270k Trading Paints log-in details for sale in data breach

The third-part service used to create and share customised paint schemes for iRacing
iRacing Trading Paints Skip Barber

A recent tweet from @Musantro on X (formerly Twitter), reports over 270,000 usernames and passwords have been leaked from Trading Paints, a platform used to create and view customised liveries within iRacing.

This has since been acknowledged on the iRacing forums by Senior DevOps Engineer, Nicholas Bailey.

Trading Paints Passwords Leaked Twitter User Musantro

Musantro also mentions in the allegation that some Discord servers are recommending to NOT update Trading Paints, and to uninstall the program until further notice.

While the platform has not been created by the staff behind iRacing, it does possibly mean that users’ passwords are at risk if they use the same email and password for other platforms. The claimed information is currently publically for sale via an extremely suspect forum.

Trading Paints Passwords Leaked Twitter Musantro

“Earlier today we were made aware of a breach of the Trading Paints site which leaked the credentials used on the Trading Paints site. If you have a Trading Paints account, you should reset your password using their lost passwd link,” said Bailey on iRacing’s discussion platform.

“Be sure to set it to something unique to the Trading Paints site. Do not use the same password you use for iRacing or any other site. Once they confirm that the site is secure, they will likely advise and/or force another reset of the credentials used for Trading Paints.

“If you used the same password at Trading Paints that you were using for iRacing or if you are unsure if you were, you should also reset your iRacing account password using the following link. When resetting your iRacing password, it should also be a password that is unique from all other sites you use.”

iRacing forums by Senior DevOps Engineer, Nicholas Bailey, Trading Paints

Trading Paints, however, at the time of publication, has not issued a public statement confirming or denying the breach. The diminutive team at Trading Paints has not responded to Traxion.GG’s request for comment at present.

“I’m a bit disturbed to not see any public notification yet, but I have personally verified the data as my old password is included in the sample currently listed on a hacker bidding website,” said Tim Wheatley, owner of Race Sim Central and Head of Licencing for Straight4 Studios, on X.

Traxion Pride Livery on Trading Paints for iRacing
Traxion Pride Livery on Trading Paints for iRacing by DriveThrough in 2022

If you do have a Trading Paints account, it’s our opinion that you consider changing your password to prevent details from potentially being accessed.

A big thank you to @Musantro for bringing the situation to light. We’ll keep you updated if the service provides clarification. We hope it can work on a resolution soon.

Update – 8.30 am BST 29th

At 10.50 pm BST / 5.50 pm EDT / 2.50 pm PDT on 28th August 2023, Trading Paints formally acknowledged the data breach, and issued the following statement suggesting users switch their passwords and not use the same details across multiple platforms.

Trading Paints 2023 data breach statement
Add a Comment
Previous Post
George Boothby, GT WOrld Challenge Esports Europe Sprint, McLaren 720S GT3, Veloce, Barcelona, Assetto Corsa Competizione

GT World Challenge Esports Europe Sprint: Boothby takes title as Veloce dominates

Next Post
You can now claim your Toyota GR Corolla in Gran Turismo 7

You can now claim your Toyota GR Corolla in Gran Turismo 7

Related Posts