| MMA-Torrents.com Forum https://foru.mma-torrents.com/ |
|
| Site has been breached (Solved) https://foru.mma-torrents.com/viewtopic.php?f=2&t=7331 |
Page 1 of 1 |
| Author: | germie [ Wed May 10, 2017 2:29 pm ] |
| Post subject: | Site has been breached (Solved) |
Hey guys, I use a specific email address for this site that has never been used elsewhere, and I recently got a malicious spam email to that email address. The only explanation for that is that your site has been compromised and they have access to the user database. Just wanted to alert you to the problem and, if users passwords weren't properly encrypted...you need to email everyone to let them know to change their passwords. |
|
| Author: | Dent [ Wed May 10, 2017 5:51 pm ] |
| Post subject: | Re: |
Hello, I understand your concern, but to be honest, it doesn't have to mean that our site has been breached. If this happens to only one person in soon 9 years I don't see it as evidence that someone has breached our database. There are multiple other factors that could make you receive a spam email without using the email on any site. You might not be aware of this but there are spammers sending spam emails to any possible email combination out there, and if your email is a gmail or hotmail or any other generic email service you are likely to receive spam, specially if the prefix is an existing word, no matter what you do. For example flower@hotmail.xom or crazyguy@gmail.xom etc will easily receive spam emails without signing up anywhere. Once the spammers have hacked a server that they can send spam from they easily send out hundreds of thousands of spam emails in a day, and most of them go to nobody... I know this partly because I work with internet security and other related issues on a daily basis and have both experience and interest to study these things, and I have personally experienced creating an unique email that I never sent an email from nor signed up anywhere with that I after a certain time started receiving spam to. It is also possible that your own computer has been compromised of course, there are plenty of trojan-like malware out there that snatch your email addresses from your own hdd and send them to hackers/spammers. Hopefully this is not the case! That said, I will of course look into this and create a few honeypot emails etc to see if I see any odd behaviour. And make a revision of the security to make sure there are no holes. I have contacted you in a private message for more details. If anyone else has experienced anything similar please let us know!!! |
|
| Author: | Dent [ Wed May 10, 2017 7:46 pm ] |
| Post subject: | Re: |
For the matter of clarification: I see that the spam email was sent to ***********@******.net That email does not exist anywhere in our databases. You are registered here on the forum as well as on the tracker with the email *******.********@gmail.com I have double and triple checked and the email ***********@******.net is not anywhere in our databases. This means that the spammer could not have gotten the email from our database. So I deduct that there has not been a breach. 
|
|
| Page 1 of 1 | All times are UTC |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|