The other day I got an email notification that someone had requested a password change for my wordpress.com account. WTF? I almost never even log into wordpress.com. But, if someone knew my member name, they could try to hack my account and I assumed that this message was a result of such shenanigans. I figured an actual change of my password was in order, just to be safe.
Then I noticed the user name on the account: g2-587217eb4d0b8b1710372695336f2a58
That’s actually not my user name at wordpress.com. Someone (a robot, obviously) created an account with my email address. Huh. I logged into the fake account, changed its password so whoever created it wouldn’t get access to it, and looked around for a way to delete the account entirely. I couldn’t find one.
I know you had a snafu that led to people’s passwords being stored less securely, and therefore a spate of “reset your password” messages issued forth, but this message was absolutely not the same as those. I am fanatic about protecting my email password (as I write about here), and I have changed it recently. There is no other sign that my email account has been compromised.
I logged in as the bogus user and checked to see if any comments or posts had been made; it appeared not. So, I set the password to something ridiculous and promptly forgot it.
The only problem is, when I leave comments on people’s wordpress.com blogs, after I put in my email it auto-fills the rest with data from the bogus account.
So, two things:
1) how did there come to be an account with an email address the bad guy almost certainly didn’t have access to?
2) how can I make that bogus account go away entirely, and never bother me again?