IMPORTANT! Have you received an email to your forum username?

nilrem_2

bignred05 wrote: »

as for most of the comments on this thread,
I find them absolutely, insulting and shameful, to Martin & all the people involved in MSE,

That is just not true, if you care to read through the whole thread most of the comments are either from people posting that they have received the email (and are reporting so as requested) or are supportive or trying to offer advice, IMHO very few posters have been 'hostile' to MSE.

bignred05

nilrem wrote: »

That is just not true, if you care to read through the whole thread most of the comments are either from people posting that they have received the email (and are reporting so as requested) or are supportive or trying to offer advice, IMHO very few posters have been 'hostile' to MSE.

with respect,

I received this email earlier this week, probably before the thread started
like I said in my op, mine went straight to my spam folder, in a funny way I only got it in my Virgin Broadband email account, yet not on other computers with windows live mail etc
anyway, with 99% of my spam I just deleted it straight away, with out opening it etc

it was only after this I noticed the "pink" header warning etc

so again with respect, since this thread started I have followed & read most if not all, I have noticed several updates from Martin at various times

the "majority" of posts have been having a pop at MSE & Martin Lewis for such a scale of data infringement etc even stating about selling there private & personnel details

like I said earlier how many of these people have been helped or gained from valuable advice or assistance on MSE

"Short memories" springs to mind

nilrem_2

bignred05 wrote: »

the "majority" of posts have been having a pop at MSE & Martin Lewis for such a scale of data infringement etc even stating about selling there private & personnel details

Well you are entitled to your opinion of course but I can only assume that you are reading the majority of peoples comments quite differently to me.

I have been reading this thread from the moment it started and have contributed to it from early on and like the majority of posters have done nothing to criticise MSE, indeed like others I have suggested in more than one post that people are tending to be just a little paranoid about what is basically another spam email.

A few posters have been dismissive of MSE's efforts to sort out this problem but I can only repeat that from what I have read in this thread the majority of posters (some of whom have been a little concerned) have not been scathing about MSE.

bignred05

nilrem wrote: »

Well you are entitled to your opinion of course but I can only assume that you are reading the majority of peoples comments quite differently to me.

I have been reading this thread from the moment it started and have contributed to it from early on and like the majority of posters have done nothing to criticise MSE, indeed like others I have suggested in more than one post that people are tending to be just a little paranoid about what is basically another spam email.

A few posters have been dismissive of MSE's efforts to sort out this problem but I can only repeat that from what I have read in this thread the majority of posters (some of whom have been a little concerned) have not been scathing about MSE.

I take on board what you say, and you are correct a number of post have been helpful with constructive and helpful advice unlike some

however a number (and I have edited my o/p post now) posts are way over the top, I have done a quick scan and c & p a few below



This is a disguisting breach, i just recieved an email like everyone else, i have used this site maybe once or twice.


Does anyone know if passwords have been harvested aswell? (first post on MSE ????? BTW)
__________________________________________________________________________________
I received one to. It's obvious you have been hacked just annoying that there will now be an increase of Spam to that email

__________________________________________________________________________________

I'm really quite angry with the breach. I jealously guard my real email address to stop it getting out there on spam lists. I had initially thought that these spammers were somehow managing to send messages to forum users via the 'Private Message' function here, but having closely examined the email header, I can see that it hasn't come through MSE's servers, but directly from the spammers. This can only mean they have somehow managed to break into the MSE servers and harvest everyone's email addresses.

This is a serious breach. Thank God we don't have any credit card details stored on here. I think some kind of explanation is in order from MSE. Why isn't there any mention of the security breach on the MSE front page ??
What about people who don't frequent the forums often ?



Complaint filed with the ICO.



Just wondering how much money Martin Lewis made selling off our email addresses? I don't tend to buy that 'we were hacked b/s'. The coming months -v- what lands in the inbox from these 'lost' email addresses will tell.

I am, of course, hoping Martin Lewis has registered with the ISO for data protection and this breach has been reported?



Looks like our details have been compromised for over a year then, as per the link in the OP. The link also refers to MoneyExpert.

I will be monitoring this closely before determining whether requesting all my account details be deleted as a minimum course of action as I would no longer have any faith in

How many more spam mails has this been responsible for that did not have any obvious link to MSE?



Your sarcasm is noted, but had Lewis adhered to data protection laws and followed best practices I doubt several thousand people would now face years of spam, potential viruses and security issues because of a basic failure to protect data.


Nice one mate - you eat swan, the rest of us eat your spam....

paddyrg

This actually seems to be being handled well and transparently compared with most data breaches (which are not as uncommon as you may think). I've been watching Martin's posts and they show a very practical, pragmatic approach for a non-technical person trying to manage a technical problem.

The passwords have not been breached, I'm pretty confident. VBulletin just doesn't work that way, it doesn't store passwords.

The MSE team are wisely checking if this affects new members, or just older ones so they can determine if the system is currently vulnerable, or just previously so. This is excellent practice.

Systems are insecure, all of them. It's because they are so *complicated* that they have vulnerabilities, and they are complicated because people have a certain level of expectation of functionality. The more flexibility and whiz-bang you have, the greater the exposed surface of the application.

New vulnerabilities are found frequently, and new patches are developed to fix the vulnerable code. The webmaster/techies have to appraise each patch as to whether it is worth installing (as they may have to install other packages on top for the site to function as desired, it can take a while). As the fix is new code, it itself may open up new vulnerabilities and risk areas, but against that you will have some crimiinals eager to attack unpatched websites before the webmasters have a chance to update the code - these are called "zero-day exploits" and are just about impossible to guard against.

So we as internet members want ever increasing easier to use stuff, but in exchange we increase the risk of data breach. More functionality = more code = more risk. I think this site takes a pretty considered view on data security by only requiring the bare minimum possible to be able to provide you with a service. Some sites want your name, DoB, gender, etc., all of which is generally meaningless in the site's context, but great news for cybercriminals who may breach the system. This is a complex site, but most parts require no sign-up to use.

On this site, the links could all be affiliates, but the spirit of the site is to offer non-affiliate links too. It is clearly making a profit as it employs people and sponsors charities, and I applaud that. The only way it can do so is if people trust they are not being misadvised for the site owner's benefit, and that is the whole ethos of the site. Martin seems to be a canny fellow whose integrity has landed him well, he's not a stupid man, so of course he didn't sell the mailing list! That would RUIN his entire business model for the sake of a couple of grand, and even supposing he were that stupid, woukld the only sale he made be to a malware-installing spammer?

So, dear MSE readers, the time for gnashing and frothing has passed, and instead it is worth recognising how well this is being handled. If you want to see examples of this being handled terribly by far bigger organisations, read the technical press (like theregister.co.uk). Computers are complicated, balls-ups happen, it's how you recover that counts. So far I doubt it could have been handled much better in honesty. And I'm sure if anyone demands a full refund of their site fees, Martin will be only too happy to oblige... ;-)

BLT_2

Murphy_The_Cat wrote: »

1or sold the list/s
2.or suffered internal theft
3.or 'lost' a laptop
4.or sent in error

etc etc.

My moneys on option 1 :rotfl:

ani_26

nilrem wrote: »

Well you are entitled to your opinion of course but I can only assume that you are reading the majority of peoples comments quite differently to me.

I have been reading this thread from the moment it started and have contributed to it from early on and like the majority of posters have done nothing to criticise MSE, indeed like others I have suggested in more than one post that people are tending to be just a little paranoid about what is basically another spam email.

A few posters have been dismissive of MSE's efforts to sort out this problem but I can only repeat that from what I have read in this thread the majority of posters (some of whom have been a little concerned) have not been scathing about MSE.

I must admit, i have only become concerned about this issue because of the ' pink headers ' and pm's from the site, requesting you to report if you have received an email.

As i have only been a member of thi site for 2 months, i have done as requested by the site, and reported my email. I would normally delete unwanted emails, ( although i get very few ). I suppose the more sites you use, the more ' spam ' you receive. In this instance i unsubscribed, first, as i thought it was from mse, ( in my ignorance ), and i had'nt subscribed to mse, ( i don't subscribe to anything ).

So, i am only doing as requested by the site, and yes, i am slightly concerned, as my financial circumstances dictate i do not have the spare cash required to visit a computer shop,and have any virus removed, windows reinstalled, etc etc..........


Nohope

fermi

Nohope wrote: »

So, i am only doing as requested by the site, and yes, i am slightly concerned, as my financial circumstances dictate i do not have the spare cash required to visit a computer shop,and have any virus removed, windows reinstalled, etc etc..........

Unless you have clicked on the link in the email, downloaded the zip file, extracted it and deliberately run the trojan program, then you should be fine.

Optimisticpair

I received the trojan mail but only found it this morning. I also received a phone call a couple of days ago from a foreign girl asking me to check my PC. She hung up on me after I said I had anti spyware. Anyone else had this experience?

Hugs to the MSE team

fermi

Optimisticpair wrote: »

I also received a phone call a couple of days ago from a foreign girl asking me to check my PC. She hung up on me after I said I had anti spyware. Anyone else had this experience?

Thousands upon thousands of people.

See: http://www.bbc.co.uk/news/uk-11754487