IMPORTANT! Have you received an email to your forum username?

alwaysonthego_2

Mine arrived in my spam box.

I am wondering why everyone is worried about them getting our email adds?

DrPaul

Can't remember when I signed up, but it will appear when I post this!

I also use the "mse@mydomain.com" trick to track the origin of spam and over the years it's surprising how many organisations have lost or sold my details!

The fact that the email also quotes my user name for this forum means that the MSE forum database has been hacked or sold by an insider. Either way I'm afraid that it really makes me question the professionalism of the setup at MSE, which is a real, real shame. As an IT professional of decades' standing I tried to apply for a job that you advertised a year or so ago, but despite repeated attempts I never got an acknowledgement or a response to my application.

I seem to remember getting some spam to my "mse@...." email address last year, which I assume is when the original data breach occured, but I'm pretty sure it was generic spam and didn't include my forum user name, so this new outbreak is a bit worrying.

All I need to do is change my subscription email address to something like "mse2@...." and set my mail server to bounce any emails to the old address, a trifle inconvenient but not the end of the world. If you've only got one email address and used it to sign up to MSE then sorry but prepare to be spammed!

Webmaster - you've already referred to the original data breach, but I think we need "full disclosure" to reassure your many subscribers. You can see how many accusations of a sell-out are already circulating. I'm personally sure that it's "!!!!-up not conspiracy" but even so this is a major secuity breach at your end. For example, can we now assume that it is the forum database that was compromised rather than your full mailing list?

PS Last logged on to this forum in February.

hendo74

Yes i had recieved one too,thought it looked a wee bit suss so just deleted it.

lou66_2

The_Gerbil wrote: »

Could this be a clue? Somebody else said they had a friend who hadn't visited the site for ages and also hadn't received the suspect email.

Are you saying that you didn't get the email until after you visited the site.

If the database had been simply hacked and all the usernames and emails stolen you wouldn't see situations like this. They would just send the emails out to everyone in the database.

This looks more like the site has been hacked and there is malicious code on it (XSS). So you need to visit the site or some specific page or post to then trigger the evil email?

Just a theory.

Yes i did not get the email from them untill after i logged on to mse and have not been on for at least six months, logged on and early afternoon on mse and then got the suspect email at about six

elsien

I am concerned as the email I received connects my mse username with an email address that I have never used in connection with the user name in any other context but here. The breach has to have come from this site, as otherwise it would have gone to one of my other email addresses.

Tigsteroonie

Hmmm ... somebody mentioned a few posts ago that they received the fake message to an email address they use for the weekly newsletter, and not the one that is registered for the forum - I wonder if there is anything in this?

Bang went that theory - ButterBean has received one, and he's not signed up for the email.

ETA. Just seen somebody else's theory that the emails may not be triggered until you log in - I shall log in as Frank and then wait to see!

ZTD

PhylPho wrote: »

It's also remarkable (well, to me at any rate) the sheer number of posters who want justice NOW! as well as explanation NOW!

And possibly, Martin Lewis's head on a plate.

Incidents like these always bring out the Drama Queens. It's the LAW!

I haven't received an email yet - my username obviously begins with Z, so an automated dump may not have got up to me.

Any other "old-timers" who *haven't* received an email?

In future though, I would suggest that someone in MSE picks an email address with a unique token in it - (something more complicated than A1B2C3D5) and subscribes with A1B2C3D5A1B2C3D5@emailprovider.com (twice so going across packet boundaries doesn't matter). Then they can use snort to look for that token and at least have it kick-off during the copy, rather than weeping and wailing after.

It's not hard, and it's not expensive.

PhylPho wrote: »

Good job the overwhelming majority on here have the wits, and the patience, to allow MSE's Webbys to investigate -- though shame on all those vindictive posters with their various conspiracy theories who seem to have conveniently forgotten that this entire bloody thread wouldn't be here in the first place if MSE itself hadn't started it. . .

No, no. There needs to be constant communication, when there's nothing to say. After all, it's not like people who work at MSE have something better to do than constantly post. There's nothing else going on, like a security breach or anything...

Rossy.

DrPaul wrote: »

Can't remember when I signed up, but it will appear when I post this!

I also use the "mse@mydomain.com" trick to track the origin of spam and over the years it's surprising how many organisations have lost or sold my details!

The fact that the email also quotes my user name for this forum means that the MSE forum database has been hacked or sold by an insider. Either way I'm afraid that it really makes me question the professionalism of the setup at MSE, which is a real, real shame. As an IT professional of decades' standing I tried to apply for a job that you advertised a year or so ago, but despite repeated attempts I never got an acknowledgement or a response to my application.

I seem to remember getting some spam to my "mse@...." email address last year, which I assume is when the original data breach occured, but I'm pretty sure it was generic spam and didn't include my forum user name, so this new outbreak is a bit worrying.

All I need to do is change my subscription email address to something like "mse2@...." and set my mail server to bounce any emails to the old address, a trifle inconvenient but not the end of the world. If you've only got one email address and used it to sign up to MSE then sorry but prepare to be spammed!

Webmaster - you've already referred to the original data breach, but I think we need "full disclosure" to reassure your many subscribers. You can see how many accusations of a sell-out are already circulating. I'm personally sure that it's "!!!!-up not conspiracy" but even so this is a major secuity breach at your end. For example, can we now assume that it is the forum database that was compromised rather than your full mailing list?

PS Last logged on to this forum in February.

Have a word please.

You didn't get the job.. woopy doo. Your post sounds pretty much in anger.

Secondly i highly doubt MSE would sell details. I mean get real. This website has helped thousands if not millions obtain information to correct their life styles etc. Do you really think a highly acclaimed person like Martin would allow this?

Nasa gets hacked. Is that an inside job too?

Companies and servers get hacked all the time. It doesn't mean its an inside job.

Lastly this is an email address only people. How many people use Yahoo and have spam recieved every day? It's hacked nothing more. Email addresses are free so change it. No point grumbling about it

Most of you are going on like you are about to corrupted by fraud over a blinking Email.

dziga_2

I would have thought it would have been sense to put this on the home page rather than just at the top of the forums.

colin79666

For those with Google Mail (GMail) accounts you may be interested in a little known feature.
You can use instead of signing up to stuff with [EMAIL="yourname@gmail.com"]yourname@gmail.com[/EMAIL] you can use yourname+something[EMAIL="unique@gmail.com"]unique@gmail.com[/EMAIL]. Any email sent to that address will go to your normal gmail account but then you can instantly see if your email address has been stolen/sold. You can also use this technique to set up filters