Account hacked?

I've been getting random notices over the last few weeks that an attempt was made to change my password to my cakewalk account. Today I received notification that my password was changed. I did not initiate this. I was able to log on with the new password and change it again. Has anyone else had this issue?

I haven't received any notifications, either.
 

This is what I received as an email. I have since changed the password twice. I never initiated a password change or reset.

Cakewalk Password Reset

Cakewalk Account Management
to me
18 minutes agoDetails
Hello AndyF,

Your Cakewalk password has been reset to the following: v:lE#v*5

Please sign in and change your password here: https://www.cakewalk.com/.-Account/Change-Password

If the above password is not accepted, please try typing it in manually instead of copying and pasting it.

Best Regards,
Cakewalk Account Management

On the phone with them now

I have gotten the same emails and told a CW person about it with no action taken. Nor did I get a good answer about it. I have since just ignored those emails. I have had no trouble in logging on. I don't know where they are coming from but I wish CW would respond with something concrete.  

Paul P

John
I don't know where they are coming from but I wish CW would respond with something concrete.  

I hope the Cakewalk accounts are secure.  While trying to authorize a free plugin, I recently got access to account product lists and their serial numbers for as many accounts as I cared to try over at iZotope (all while failing to update my own account).

Right. Its very disconcerting. I don't think it would hurt if we all made a group protest about it. It needs to be dealt with. Or at the least we need to be reassured. 

Ryan Munnis [Cakewalk]
There are only two ways an account password is reset and that email is triggered.
 
1) someone clicks the one-time link generated and sent to your email address. Example:

 
Hello Ryan Munnis [Cakewalk], 

A request to reset your Cakewalk Account password has been made. To reset your password, please click the following link: 
 
[Link]

If you did not request to reset your password please discard this message. 

Best Regards, 
Cakewalk Account Management

 
2) someone on Cakewalk Support Staff does it at the request of a user
 
With that being the case, my suspicion is either Cakewalk Support Staff (I'll follow up internally), or that someone has access to your email. I'd reset your passwords for both your Cakewalk Account and Email Account (as well as disable any Email Clients / portable devices, etc. that may have access to your email address).
 
BTW John, I believe we may have discussed before, but given how common "John" is for a name, my suspicion is many people attempt to reset their account password pre-emptively by entering "John". As mentioned above, however, they cannot reset your password, only create a request to reset.

It was me I think that brought it to your attention. I am totally happy now with your response. I don't use a log in manually. I have my browser set to automatically to log me in. Rarely do I log in myself. I'm going to watch this a little closer and try to figure out what conditions cause an email to be sent. What might be a problem is a delay in logging in and the email being sent. Though I can't be sure of this at the present time. It seems that these emails are sent at odd times. The funny thing is I have been on these forums very shortly after they were implemented. I was on the newsgroup and was reluctant to come here. That said, I can't recall ever seeing this happen before.  
 
I do hope you understand my concern about this as there is so much talk about all sorts of nasty things going on lately. I can say I am very pleased that you posted here and shed some light on this. I really thank you for that.    

stratman70
I don't think clicking on a link like that is a good idea. I would log in again and change the password again-that's if you logged in with the link you received and changed it. Just me-I'm old :-) 

Yes.  Reading the post above I checked the link, expecting to see something from Russia or Pakistan.  I was kind of surprised to see the correct Cakewalk address.

1andyf88
Thanks Ryan. I did indeed, after receiving the email, change the account password and my user name,.I have also changed my email password. I however do not have an open email thread with anyone. I did not initiate a change password request. This email just showed up in my mailbox. At any rate, I can't complain about Cakewalk fast response to this, both on the way hone and here in the forum. We shall see if the above changes solve the problem.

 
Thanks. I've asked our rep to reach out to clear up the confusion. I can definitely confirm the password reset email was triggered by us though, so that's a relief. I'm sorry for any alarm as a result!

John
 
It was me I think that brought it to your attention. I am totally happy now with your response. I don't use a log in manually. I have my browser set to automatically to log me in. Rarely do I log in myself. I'm going to watch this a little closer and try to figure out what conditions cause an email to be sent. What might be a problem is a delay in logging in and the email being sent. Though I can't be sure of this at the present time. It seems that these emails are sent at odd times. The funny thing is I have been on these forums very shortly after they were implemented. I was on the newsgroup and was reluctant to come here. That said, I can't recall ever seeing this happen before.  
 
I do hope you understand my concern about this as there is so much talk about all sorts of nasty things going on lately. I can say I am very pleased that you posted here and shed some light on this. I really thank you for that.    

Yeah, the emails aren't initiated by the forum software but rather by our Cakewalk account management. When we switched the forum over to Cakewalk accounts is probably when these emails started getting triggered. Round 1 would automatically reset the password, which was obviously at the dismay of many users, so we updated the process to require action from the account owner's email address before preemptively resetting passwords.
 

bvideo
 
This sounds exactly like someone clicked the "forgot password?" link for your userid and the forum software dutifully picked a scrambly password and sent it to you at your email registered with the forum. This could happen harmlessly without anyone successfully accessing your email or your forum account.

That is incorrect. Please see my post here http://forum.cakewalk.com/FindPost/3382517