Trading Paints Sim Racing Livery Platform exposes credentials of 270,000 users
Take action: If you are playing iRacing or using TradingPaints, you need to IMMEDIATELY reset your passwords on both platforms and everywhere else you are using the same password. This time use different passwords generated by a password manager. While you are at it, maybe uninstall and avoid using TradingPaints application for the next month because the code may also be compromised.
Learn More
A significant security breach has taken place involving Trading Paints, a platform utilized within the iRacing community for designing and viewing customized vehicle liveries. The breach has resulted in the exposure of an extensive dataset containing more than 270,000 usernames and corresponding passwords associated with Trading Paints accounts.
Allegedly, the leaked data is already put up for sale on an online forum related to criminal activities.
The cause of the breach is not known, and it's unclear whether the passwords were kept in cleartext or encrypted.
The breach was acknowledged on the iRacing forums and participants in the discussion recommend immediate action from affected users to reset their password via the Trading Paints' provided "lost password" feature. A Discord discussion from users and third parties is also suggesting that users avoid updating or even uninstall Trading Paints temporarily, since the breach may not be limited just to theft of credentials - the code may be compromised as well.
While Trading Paints is an independent platform and not directly developed by the iRacing, the breach creates potential risks for users who employ identical login credentials across various online platforms.
Trading Paints has yet to release any official statement either confirming or denying the occurrence of the breach leaving users and the public uncertain about the company's response and actions.
