I just got the e-mail shown below with a legit-looking Murena footer. I got it to both my Murena e-mail account (which I use to log in to the Murena shop with my own identity) and to another e-mail account (which I use to log in to the Murena shop with a friend’s identity who I help with Murena). Strangely, I can still login to the shop without going through any of the mentioned steps before. I see no obviously fraudulent links in the e-mail, but also no discussion of this e-mail on either the forums or Telegram group. @Manoj Could you please tell me whether this is fake or legit?
Dear Murena Shop user,
We’d like to inform you that we have recently detected a temporary security issue in the Murena shop at murena.com.
As a first precautionary step, we have disabled login access for your account until your reset your password.
What you need to do: to regain access to your account, you must reset your password. Please follow these steps:
I think it’s legit, but it might only affect separatly created accounts for the shop and not the Murena ID. Not sure.
@Manoj and @GaelDuval , could you please say a few words about that issue. I don’t want to paint the devil on the wall, but every full data breach with all customer data getting stolen would be a “temporary security issue”.
In all friendliness, best practice, especially for Murena, would have been anyway to provide such information without being asked or to announce that they will get back to us as soon as possible with further information. Perhaps next time? That would be really nice!
TBH the handling of the cluster outage was beyond catastrophic.
It still can be incompetence in place, but in the world of cybersecurity “temporary secrity issue” means that the issue was so bad, that they legally can’t even tell that no sensitive data was stolen, or they don’t even know what happened. Normally you get overly specific statements from which you can deduct what the issue was. In this case all worst cases are still on the table and an explanation should be available Day 1 and in the Email.
I guess we should have an eye on our credid card bookings until we know for sure.
edit: Around a day passed since the email. This is far to long. Ff something really serious would have happened it would be too late for counter measure on the user side.
Might be a test of how vulnerable there users are for fishing mails.
I would never click on a link in such email. I always type in that url myself or use my bookmark in my browser.
I got that email also. But despite that the email says that my login is disabled, I can login.
Then the link in email looks sth like this “https://mailing.murena.com/ls/click?upn=u001.vUcbTxRcwkQmwXEtYiQDv5WQ9Cg-2FVkgTnMbTD4qegME-3Dte…”
Which looks like a tracking link. So they know who clicks on that. I tried it in a private tab and it forwarded me to the normal murena website.
Links in such emails always makes me very suspicious. It’s not like I triggered the reset and get an email about it with a link. Very strange.
Good point! I did not notice the tracking URL as I just went to the browser and used my murena.com bookmark.
Well that’s of course awkward for Murena. Best practice would have been just to inform, that we need to login and change our passwords as no.1 security tip is to never click on links in emails.
Yeah you can’t be too cautious. I’ve had fishing emails that seriously look legit. Like you said, always access your service provider by using a browser bookmark or entering the URL or with a service provider app. Never click on a link in email or text.
I’m just saying that the last time the communication about an incident went from “temporary service disruption” to “full cluster outage with month of user data lost with months of letting the paying customer in the dark”.
Was the shop hacked or not and do users need to prepare precautions? It’s now 48h after the mail, and x-days after the incident. The need to change passwords is usually a pretty bad sign that an attacker was inside with access to sensitive data.
I have not used the link in the email, but directly typed in “murena.com” in the address by of my browser, and I was informed that I had to use the “Forgot password?” function. Which I did, and I set a new password with my password manager.
@Manoj, @GaelDuval, can you provide any information what happened?
As part of our process of security checks over our different websites we noticed unauthorized attempts to access user accounts in the Murena Shop. While the attempt have been successfully blocked and we did not see any loss of data we are advising our Murena shop users to recreate their passwords for added safety. We continue to monitor all our sites to ensure safety of our user accounts.
I’m getting similar vibes from this like the cluster outage. Every aswer causes more questions…
What is the technical nature of this unauthorized access to user accounts? If they were blocked, why is there a need for all accounts to reset their passwords? Resetting all you users password only make sense if you are not sure if the attacker got insite and may have been exfiltrated credentials/user data. So was the attacker inside parts of your network/services?
I’m really disappointed again about Murenas communication. There is no official follow up on this for days, and all explanations up until now are non-technical and generally missleading, and with the experience from the cluster outtage I must assume there was a data breach Murena tries to cover up or is not sure about how bad it actually was.
Alone the fact that the issue was communicated only via email and was therefore not public tells me that there were very few learnings about the lost trust during the cluster outage.
I have just sent an inquiry to Murena.com (ticket number #9945780). I have clearly stated that I expect a meaningful answer until Tuesday, June 3 2025.
I can understand that Murena may still be investigating the whole issue, but then at least some information that they are working on it is what I expect.
Might be a test of how vulnerable there users are for fishing mails.
. That is what I did, I changed my password, without using the email link 
.