Keeping Your Account Protected

Hey folks, some of you received this email today, this is our blog post with all the details as well.


tl;dr (too long, did not read)
We’re asking certain Adafruit user accounts from 2014 and before to reset their passwords as an added security precaution.

Tell me more
We’ve recently become aware of a vulnerability in our legacy authentication system that could have enabled malicious attackers to access information from certain user accounts created in 2014 and before.

The vulnerability could have allowed an intruder to have had access to some usernames, some email addresses, and some hashed passwords from these older forum accounts. We do not believe this issue affected Adafruit store accounts or payment or billing information (Adafruit does not store credit cards, only authorizations). The issue was disclosed by a security researcher as part of a vulnerability disclosure. Following disclosure of the issue, the researcher confirmed user information to demonstrate the vulnerability. We have no reason to believe that any user information was used for fraudulent purposes.

The vulnerability in question involved taking advantage of a weakness in the Adafruit Job Board, a public job offerings forum on the Adafruit website. The Adafruit Job Board did not store resumes or any additional information other than the content of its users’ public posts. From there, an attacker could take steps to gain unauthorized access to user information in our customer support forums: usernames, emails and hashed passwords from older forum accounts. After conducting a thorough internal investigation that included review of our logs, we found no evidence of any other party that might have taken advantage of this vulnerability. We are also currently unaware of any actual misuse of user information.

Although we currently hash all user passwords using bcrypt in an effort to prevent malicious attackers from misusing passwords, certain older passwords that had not been updated since 2014 were hashed using the less robust MD5. Even if you did not use the Adafruit Forums, an account may have been created when you signed up.

To err on the side of caution, we have set up a process to help automatically reset any MD5-hashed passwords that may have been implicated by the vulnerability. When you log in to your account, you will receive a prompt instructing you to create a new password. If you do not receive a prompt, we do not believe your account was affected. However, you can always reset your password by logging into your account, navigating to the account settings page, and following the directions there for changing your password. If you use your Adafruit Customer Support Forums password for any other site, we also recommend resetting your password for those sites. We encourage you to use strong passwords and to not to reuse passwords on other sites.

As a reminder, for your security, we will never send you a link to reset your password as part of a security alert and our customer support team will never contact you asking for your password. If you receive an email of this nature, or otherwise suspect that someone is attempting to gain access to your account or solicit your personal information, or have any other questions about this process, please contact us at [email protected]

We would also like to thank all individuals who have and will contribute to the security of our users by disclosing vulnerabilities to us responsibly (https://www.adafruit.com/reportingsecurityissues).

We apologize for the disruption and the extra work this requires from you for these added security measures.

Phillip Torrone, Managing Director & Limor “Ladyada” Fried, founder and the Adafruit team – Adafruit, 150 Varick Street, NY, NY 10013


Adafruit publishes a wide range of writing and video content, including interviews and reporting on the maker market and the wider technology world. Our standards page is intended as a guide to best practices that Adafruit uses, as well as an outline of the ethical standards Adafruit aspires to. While Adafruit is not an independent journalistic institution, Adafruit strives to be a fair, informative, and positive voice within the community – check it out here: adafruit.com/editorialstandards

Happy New Year 2025
Happy New Year from Adafruit!

Stop breadboarding and soldering – start making immediately! Adafruit’s Circuit Playground is jam-packed with LEDs, sensors, buttons, alligator clip pads and more. Build projects with Circuit Playground in a few minutes with the drag-and-drop MakeCode programming site, learn computer science using the CS Discoveries class on code.org, jump into CircuitPython to learn Python and hardware together, TinyGO, or even use the Arduino IDE. Circuit Playground Express is the newest and best Circuit Playground board, with support for CircuitPython, MakeCode, and Arduino. It has a powerful processor, 10 NeoPixels, mini speaker, InfraRed receive and transmit, two buttons, a switch, 14 alligator clip pads, and lots of sensors: capacitive touch, IR proximity, temperature, light, motion and sound. A whole wide world of electronics and coding is waiting for you, and it fits in the palm of your hand.

Have an amazing project to share? The Electronics Show and Tell is every Wednesday at 7:30pm ET! To join, head over to YouTube and check out the show’s live chat and our Discord!

Join us every Wednesday night at 8pm ET for Ask an Engineer!

Join over 38,000+ makers on Adafruit’s Discord channels and be part of the community! http://adafru.it/discord

CircuitPython – The easiest way to program microcontrollers – CircuitPython.org


New Products – Adafruit Industries – Makers, hackers, artists, designers and engineers! — New Products 11/15/2024 Featuring Adafruit bq25185 USB / DC / Solar Charger with 3.3V Buck Board! (Video)

Python for Microcontrollers – Adafruit Daily — Python on Microcontrollers Newsletter: Open Hardware is In, New CircuitPython and Pi 5 16GB, and much more! #CircuitPython #Python #micropython @ThePSF @Raspberry_Pi

EYE on NPI – Adafruit Daily — EYE on NPI Maxim’s Himalaya uSLIC Step-Down Power Module #EyeOnNPI @maximintegrated @digikey

Adafruit IoT Monthly — The 2024 Recap Issue!

Maker Business – Adafruit Daily — Apple to build another chip at TSMC Arizona

Electronics – Adafruit Daily — Low power?

Get the only spam-free daily newsletter about wearables, running a "maker business", electronic tips and more! Subscribe at AdafruitDaily.com !


No Comments

No comments yet.

Sorry, the comment form is closed at this time.