I came across the password reset page after not visiting the forum for a while, and I couldn't help but think, "Oh man, this can't be good!" 😅
I'm relieved that the team was able to further mitigate this attack and conduct a timely investigation, even though it stemmed from an unfortunate incident. It's disheartening how data and server breaches seem to be on the rise in recent years, and I'm somewhat skeptical about the long-term effectiveness of passwordless login initiatives, considering how easily the devices that support this security measure can become vulnerable themselves.
Nonetheless, thank you, team, for always being transparent about these sorts of incidents, as I feel it is critical to remain as such to effectively run a project at this scale.
Here's to the ongoing efforts of Flarum 2.0! Cheers! 🥂