We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
IMPORTANT! Have you received an email to your forum username?
Comments
-
I got one as well. - Posted 12:180
-
And this is also why it's best not to allow people to start websites in moneysavingexpert name - recently someone started a website in this site's name and I thought, how weird. What happens is that this site users join that site in this same username, presumably same email id as well. And you don't know it's probably them that's compromising on these email id's.
To be honest, I can't see many members of Moneysavingexpert inadvertently joining another site or forum of a similar name and using the same MSE ID and password to do so. The other site would have to be a spoof site replicating MSE in every important respect.0 -
Very sensible advice - and the question is very much on-point. I started getting spam back in July 2009 to an email address used on an MSE username which in the end I didn't complete the activation process for, and so had never posted from.Tigsteroonie wrote: »Does anybody know, when the Usernames & Email addresses were "harvested" last year (I take it they mean stolen), were Passwords stolen too?
I can't be the only (stupid) person who uses similar passwords on MSE and on other websites.
I've changed a few of them already in the light of this breach
At the time MSE said that they'd investigated but "we can only find the symptom not the problem". They also said "We only keep registration email addresses" but contrary to that, this latest spam email shows that the usernames have been compromised AS WELL - so what else?
Passwords almost certainly, too, so if you use your MSE username or password ANYWHERE else, change them ALL immediately. If you're "superjuiceloosener" on MSE with a password of "freddy1" it won't take too long for miscreants to try that username and password on other popular websites, or indeed to see if freddy1 is the same password you use to get into your webmail.
Same thing happened again in September 2009 and again MSE said there was no evidence of a problem.
As I said at the time, the cheek of MSE's "News" warning to users of other web forum software "which we DON'T use" in July 2010 seems just a little two-faced. Especially since the compromised software was vBulletin 3.8.6, actually a NEWER version than MSE used (3.8.4) at the time.
But fundamentally MSE's forums use the vbulletin software which is very big, and very popular. Anyone who can find a back door into it (and it is a constant target, so new exploits are discovered all the time) is going to make off with as much data as they can, from as many large websites as they can, before anyone even knows there's a problem. There is no defence against this other than to make sure that you never use your forum usernames or passwords (or email addresses, if you can help it) anywhere else. That at least minimises the problem that it can cause you if any one forum does become compromised.
It does seem that constant denial from the operators of many forums is a hallmark of compromises like these, though. I had exactly the same problem on the O2 customer forums some months ago - they never did admit that there was a problem.
(For the record, I got the "Money Expert" email this morning, but just to the previously compromised address, not to this account which was created more recently.)0 -
Although I'm a little sceptical of Moneyexpert.com's claim that it has been in the advice business for 20 years, I can't see those who run it being so utterly bonkers as to be behind today's escapade where Moneysavingexpert.com is concerned.
Much more likely is that someone, somewhere, is deriving malicious glee from the idea of setting two UK financial advice websites against each other.
In agreement (see my previous post). More details on moneysaving.com
http://en.wikipedia.org/wiki/Money_Expert
Money Expert LTD
MoneyExpert Limited
The Parks, Lodge Lane
Unit 6
Newton le Willows
Merseyside
WA12 0JQ
UK
Phone: +1.1942710910
Fax: +1.1942714871
Domain first registered in 1998 as well - so, although the content may not have been there, the site's been registered for a long time!0 -
I have just checked my junk-mail box....got one of the spam mails.0
-
I had one too, think it went straight into my junk folder.0
-
I've just got the email... just after I logged in and then out.BLOWINGBUBBLES:kisses2: SMARTIE120
-
I got one and I only use that email address for here
I just tried submitting a spam report on it and it failed. Strange!0 -
got one at 12.52 today0
-
Promise, I'm not imagining things. This really happened. I narrowly escaped that one; mainly because it wasn't compelling enough for me. And sure if there are sister sites or sites claiming it has Martin's support and it's for moneysavingexpert forum members', I'd use my username and same email id to join - wouldn't you?To be honest, I can't see many members of Moneysavingexpert inadvertently joining another site or forum of a similar name and using the same MSE ID and password to do so. The other site would have to be a spoof site replicating MSE in every important respect.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.6K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.3K Spending & Discounts
- 243.6K Work, Benefits & Business
- 598.3K Mortgages, Homes & Bills
- 176.7K Life & Family
- 256.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards