IMPORTANT! Have you received an email to your forum username?

poppie123

angbrads wrote: »

I don't have one so far and I'm on here all the time. However I don't subscribe to martins weekly email.

No i haven't recieved one either and i am on each day (well have been lately) I don't subscribe to the weekly email.

The_Gerbil

lou66 wrote: »

HI
Got one this afternoon joined in 2009 but have not been on for at least six months and had to get a reminder about my password this afternoon and then got a eamil from them at six this evening.

Could this be a clue? Somebody else said they had a friend who hadn't visited the site for ages and also hadn't received the suspect email.

Are you saying that you didn't get the email until after you visited the site.

If the database had been simply hacked and all the usernames and emails stolen you wouldn't see situations like this. They would just send the emails out to everyone in the database.

This looks more like the site has been hacked and there is malicious code on it (XSS). So you need to visit the site or some specific page or post to then trigger the evil email?

Just a theory.

squibbs25

HairY wrote: »

Go to "Edit Options" under your forum user control panel. Any of you have the "Allow vCard Download" checkbox checked?

Mine is not ticked, also never has been.

DOLLYDAGGER9

Unfortunately, I opened the spoof email, However I did not 'click' on the Download option, Am I safe ?

Doc_N

If anyone's been using the same password for their email account as they have for MSE (not good practice at all, but it happens), bear in mind that whoever hacked in to get the email addresses/passwords from MSE will also have the password to your email account.

About time this whole affair appeared far more prominently and on the MSE homepage, with a very clear warning of the possible consequences.

chris_n_tj

The_Gerbil wrote: »

Could this be a clue? Somebody else said they had a friend who hadn't visited the site for ages and also hadn't received the suspect email.

Are you saying that you didn't get the email until after you visited the site.

If the database had been simply hacked and all the usernames and emails stolen you wouldn't see situations like this. They would just send the emails out to everyone in the database.

This looks more like the site has been hacked and there is malicious code on it (XSS). So you need to visit the site or some specific page or post to then trigger the evil email?

Just a theory.

I received the email this morning but didnt log into the site until this evening.

The_Grandmaster

Opening emails will be fine. Clicking to download would not be. If you're worried about computer security come over to the techie board and open up a new message. We're all happy to help.
Techie Stuff - MoneySavingExpert.com Forums

Bluespirit

Received one of these this afternoon too, but only looked at the email - no downloads

Cazant

Received 2 today one to my inbox and one to my junk. Opened them but did not click on the link. I have not been logged into the site for a few months.

colin79666

Doc_N wrote: »

If anyone's been using the same password for their email account as they have for MSE (not good practice at all, but it happens), bear in mind that whoever hacked in to get the email addresses/passwords from MSE will also have the password to your email account.

Not necessarily true. vbulletin (the forum software) does not store the passwords in plain text in the database (unless someone set it up wrong). Passwords should be hashed - that is not stored in a way that anyone could read or reverse.

It is of course not good practice to reuse passwords. Especially for email accounts or other stores of personal information.