IMPORTANT! Have you received an email to your forum username?

Violetta_2

I got 1 timestamped 7.17 am

pinkcandyflossprincess

I have recieved one just now, havent opened it though thankfully!!

I_know_my_ABC_and_my_CMYK

Mine was addressed to Frantic Female

davester

I haven't got it ,I last recieved Martin's ,money tips at 12.16am this morning but that does not have the text shown. I checked spam its not there either. My forum name is not the same as the email address

mr_fishbulb

PhylPho wrote: »

What's weird about the current mass posting of emails to MSE members is that the message text deliberately brings the almost-but-not-quite similarly named Moneyexpert.com into this by quoting every word of that website's 'About Us' page.

It's a targeted attack to build up trust with the recipient of the email so they are more likely to open the malicious file.

PhylPho wrote: »

It's probably going to take a while to figure out if a vulnerability has been exploited in vBulletin or if the problem lies closer to MSE itself. But the fact that only MSE user names and their registered email addresses have been harvested shows that those responsible for today's continuing activity have *not* been able to penetrate any further than online IDs (as distinct from matching 'em to real-world identities.)

That's just an assumption though. Even if the emails didn't contain peoples' real names, the email addresses were still obtained. This means potentially all of the user database was obtained, including date of birth, ICQ/AIM/MSN/Yahoo!/Skype IDs, website (if these were completed), plus a copy of the user's password (hopefully this was strongly hashed).

John_Gray

My longstanding (and unique) MSE email address ceased to exist on 5th November with the demise of the email forwarding service Emailias.com.

I set up a replacement unique email address about five days later, and I haven't received any spam on that. (Yet?!)

Former_MSE_Webmaster

Tigsteroonie wrote: »

Does anybody know, when the Usernames & Email addresses were "harvested" last year (I take it they mean stolen), were Passwords stolen too?

I can't be the only (stupid) person who uses similar passwords on MSE and on other websites.

I've changed a few of them already in the light of this breach

Hi Tigsteroonie,

We have no way of knowing definitively what they did or did not take and I can't go into the details of the system behind it but vBulletin double encrypts passwords. For someone to take the passwords and decrypt them would take quite a bit of effort.

I would always recommend against using the same/similar passwords on multiple sites.


Webby

NualaBuala

mishkanorman wrote: »

ive not had one ! but sadly the penis people seem to have targeted me too today . . . . .

Me too ... (although I did get this spam one too).

I think MSE should have emailed us about this and any other security breaches. It's not enough to assume we will see a thread about it. I was not aware that details had been harvested.

A._Badger

Add me to the list. My user name is unique to this place and bears no relation to my e-mail address. The only way of connecting them is from information held my MSE.

Looks like a hack.

changing_ways

Amilucky? wrote: »

I wonder how many people that have received the emails have used the same username on various social networking sites and also may have openly shared social networking information on MSE and in doing so have tied there MSE user-name to there social networking accounts

I definitely don't do any of those things and still got an email.