A recent tweet from @Musantro on X (formerly Twitter), reports over 270,000 usernames and passwords have been leaked from Trading Paints, a platform used to create and view customised liveries within iRacing.
This has since been acknowledged on the iRacing forums by Senior DevOps Engineer, Nicholas Bailey.
Musantro also mentions in the allegation that some Discord servers are recommending to NOT update Trading Paints, and to uninstall the program until further notice.
While the platform has not been created by the staff behind iRacing, it does possibly mean that users’ passwords are at risk if they use the same email and password for other platforms. The claimed information is currently publically for sale via an extremely suspect forum.
“Earlier today we were made aware of a breach of the Trading Paints site which leaked the credentials used on the Trading Paints site. If you have a Trading Paints account, you should reset your password using their lost passwd link,” said Bailey on iRacing’s discussion platform.
“Be sure to set it to something unique to the Trading Paints site. Do not use the same password you use for iRacing or any other site. Once they confirm that the site is secure, they will likely advise and/or force another reset of the credentials used for Trading Paints.
“If you used the same password at Trading Paints that you were using for iRacing or if you are unsure if you were, you should also reset your iRacing account password using the following link. When resetting your iRacing password, it should also be a password that is unique from all other sites you use.”
Trading Paints, however, at the time of publication, has not issued a public statement confirming or denying the breach. The diminutive team at Trading Paints has not responded to Traxion.GG’s request for comment at present.
“I’m a bit disturbed to not see any public notification yet, but I have personally verified the data as my old password is included in the sample currently listed on a hacker bidding website,” said Tim Wheatley, owner of Race Sim Central and Head of Licencing for Straight4 Studios, on X.
If you do have a Trading Paints account, it’s our opinion that you consider changing your password to prevent details from potentially being accessed.
A big thank you to @Musantro for bringing the situation to light. We’ll keep you updated if the service provides clarification. We hope it can work on a resolution soon.
Update – 8.30 am BST 29th
At 10.50 pm BST / 5.50 pm EDT / 2.50 pm PDT on 28th August 2023, Trading Paints formally acknowledged the data breach, and issued the following statement suggesting users switch their passwords and not use the same details across multiple platforms.
