IMPORTANT! Have you received an email to your forum username?

stepmadlin

I've had an email from MSE saying I have a message and to click on the link. Was this sent out to everyone to warn them of the virus? I haven't opted to receive emails to notify me of any messages.

Pound

joe134 wrote: »

I have been on this site for 4-5 years, and this is the first I have heard of ANY breach, never mind the First. Perhaps ignorance is bliss

There was a thread started about a year ago about people that received spam to their forums email address. Martin and other people from MSE posted in it with a promise to look into it, which AFAIK they did.

I imagine it's been more publicised this time because the email contained malicious software meaning a warning was essential to protect users, where as last year it was just a link to a real estate website.

Fruit_and_Nut_Case

stepmadlin wrote: »

I've had an email from MSE saying I have a message and to click on the link. Was this sent out to everyone to warn them of the virus? I haven't opted to receive emails to notify me of any messages.

This sounds like the nasty one. Does it refer to MONEYEXPERT rather than MONEYSAVINGEXPERT? Unless the @*%$!'s have changed the wording.

Gamegal

stepmadlin wrote: »

I've had an email from MSE saying I have a message and to click on the link. Was this sent out to everyone to warn them of the virus? I haven't opted to receive emails to notify me of any messages.

This is the email from Martin, copied from the one I received, OK?

New Private Message at MoneySavingExpert.com Forums
Dear Gamegal,

You have received a new private message at MoneySavingExpert.com Forums from MSE Webmaster, entitled "Important! Have you received an email to your forum name?".

To read the original version, respond to, or delete this message, you must log in here:
[URL="wlmailhtml:{14844D2E-0974-40C1-982C-AEEAFA58FECC}mid://00000148/!x-usc:http://forums.moneysavingexpert.com/private.php"]http://forums.moneysavingexpert.com/private.php[/URL]

This is the message that was sent:
***************
Hi,

This is a belt n braces PM just in case you haven’t seen the forum-wide announcement. Some MSE forum users have been receiving a spam email from malicious hackers, purporting to be from 'Money Expert' and addressed to their MSE forum usernames. (read full MSE News story: Forum members warned ([URL="wlmailhtml:{14844D2E-0974-40C1-982C-AEEAFA58FECC}mid://00000148/!x-usc:http://www.moneysavingexpert.com/news/family/2010/11/forum-members-warned-of-spam-emails"]http://www.moneysavingexpert.com/news/family/2010/11/forum-members-warned-of-spam-emails[/URL]))

In most cases its goes straight to people’s spam/junk file, but if not please don’t open the email – it is not from us (nor is it from the money expert website). It contains a link leading to a type of virus called a 'Trojan' so please *DO NOT CLICK THAT LINK!* (It’s also an important reminder to read about Free Anti-Virus software ([URL="wlmailhtml:{14844D2E-0974-40C1-982C-AEEAFA58FECC}mid://00000148/!x-usc:http://www.moneysavingexpert.com/shopping/free-anti-virus-software"]http://www.moneysavingexpert.com/shopping/free-anti-virus-software[/URL]) and backup all your files regularly).

We want to outline the risks for you and what steps you should take though...
* *We don't hold any personal data on individuals* - barring email addresses. That is and always has been a deliberate policy both because we don't need/want more data than this, plus in the event something like this happens (and attempts are made every minute!) so at worst if you’re one of those affected these people only have your email and possibly forum user name
* *If you use the same password as with your bank - consider changing it urgently*. We have absolutely NO evidence that forum users passwords have been accessed, it would be a particularly difficult thing to break the encryption. However if you use the same password here as for a bank website or any other that holds sensitive personal data, and use the same email as your forum email – we suggest you change those passwords as a precaution.

As a general rule it is always bad practice in any forum or social networking site to use a password that you use for secure data.

We apologise wholeheartedly for the hassle caused - we've been through some major security exercises over the last year including bringing in outside consultants to check for any flaws, to try and avoid instances like this. Yet this unfortunately reflects the murkier side of the internet that it is a constant battle to keep out.

We are still investigating, and will continue to update this thread with any new information we find:
[URL="wlmailhtml:{14844D2E-0974-40C1-982C-AEEAFA58FECC}mid://00000148/!x-usc:https://forums.moneysavingexpert.com/discussion/2866884https://forums.moneysavingexpert.com/discussion/2866884[/URL]

*Please help us work out what's going on...*

We have a suspicion that only forumites who joined before Dec 2009 will be receiving these emails, as we are yet to receive verified proof of a breach in 2010 – there was one in 2009 read about that here ([URL="wlmailhtml:{14844D2E-0974-40C1-982C-AEEAFA58FECC}mid://00000148/!x-usc:http://www.moneysavingexpert.com/news/banking/2009/11/all-web-users-urged-to-run-anti-virus-check"]http://www.moneysavingexpert.com/news/banking/2009/11/all-web-users-urged-to-run-anti-virus-check[/URL]).

However, if you are a more recent member and have received one of these emails, it would be a massive help if you can forward it to [URL="wlmailhtml:{14844D2E-0974-40C1-982C-AEEAFA58FECC}mid://00000148/!x-usc:mailto:webmaster@moneysavingexpert.com"]webmaster@moneysavingexpert.com[/URL] and include your username.

Thanks

The MSE Team
***************

Again, please do not reply to this email. You must go to the following page to reply to this private message:
[URL="wlmailhtml:{14844D2E-0974-40C1-982C-AEEAFA58FECC}mid://00000148/!x-usc:http://forums.moneysavingexpert.com/private.php"]http://forums.moneysavingexpert.com/private.php[/URL]

All the best,
MoneySavingExpert.com Forums

Edinburghlass_2

I think they are referring to the email alerting them to the pm that MSE Webmaster sent to all registered users to alert them to the spam email and this thread.

cross-posted with the above user.

joe134

stepmadlin wrote: »

I've had an email from MSE saying I have a message and to click on the link. Was this sent out to everyone to warn them of the virus? I haven't opted to receive emails to notify me of any messages.

Hi, It sounds like the Webmasters warning E-mail, BUT, personally.I would DELETE it anyway, just to be safe.There,s nothing of great importance in the webmasters e-mail, that,s not on here.I have just had MSE weekly e-mail.OK

Grumpelstiltskin

Does MSE intend telling us what is happening about these E Mails?

They have gone very quiet and the header on the forum asking if we have received them has disappeared.

Please MSE do you know what happened? Are you still investigating?

Don't keep us in the dark.

Former_MSE_Dan

Hi grumpelstiltskin

Yep we actually had a catch-up meeting about this on Friday, and I am putting together a briefing to go in this thread.

Dan

Former_MSE_Dan

Hi folks,

We just wanted to update everyone about what has been going on for the past couple of weeks since this thread was originally posted. The technical team here has been working incredibly hard both investigating and making changes. Thank you to all the users above who’ve been helping and guiding others.

Was there a new breach?

- We had reported previously we were aware of a breach in November 2009 and had since worked very hard on further tightening the security since that point (including external consultants to assess and analyse risk and improve procedures). One key question was whether the email sent was part of that breach or a new one.


- So far, we still have no confirmed reports of any forumites that joined in 2010 getting the spam email. A number of people who said in the thread that they had received one found they were mistaken (either about join date or had not received the email discussed) when we looked into it


- The poll results suggested 9% of the recipients of the email joined in 2010. However none of these have been in contact with us so that we can verify it. This is just about within the margin of error one may expect when taking into account wrong clicks, people being mistaken and possible malicious votes.


- We have received copious amounts of emails from people who joined after Nov 2009 saying they didn’t get the email – far outweighing those who say they did. Also many members who'd changed their login email address since November 2009 report the spam/Trojan email went to their old email address not the changed ones.
- Coupled with our technical team’s review of the forum’s code, and possible security risks, all of this evidence points to no new breach since the one we are aware of in November 2009. However, we are still more than willing to look at any evidence to the contrary and would ask you please email it to [EMAIL="webmaster@moneysavingexpert.com"]webmaster@moneysavingexpert.com[/EMAIL].

What action has been taken?

- Even though it seems there has been no new breach – we have conducted a thorough review and security analysis AS IF there had been, both as a preventative measure and to try to predict any potential weaknesses or breaches for the future.


- The technical team have undertaken a thorough review of the forum’s underlying code, to find points which we could try and make even more secure. Obviously we won’t be detailing exact measures taken as this could be useful information for any malicious hackers roaming the web.


- The technical team have also taken steps to make it harder for large scale harvesting of email addresses, in the event that we were hacked in future.
- While we don’t believe any access to the password file has happened (and it would be very difficult to do), as a precaution for the future we have added an extra warning when users choose a password, advising never to choose something you use for other websites that store sensitive personal information about you.


- While we have no indication of any breach of Private Messages during our investigation, we noted that some people used PMs as if they were a secure form of communication. To prevent this extra warnings have been added whenever users compose a Private Message (PM), reminding them not to send sensitive personal details via PM.

What has been done about the senders of the trojan?

- We contacted the police computer crime unit about this and filed a statement.


- The spam emails sent out contained links, which we advised users not to click. After reporting this to the authorities to investigate we have been informed that there were links to three different locations.

– Only 1 of these contained any malicious files. The only way you can have been infected is if you opened the email, clicked on the link, downloaded the zip file and installed the fake program.


- The police inform us that the majority of the big anti-virus software providers have now updated their products to enable them to tackle this new Trojan.


- The authorities in the countries where the spam emails originated are also conducting investigations.

Please let the webmaster know any useful information about this via email.

MSE Dan

Errata

Thank you for the detailed update. Well done to Dan and the Tekkies. We don't live in a perfect world, never have and never will.
Have one on me :beer: