Urgent – Please Help – Display Name Not Recognized – Possible Unauthorized Access
-
Hi everyone. I need some help/guidance. I just logged into my Gravatar account for the first time and upon doing so I stumbled across something extremely odd. There was a display name already listed for me. The display name is set to ‘ponybagelthe974’. I have never picked a display name & if by chance I did but forgot this display name is definitely not one that would come to mind. It also states that I opened the account in June (which would only make sense if it’s related to my akismet account opening date). I have the paid version of the Akismet plugin, which I believe is a sister company to Gravatar but even with that account I never created a display name. Let alone ‘ponybagelthe974’. If there’s no reasonable explanation for this I would appreciate it if someone can give me an idea of how this display name came to exist and if I should be worried about my account being compromised. Thank you for your time and help.
I don’t have a site with WordPress.com yet
-
Hi there,
Your public display name shows as
ponybagelthebe95355to me. Did you update that since posting here?Your account was created three weeks ago via Akismet.com, yes.
When you created your account, a display name would automatically have been set, but by default this is set to be identical to your username. As changing a display name doesn’t make any difference to your ability to access your account, we don’t log when that is changed, so I have no way to tell you when it might have been changed to something else. I can tell you that only someone with access to your account has the ability to make changes to your public profile.
Looking at our logs for your account, I don’t see anything indicating unauthorised access. This account was created three weeks ago via Akismet.com, and the first activity after that is when you logged in around six hours ago. Inbetween there’s no evidence that anyone else logged into the account.
You also use an email login link to log in. Only someone who has access to your email account as well would be able to log into your WordPress.com/Gravatar account. So if you’re in any doubt, update your email password, and from your email settings force-logout all active sessions. As an added layer of security I also recommend you enable two-step authentication, both on your email and your WordPress.com account. That way, even if someone manages to obtain an email login link to your account, they won’t be able to use it to log in without access to your 2FA device as well.
https://wordpress.com/support/security/two-step-authentication/
-
Thank you so much for the prompt and thorough reply. You mentioned that by default my display name would be identical to my username. Are you referring to my wordpress username? Can you also tell me the exact date my account opened? Was it June 12th, the day I purchased Akismet? Lastly, do you store IP address logs? If so there should only be one IP address logging in to this account (since I’ve only worked from home). Thank you
-
Hi there –
You mentioned that by default my display name would be identical to my username. Are you referring to my wordpress username?
That is correct.
Can you also tell me the exact date my account opened? Was it June 12th, the day I purchased Akismet?
We see the account creation a few weeks ago, but not the exact date. It sounds like you are correct there.
IP logs can be requested, through legal means. We can get you that link to get that process started if you’d like. Again, we don’t see any indication of unauthorized access here. Gravatar is linked to WordPress.com profiles. As my colleague mentioned, display names for both are automatically set based on the username when creating an account on WordPress.com.
Let us know if you need anything else.
-
If display names are based on my WP username then ponybagelthebe should be considered suspicious. My username doesn’t resemble that display name in any way. If you see more than one IP address that would be another sign of unauthorized access (if you only see one then there’s no point of moving forward). Based on the default settings and your expertise it’s safe to say that my account was compromised. I’m the only one who has access to this site and have not shared my login credentials with anyone. Can we start the process to obtain that log please. I saw that you mentioned “legal means”. Feel free to ask for any relevant documentation or contacts. Thanks again for all your help.
-
If display names are based on my WP username then ponybagelthebe should be considered suspicious. My username doesn’t resemble that display name in any way.
To be clear, we’re speaking of your WordPress.com username, not the admin username you use to log into your site. Your admin user account and your WordPress.com account are two completely separate accounts.
Your WordPress.com username is
ponybagelthebe95355, and that’s also currently set as the display name in your profile settings at https://wordpress.com/me/Your site will have it’s own username and public display name. Those are set in your site’s dashboard at
YOURSITEURL/wp-admin/profile.php. As your site is not hosted on our servers, we have no information at all about who might have accessed it. We only have information about your WordPress.com username account.The only people who might be able to provide access logs for the admin account on your site itself, is your hosting provider. You can also ask the WordPress.org community, who makes and supports the open source WordPress software you’re using, for advice at https://wordpress.org/support/forums/
If you see more than one IP address that would be another sign of unauthorized access (if you only see one then there’s no point of moving forward). Based on the default settings and your expertise it’s safe to say that my account was compromised.
As I said above, I see no indication at all of unauthorised access to your WordPress.com username account. Your account was created three weeks ago when you purchased a paid plan on Akismet.com, and the first time anyone has accessed your account since then was yesterday, less than an hour before you created this forum thread, and going by the IP address logged for all your replies on this thread, that login was also you.
If you still feel you want access to your WordPress.com account logs, we’ll need a valid court order from a US court to provide those. You can find more information on the process to follow here:
https://wordpress.com/support/report-blogs/legal-guidelines/
-
To make things easier can I just close my wordpress.com account? My site is with wordpress.org and I don’t deal with woocommerce or gravatar. I don’t think I utilize a wordpress.com account at all. If I choose to close it will it have any effect on my wordpress.org site?
-
You wouldn’t be able to close your WordPress.com account while still using a paid Akismet plan.
But also, there is no need to close it.
As my colleagues explained above, there are no security issues on your account. If you’re worried about it, change your password to a strong one and enable two-factor authentication, as explained here:https://wordpress.com/support/security/two-step-authentication/.
If I choose to close it will it have any effect on my wordpress.org site?
WordPress.com and WordPress.org are independent, so your self-hosted site will not be affected, although, as I said, your Akismet account would need to be canceled before closing it.
I hope that clarifies it.
- The topic ‘Urgent – Please Help – Display Name Not Recognized – Possible Unauthorized Access’ is closed to new replies.
WordPress.com Forums 