So I've seen people talk about a “hacker” changing people's accounts. While, they are cracking low security passwords, this is another thing. The ST is changing passwords and emails that they feel are in danger, due to recent data breaches. I have “connections” with Griffpatch, and he said this:

Griffpatch wrote:

Loss of Access to Scratch Accounts
Hey everyone, I just wanted to alert you to something that has affected a number of Scratchers, myself included. As of yesterday, I lost access to my main Griffpatch account, my password wouldn't work, and the password reset didn't go to my main email address any longer! - Disaster!!!! I assumed I'd finally been hacked.

Turns out, the Scratch team had proactively removed passwords / emails from certain accounts due to large scale attacks over the last few weeks. This should only have been done to accounts that they felt were under threat (listed in breached usernames / passwords from other sites, not Scratch itself) - So, if you find you've lost access to your account, fill out the Scratch Contact form: https://scratch.mit.edu/contact-us/ and hopefully they will get back to you soon!!!

I am now back up and running, it just took a little while and a lot of panicking ha! - Now is perhaps a good time to change your passwords if you ever use the same password on other sites!! - I actually don't do that, so not sure why my account was reset like that. Anyhow…

Don't panic! - This is the reason.

All the best Griffpatch

This is a reason.
Here's some more things: By the way, these aren't hacked accounts. They're CRACKED accounts. People are not hacking you. They're cracking your low security passwords. Here's what cheddargirl said:

FYI: it would be best to say “cracked accounts” here instead of “hacked accounts” because weak passwords (which are easy to crack) are exactly how the accounts got compromised, not hacking. So the routine advice of having a strong hard-to-guess passwords and changing the password regularly is sufficient enough to keep your account safe.

And here's a quote from Blue_Retro_Dragon:

Blue_Retro_Dragon wrote:

There are a number of accounts in the same situation, so it may take some time to get a direct response back from ST after you receive the automated response. Rest assured, The Scratch Team reviews every Contact Us message, so they will eventually get to yours.

In the meantime, if you receive any spam or hacking threats, silently report the comments without engaging with the user.

To protect your account, make sure you have a secure password that is hard to guess. Also, avoid reusing passwords across different sites, and make sure you're the only one who knows your password.

Here are some password tips by floofycat4436:

floofycat4436 wrote:

Use a password 8-12+ characters including at least 2-4 letters and numbers. Do not include any personal information, including your birthday, phone number, age, name, etc. An example of a good password would be something like this (but please don't use this one as a password): jk782h7du8l9. Make sure to write your password down on a piece of paper and keep the paper somewhere safe. Also try to change your password every week to a month if you can. This really ensures a secure account.

Also, a xkcd post on password safety, provided by jvvg. You can make a password like the one in the comic with correcthorsebatterystaple.net. first time using the img tag lol!

Reported to be stickied!

Reported for sticky

Maybe the title could be a little less agressive, would something like “LOST ACCESS TO YOUR ACCOUNT? READ HERE” be better?

Reported to be stickied as well!

I'd like to suggest that you maybe include some general password tips (just for ease of access) as well as the cheddargirl quote that explained about the “cracked” vs hacked accounts - sorry, can't find it for the life of me, but I'll attempt to - just to provide some more official information? These are just suggestions, of course.

I reported this to be stickied , thank you for letting the confused (and also probably worried,) Scratchers know, have a nice day/night!

Thank you so much for this great sticky!

Congrats on the sticky! It would be great if you could include this post below, ( or of course any variation of it ) - Including steps for users to follow on how they can regain access to their account, as well as tips on how to protect their account moving forward, would be really helpful as well.

Blue_Retro_Dragon wrote:

There are a number of accounts in the same situation, so it may take some time to get a direct response back from ST after you receive the automated response. Rest assured, The Scratch Team reviews every Contact Us message, so they will eventually get to yours.

In the meantime, if you receive any spam or hacking threats, silently report the comments without engaging with the user.

To protect your account, make sure you have a secure password that is hard to guess. Also, avoid reusing passwords across different sites, and make sure you're the only one who knows your password.

pasta_enjoyer7 wrote:

(#4)
cheddargirl quote that explained about the “cracked” vs hacked accounts - sorry, can't find it for the life of me,

Found it!

cheddargirl wrote:

(#6)
it would be best to say “cracked accounts” here instead of “hacked accounts” because weak passwords (which are easy to crack) are exactly how the accounts got compromised, not hacking. So the routine advice of having a strong hard-to-guess password and changing the password regularly is sufficient enough to keep your account safe.

MaxxUltimate wrote:

Good thing that nobody cares about my account so I'm not getting “hacked” by the ST.

nobody said they don't care about your account… Also the ST isn't hacking anyone, they're just locking people's accounts to protect them from hackers as it said in the post that you clearly didn't read thoroughly

8xa wrote:

Reported for sticky

Maybe the title could be a little less agressive, would something like “LOST ACCESS TO YOUR ACCOUNT? READ HERE” be better?

Changed!

pasta_enjoyer7 wrote:

Reported to be stickied as well!

I'd like to suggest that you maybe include some general password tips (just for ease of access) as well as the cheddargirl quote that explained about the “cracked” vs hacked accounts - sorry, can't find it for the life of me, but I'll attempt to - just to provide some more official information? These are just suggestions, of course.

I will add after posting this!

Thanks for the information!

Also everybody who sees this, make sure to have a strong and long password!

Great sticky! Like pasta_enjoyer7 and Blue_Retro_Dragon said, I'd recommend giving some tips on how to secure your account, like

Use a password 8-12+ characters including at least 2-4 letters and numbers. Do not include any personal information, including your birthday, phone number, age, name, etc. An example of a good password would be something like this (but please don't use this one as a password): jk782h7du8l9. Make sure to write your password down on a piece of paper and keep the paper somewhere safe. Also try to change your password every week to a month if you can. This really ensures a secure account.

floofycat4436 wrote:

Great sticky! Like pasta_enjoyer7 and Blue_Retro_Dragon said, I'd recommend giving some tips on how to secure your account, like

Use a password 8-12+ characters including at least 2-4 letters and numbers. Do not include any personal information, including your birthday, phone number, age, name, etc. An example of a good password would be something like this (but please don't use this one as a password): jk782h7du8l9. Make sure to write your password down on a piece of paper and keep the paper somewhere safe. Also try to change your password every week to a month if you can. This really ensures a secure account.

True, I think length and complexity are the main important things

SimonCheeseburger wrote:

floofycat4436 wrote:

snip

True, I think length and complexity are the main important things

Looking back on it, I actually think this post by jvvg may provide a better alternative. Here's the graphic for anyone who doesn't want to click on the post:


He also provided a link to a password checker, which may be helpful in really securing accounts (or, at least, for peace of mind)

I think you should mention that they still need to provide proof that their account is theirs.
Also mention that the proof can be birthdate and gender if they put it in, and unshared projects.

pasta_enjoyer7 wrote:

SimonCheeseburger wrote:

floofycat4436 wrote:

snip

True, I think length and complexity are the main important things

Looking back on it, I actually think this post by jvvg may provide a better alternative. Here's the graphic for anyone who doesn't want to click on the post:


He also provided a link to a password checker, which may be helpful in really securing accounts (or, at least, for peace of mind)

I always like to say you should do long passwords based off of words, because why not, but some people think spamming symbols is better (obviously not) so I never know if I should recommend it.

pasta_enjoyer7 wrote:

SimonCheeseburger wrote:

floofycat4436 wrote:

snip

True, I think length and complexity are the main important things

Looking back on it, I actually think this post by jvvg may provide a better alternative. Here's the graphic for anyone who doesn't want to click on the post:


He also provided a link to a password checker, which may be helpful in really securing accounts (or, at least, for peace of mind)

note that that originally comes from https://xkcd.com/936/

MonkeyBean2 wrote:

pasta_enjoyer7 wrote:

SimonCheeseburger wrote:

floofycat4436 wrote:

snip

True, I think length and complexity are the main important things

Looking back on it, I actually think this post by jvvg may provide a better alternative. Here's the graphic for anyone who doesn't want to click on the post:


He also provided a link to a password checker, which may be helpful in really securing accounts (or, at least, for peace of mind)

note that that originally comes from https://xkcd.com/936/

I KNEW it was an xkcd comic when I saw it XD

also I tried the password checker and it did seem pretty complicated and accurate

how did you get stickied and can i make a new version of this topic

acohen_bhusd wrote:

(#18)
how did you get stickied

You can get a sticky topic if you either a Scratch Team member, get permission from the Scratch Team or have the post ownership transferred to you. Since this topic is very relevant and helpful, the Scratch Team decided to sticky this topic. – That said, it's worth noting that, in general, forums aren't intended to be used for guides.

acohen_bhusd wrote:

can i make a new version of this topic

( I know I am not the OP ) but please don’t hassle others into transferring stickies. This topic already provides helpful information therefore creating a new version with the same content is just unnecessary. – Getting stickied isn't a status symbol, it's about sharing useful info with the community, not something to brag about.

Edit: I’m mentioning this because I’ve noticed you repeatedly asking how to get a sticky ,creating topics in BaG, telling others that “All topics about this issue will be marked as duplicate”, asking for your topic to be stickied ( even when several topics about the same issue where created before you. ) and pressuring others to transfer ownership

acohen_bhusd wrote:

how did you get stickied and can i make a new version of this topic

I got stickied by asking others to sticky to help the confused. And the whole point of me making this topic is that I know griffpatch, technically and he told me and others that he was locked out. Also as Blue_Retro_Dragon stated, you've been pressuring and begging for a sticky or ownership. Also, the way that I see it, I may be wrong, is that for a new version the owner needs to be inactive or the topic so big that it lags your computer. So, no, I don't give you permission to get ownership.