, there has been a global attempt by hackers to use these publicly available password lists to access accounts anywhere that is vulnerable. TurboSquid is seeing a vast number of login attempts from these lists, and although TurboSquid has special security systems in place, that may not be true of other websites that you have accessed in the past. Stay safe!
Update, 9/9/2016: We have also sent an email to users affected by a LinkedIn breach. If you have received this email, please be sure to update your passwords.