Since a few weeks I got send a verification code to log in to my Bambu account. Since I did not request it, I guess someone else tries to log in.
Is there any known data breach? It seems to consistent to be just general data scraping
1 Like
Seems likely that your email was part of a data breach. Change your passwords and use 2FA with an authenticator app.
3 Likes
There is another user who posted the same a few days ago.
I have also been asked for a verification code to log in since a few days after seeing that post. So OP is not alone in this.
@JonRaymond or @Tanklet : Did BL or MW recently start requiring MFA even if users donât explicitly choose it? Or is the verification code required only in some situations, such as users using VPN? If yes, then there probably should be an annoucement about it.
I am ok with mandatory MFA. In fact, with the new cashing-out option of exclusive points, it is a good idea for users to start using MFA anyway.
Iâm not privy to any insider information about Makerworld or Bambu for that matter.
Here is the update information on Bambu Handy.
Perhaps itâs across the board. I havenât been asked to verify in I canât remember when, even after this app update.
I thought MW moderators have been invited to sit in on board meetings 
. Kidding aside, maybe @Tanklet knows something about this then?
Ah, I donât use Handy, so I havenât seen this message. This could be it. I use VPN regularly. VPN could be one of these âspecific conditionsâ the message refers to. But it would be nice if we get a confirmation from BL with some examples of these specific conditions.
I raised a ticket and got some BS explanation about needing to comply with banking laws.
I was also helpfully advised that if I never log out I wonât need to log in which means someone who has compromised my computer enough to steal passwords can just steal logged in status cookies and bypass passwords and 2FA.
I donât keep cookies past sessions so I have to log in every time and an emailed verification is required. Anything that makes logging in more painful makes me less likely to bother.
I donât use a VPN to access Makerworld.
I just checked. Logged out of Makerworld. I canât see any way to log out of the forum. Left one empty browser window open to avoid cookie deletion on closure. Go back Makerworld and the log in button knows it is âmeâ and doesnât even ask for a password. Stored cookies bypass all account security. Sites that actually care about security and have a clue, you know like all my bank and CC accounts wonât let me stay logged in if I am idle for more than 5 minutes.
Itâs possible, because creators can now redeem exclusive points into cash which can go into their bank accounts.
I donât keep login credentials either. But many of the things we do nowadays, such as logging into bank account or credit card accounts, require entering a pass code thatâs sent to oneâs phone or email, or some other types of multi-factor authentication. So what BL does is not new. I am ok with it.
@TVL_3D
Did you enable 2FA? which may increase the security of your account but requires verification code when you login.
@Tanklet I have 2-Step verification turned off, and have been required to enter a verification code for each login for at least a week now. For a test, a moment ago I logged in twice, one time with VPN on and the other with VPN off. Both times a verification code was needed. So using VPN is not the reason or at least not the only reason for triggering verification code.
I donât mind having to enter verification code to log in. In fact, I was going to turn on the extra security soon, but I will leave it off for now in case you want to test it with me.
If BL has implemented stricter security measure and required the 2-step verification even for users who do not have that feature turned on, it probably should have announced it through the system message, instead of one message showing up only on the Handy app.
I just checked this logic. We added a verification mechanism last week for accounts that does not turn on 2-step verification.
If you use the same browser, the verification will happen only once (except that you use in-private mode browser).
When you use another browser, the verification will happend again. The verified status is stored as browserâs local data. Different browsers has their individual local data.
We are using Bambu printers in our Universityâs studio, and we use one account that all students log in to to use our printers. This new verification mechanism means we need to verify each student, which takes a lot of work. Is there a way to turn this new verification off?
Enable two-step authentication. If the authenticator app is available to whomever needs to use the login, then it will not be a barrier. Itâs just another step to the normal login process.
It would be nice to not have the students login to another service. The more streamlined the process is, the less time our staff has to deal with basic things like helping students log on, and the more time they have to deal with more important matters.
I assume you are talking about logging in from Bambu studio?
If you put the printers in Lan only mode you donât need to be logged into an account to use them.