email address security - Alfa Romeo Forum
You are currently unregistered, register for more features.    
The AO Bug Lounge
Find an image missing? A page you cannot access? Post it here.

 
Thread Tools
(Post Link) post #1 of 9 Old 09-07-15 Thread Starter
Status: -
Newbie
 
Join Date: Sep 2005
Posts: 5

Member car:

GTV 2.0

email address security

Has anyone else had spam to the email address that they use for alfaowner.com? Because I have control of the mail server, I use a discrete address with a site-specific prefix for each different use.

My alfa owner email contains "alfaowner" and is never used anywhere else...
...and now I've started getting spam on that address.

I've emailed [email protected] twice, two weeks ago and last week asking for comments but heard nothing, which I find a little disappointing.

Anyone had any similar experiences?

Peter
PeterMcC is offline  
Sponsored Links
Advertisement
 
Status: Spider's asleepforwinter
testing
 
Admin_Support's Avatar
 
Join Date: Jul 2011
Location: united kingdom
County: Canada
Posts: 2,173
Garage

Member car:

Spider/GTA/

This is always the better means to contact us, either post a thread or send a pm, that email goes to a different queue handled by a different team. Is your mail server privately owned by you or is it one of those custom mail provider setups that comes with a BYO website etc? We so far haven't had any record of our security being breached and we don't volunteer personal email addresses or anything like that, being both illegal and just a terrible thing to do. So I'll investigate how this happened.

Thank you
Admin_Support is offline  
Status: -
Newbie
 
Join Date: Nov 2012
County: -
Posts: 4

Member car:

Alfa

I am also getting SPAM to the email address I used for signing up.

This is a unique email address of the form [email protected]_domain.co.uk as has never been given to ANY third party.

The last email to this address had a subject of "We NEED BETA TESTERS! (4 SPOTS LEFT)".

This SPAM email was also sent to another known compromised email address I haven't yet blocked.

I'm sure that for your gmail and outlook addresses these will be filtered out as spam before they're seen by the user.

I could also use spam filtering on this address, but I don't see why I have to.

The forum owners do have a responsibility under the Data Protection Act to safeguard personal data including email addresses. Clearly they have been given out, or the mail list hacked.

Either way forum users should be informed of the leak.
Mikexx is offline  
Status: Spider's asleepforwinter
testing
 
Admin_Support's Avatar
 
Join Date: Jul 2011
Location: united kingdom
County: Canada
Posts: 2,173
Garage

Member car:

Spider/GTA/

Quote:
Originally Posted by PeterMcC View Post
Has anyone else had spam to the email address that they use for alfaowner.com? Because I have control of the mail server, I use a discrete address with a site-specific prefix for each different use.

My alfa owner email contains "alfaowner" and is never used anywhere else...
...and now I've started getting spam on that address.

I've emailed [email protected] twice, two weeks ago and last week asking for comments but heard nothing, which I find a little disappointing.

Anyone had any similar experiences?

Peter
Hey there,

I apologize for the long wait to get a response.
Can you provide me with the email address of the spammer?
As well as the Title of the email?

I'm hoping I can have this email banned from our site.

Richard.
Admin_Support is offline  
Status: -
Newbie
 
Join Date: Nov 2012
County: -
Posts: 4

Member car:

Alfa

Hi Richard,

Email addresses are bought and sold. It's impossible to identify how any leak came about. Ideally email addresses and passwords should be encrypted. I have no idea whether this site stores them plain or encrypted. When you type in login information it ought to be hashed and compared to the hashed personal login data. There should be no need to hold any non hashed personal login data.

Once the email address is out of the bag, there's no putting back.

Mike
Mikexx is offline  
Status: Spider's asleepforwinter
testing
 
Admin_Support's Avatar
 
Join Date: Jul 2011
Location: united kingdom
County: Canada
Posts: 2,173
Garage

Member car:

Spider/GTA/

Quote:
Originally Posted by Mikexx View Post
Hi Richard,

Email addresses are bought and sold. It's impossible to identify how any leak came about. Ideally email addresses and passwords should be encrypted. I have no idea whether this site stores them plain or encrypted. When you type in login information it ought to be hashed and compared to the hashed personal login data. There should be no need to hold any non hashed personal login data.

Once the email address is out of the bag, there's no putting back.

Mike
Hey there,


The system was not cracked, your account is set to accept emails from other users, so I've gone a head and turned that off for you. It's likely that a spammer on the site tried and succeed in emailing you via that method. This has been removed as it wasn't already.

I looked up a couple of links about phishing and I think this is probably the best explanation:
https://www.microsoft.com/en-us/secu...shing-faq.aspx

Also, our email address is not the one you listed above. the best way to reach us would be to send us a PM, since you'll likely receive a faster response than anything else.

Lee

Please post feedback, bugs, and questions about the upgrade here:

https://www.alfaowner.com/Forum/the-a...l#post12507945
Admin_Support is offline  
Status: -
Newbie
 
Join Date: Nov 2012
County: -
Posts: 4

Member car:

Alfa

Quote:
Originally Posted by Admin_Support View Post
Hey there,


The system was not cracked, your account is set to accept emails from other users, so I've gone a head and turned that off for you. It's likely that a spammer on the site tried and succeed in emailing you via that method. This has been removed as it wasn't already.

I looked up a couple of links about phishing and I think this is probably the best explanation:
https://www.microsoft.com/en-us/secu...shing-faq.aspx

Also, our email address is not the one you listed above. the best way to reach us would be to send us a PM, since you'll likely receive a faster response than anything else.

Lee
Hi Lee,

I'm a little confused.

I had assumed this facility to receive emails from other members wouldn't actually give out my email address to other members, such that I would be in effect be behind an email firewall.

Can you confirm if this is true? If so it would mean that no member could obtain this email address.

Regards

Mike
Mikexx is offline  
Status: Spider's asleepforwinter
testing
 
Admin_Support's Avatar
 
Join Date: Jul 2011
Location: united kingdom
County: Canada
Posts: 2,173
Garage

Member car:

Spider/GTA/

Quote:
Originally Posted by Mikexx View Post
Hi Lee,

I'm a little confused.

I had assumed this facility to receive emails from other members wouldn't actually give out my email address to other members, such that I would be in effect be behind an email firewall.

Can you confirm if this is true? If so it would mean that no member could obtain this email address.

Regards

Mike
As the site does not house an internal email system the way it would have worked in this case is if someone was trying to email you through the site it would open in their respective email client prefilled with specific data, ie if they hit "email this thread to a member" it would auto fill the subject bar and preset an opening sentence for the email. They had the capacity to extract your email from there. Hence this feature being disabled.

Kyle
Admin_Support is offline  
Status: -
Newbie
 
Join Date: Nov 2012
County: -
Posts: 4

Member car:

Alfa

Quote:
Originally Posted by Admin_Support View Post
As the site does not house an internal email system the way it would have worked in this case is if someone was trying to email you through the site it would open in their respective email client prefilled with specific data, ie if they hit "email this thread to a member" it would auto fill the subject bar and preset an opening sentence for the email. They had the capacity to extract your email from there. Hence this feature being disabled.

Kyle
Thanks for letting me know, and for disabling this feature.

Mike
Mikexx is offline  
Reply

Go Back   Alfa Romeo Forum > The Official AO Problem Discussion Forum > Submit Your Questions / Bugs > The AO Bug Lounge

Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

 
For the best viewing experience please update your browser to Google Chrome