Connect
Ask Community
Ask the community
Ask Community
  • Home
  • General
  • Warframe/WhitePages dumps. You guys doing global password resets or nah?

Warframe/WhitePages dumps. You guys doing global password resets or nah?Solved

Profile photo of mortimer
mortimer
Participant
Discussion
Hexnode UEM
2 weeks ago Mar 23, 2026

Just saw the 3M Warframe and 700k WhitePages databases that hit the dark web over the weekend. I already know for a fact half our engineering team plays Warframe, and they 100% reuse passwords.
Management is breathing down my neck asking if we need to force a global password reset across the entire domain today. I’m hesitant because of the sheer ticket volume it’s going to generate to start the week, but the credential stuffing risk is massive right now.
What’s everyone’s move here? Are you hitting the panic button and forcing a reset, or just aggressively monitoring the logs?

topic view count 14 Views

Tags

Compliance (52)
Reply

Replies (3)

Marked SolutionPending Review
Profile photo of eliiza Novice image
eliiza
Participant
2 weeks ago Mar 23, 2026
Marked SolutionPending Review

Man, do not do this. Global resets are dead. If you force a reset today, they’re just going to change Password2025! to Password2026! and go to lunch.

Do you not have MFA enforced for VPN and critical apps? We stopped doing panic resets a long time ago. If a user gets scraped from a gaming forum, let your conditional access policies and the MFA challenge block the login attempt. Save your sanity

Marked SolutionPending Review
Profile photo of amelia-smith Novice image
amelia-smith
Participant
2 weeks ago Mar 23, 2026
Marked SolutionPending Review

We aren’t doing a global reset, but you shouldn’t just ignore it either. 

If you use Entra ID, just feed the newly breached hash list into your banned password directory. That way it catches the bad passwords at their next normal rotation. Or better yet, just run your corporate domains against the HaveIBeenPwned API. If a dev actually shows up in the dump, force reset just that specific guy. Nuking the whole org over a gaming site breach is overkill. 

Marked SolutionPending Review
Profile photo of ryanmoore Novice image
ryanmoore
Participant
2 weeks ago Mar 23, 2026
Marked SolutionPending Review

As a helpdesk manager: please, for the love of god, don’t.  
It’s Monday morning and my L1 guys are already slammed with the usual weekend backlog. If you drop a surprise domain-wide reset right now, the ticket queue is going to catch fire by noon. Take amelia’s advice. Target the devs you know are gamers or send out a “highly recommended” security memo to the company. 

Load more
Save
Related Topics

Leaderboard

Profile photo of bram Pro image
bram
2525 pts
Profile photo of leo_scott Novice image
leo_scott
1552 pts
Profile photo of eliiza Novice image
eliiza
1542 pts
Profile photo of timo-liam Veteran image
timo-liam
1540 pts
Profile photo of carter Novice image
carter
1435 pts
View all

Popular Tags

ABM (55)
Android (499)
iOS (376)
macOS (493)
Windows (352)
Apple TV (33)
App Management (380)
Enrollment (119)
Location (31)
Kiosk (237)
Scripts (93)
ADE (52)
OS Updates (80)
Android Enterprise (147)
View all