📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

IMPORTANT! Have you received an email to your forum username?

1424345474895

Comments

  • 4$£&*(£$&*(!
    4$£&*(£$&*(! Posts: 999 Forumite
    Thanks for the update Martin. I am concerned about my email address now being in 'the wild' so to speak, touch wood since holding my current address a couple of years now I have never received one item of spam (and this is unfiltered email). I am just holding my breath that this breach will not result in my first ever spam.

    Saying that, I don't want you to think my concerns are to be considered as putting undue pressure on you. I think some people have jumped off at the deep end here, and it has been said some of the comments about selling databases to be deeply offensive. To everyone, I would suggest lots of people do things in the name of Martin Lewis, like door canvassers saying 'it's one of Martin's hot tips' just to close a deal. We all know the end results are not Martin's instigation.

    I am keen to know how this pans out, but equally I think tonight may well be one of the nights Martin you don't get as much sleep as normal. I hope it is a small amount of consolation that I am certain nothing here has been done intentionally or maliciously. I would like some answers when you can provide them, as everyone would (probably including yourself), but I realise you could potentially pull the plug on everything you do overnight. I realise you are not a public right, and I have saved a fortune along with changing other peoples' lives from some of the advice on this forum. I am not about to make some of the ridiculous comments such as considering compensation as one person has suggested.

    If we calm down a bit, things will get resolved but Martin I can tell you are angry, don't let this get to you I am sure you will have it fixed in a couple of days, if people are sensible about this we should let Martin get some sleep tonight.
  • 4$£&*(£$&*(!
    4$£&*(£$&*(! Posts: 999 Forumite
    booter wrote: »
    Just checked my spam box - there's loads in there from this MoneyExpert.com going back to 16th October. They are all dated one day after receiving spam from BeatThatQuote.com - coincidence? Luckily all went straight to spam. Really must do more housekeeping!

    Interesting, I used BeatThatQuote to take out car insurance last year. I clicked the referral link from this site to BTQ. I have not received any spam from them, but does anyone else have any links with BTQ who also got this email?
  • Ugi
    Ugi Posts: 3,760 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    MSE_Martin wrote: »

    We have yet to verfiy anyone who joined in 2010 and got the email, so if you have we’d kindly request that you urgently email [EMAIL="webmaster@moneysavingexpert.com"]webmaster@moneysavingexpert.com[/EMAIL] both your username so we can check the logs and a copy of the email received so we can investigate it.

    Might be worth a PM (or e-mail if you can do such things) to this guy from post 75 of this thread:

    http://forums.moneysavingexpert.com/showpost.php?p=38550748&postcount=75
  • niccatw
    niccatw Posts: 3,096 Forumite
    Part of the Furniture Combo Breaker
    I also received the email. It went to my spam folder and it seemed pretty obvious to me (without opening it) that it wasn't a genuine email from MSE, so Ileft it well alone.

    As I would/have done when receiveing phony ebay, facebook and bank spam/phishing emails.

    It seems to be the way of the web and we need to take a bit of individual responsibility.
    Jan10: 28,315.81 Jan11: 18,015.32 Jan12: 7,682.58 Jan13: 2,987.73 Current debt: 1,225.55
    HFC [STRIKE]1896.10. [/STRIKE] 225.55 SLC2 [STRIKE]5123.34[/STRIKE] 0 Others [STRIKE]2085[/STRIKE] 1000 Bcard [STRIKE]1172.60[/STRIKE] 0

    Mike's Mob
  • Jesthar
    Jesthar Posts: 1,450 Forumite
    mynewaccount wrote: »
    Fair enough, but even so as I'm sure you'll know, if you've got a dump of a database with 'double hashed' passwords, it doesn't take too long to apply the same hashing to a file of dictionary words. Then go through your stolen database, and see which hashes match. Boom, now you have the passwords of the 90% of users who had passwords straight out of the dictionary (or perhaps those on the super-common list, e.g. 'fred', 'god', 'password1', 'letmein', etc).

    In vBulletin's case you'd obviously need to know the salt that the passwords were hashed with, but if someone has been able to access the complete user database, it's not at all improbable that they could have obtained the salt password too.
    Unfortunately there isn't a Cluebat big enough to 'educate' all computer users into using strong passwords, let alone a different one for every site/application! ;)

    However, given a database dump of the userbase for a site like this, why bother with the effort of going after the passwords? You're not really going to get any useful information from this site, as most things barring PMs and e-mail addresses are public, and it'd be a HUGE job to trawl all the accounts. Far easier to just grab the screen names and e-mail addresses and go 'phishing' in a semi plausible fashion.
    mynewaccount wrote: »
    I suspect this was an attempted impersonation gone wrong - perhaps not realising that Money Expert and Money Saving Expert were not the same site, the fraudsters were just impersonating the wrong organisation in their attempt to get people to download the banking trojan. Ultimately, forget about trust, follow the money.

    This looks like a pretty sophisticated attack.
    Correct on both counts - if it was an external breach, anyway. Not going to make any judgements or lose any sleep over it, though, just wait for the experts to work out what happened. :)
    Never underestimate the power of the techno-geek... ;)
  • meher
    meher Posts: 15,910 Forumite
    10,000 Posts Combo Breaker
    There are two kinds of registration; one for weekly emails and one for posting - will I be stupid if I were to ask which one has been compromised. Not that I can help :D i just like to know :o
  • 4$£&*(£$&*(!
    4$£&*(£$&*(! Posts: 999 Forumite
    meher wrote: »
    There are two kinds of registration; one for weekly emails and one for posting - will I be stupid if I were to ask which one has been compromised. Not that I can help :D i just like to know :o

    It's the posting one, the tips one doesn't contain your username, everyone who got the spam email starts with your username at the top of the email.
  • meher
    meher Posts: 15,910 Forumite
    10,000 Posts Combo Breaker
    Thanks CitySlicker, I'm confused if it's the case. How could people create usernames today and login to post saying that they received one?
  • hazelwoods
    hazelwoods Posts: 276 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    I received an email this morning
  • I_luv_cats
    I_luv_cats Posts: 14,455 Forumite
    Part of the Furniture 10,000 Posts Photogenic Name Dropper
    I got an email for a previous user name. I think it did show as spam.

    It had my user name then real name underneath it.

    I didn't click the link as I wasn't interested/understood/bit suspicious in what it was saying.

    MSE has let their members down and is this a breach of data protection laws??

    My current user is assigned to a another email which I don't use.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.3K Banking & Borrowing
  • 253.2K Reduce Debt & Boost Income
  • 453.7K Spending & Discounts
  • 244.2K Work, Benefits & Business
  • 599.4K Mortgages, Homes & Bills
  • 177.1K Life & Family
  • 257.7K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.2K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture