Bugcrowd Forcing Password Reset

Question

Anybody else getting a suspicious e-mail from Bugcrowd to reset your password? Seems their user data has been leaked or infiltrated?No news reports. No official reports from bugcrowd.com.(( hope it's not just _poor_ data secops ))Update: Message itself _seems_ legit. DKIM signed. Originates from AmazonSES. SPF checks out. Link to reset points to bugcrowd.com

portTCP · Accepted Answer

Bad engagement from them, had to find their blog that explains its because they are trying to speed up their MFA rollout and forcing users to enroll MFA. https://www.bugcrowd.com/blog/bugcrowd-security-update-passw...

eclipticplane · Answer

Gotta love a security company using the phrase "for security reasons."

dualbus · Answer

Yes, I got a "Reset password instructions" email from support@bugcrowd.com at roughly 11:13 PM UTC. There is no information in the email nor the linked page about why it is necessary.How am I supposed to trust this...

fallenby · Answer

Yeah. Really weird e-mail. "Security reasons" immediately made me assume they were compromised.

coherent-cache · Answer

unironically: https://www.bugcrowd.com/blog/breaking-the-chain-exploiting-...