On October 31, 2019, we reset the passwords for all customer accounts associated with publisher earnings, author/licensor royalties, or affiliate marketing earnings on our marketplaces: DriveThruRPG, DMs Guild, Wargame Vault, Storytellers Vault, Ulisses Ebooks, etc.
Our sites have been under attack from Russian hackers using thousands of networked, malware-infected devices. The hackers used a list of email addresses and passwords they acquired from other sites and proceeded to bombard our sites with those email+password combinations. When they found a match, where someone used a common password on our marketplace as well as whatever other site(s) the hackers had compromised, the hackers then accessed that account and looted the account’s balance to their own PayPal account.
We attempted other countermeasures first, but on October 31, we had to take a more comprehensive approach and reset every publisher, author, and affiliate account’s password. This action should ensure that the hackers stop getting any email+password matches from their database that might allow them to access more accounts.
If you are a publisher, creator, or affiliate partner, you will need to initiate a password reset the next time you visit our site so that you can create a new password.
- Go to DriveThruRPG, DMs Guild, or any of our sites and click Log In.
- On the Log-In prompt, select the “Forgot Password?” link to initiate a reset of your password.
- Follow the instructions to reset your password. Please make sure your new password is something unique to your OneBookShelf account, and make sure the password contains a long variety of characters.
To be clear, there is no evidence at all that our site was in any way hacked or compromised. The hackers are using login credentials stolen from other sites and testing them on our site.
We cannot recommend strongly enough the use of password managers to help you use unique, safe and secure passwords for every site you visit.