Received spam on my MP3Tag email address


#1

I received several spam emails both yesterday and today from a Viagra sales spammer on the email address I provided ONLY to mp3tag. The email address is tagged with info that identifies it as having been provided to MP3Tag only, so it cannot have come from any other source.

So either info here has been sold or given to another source, OR someone has hacked the MP3Tag user database.

What's going on here?

  • Tim

#2

Hi Tim,

the email addresses were not sold and the user database wasn't hacked (at least to my knowledge). I had a look at the board logs and can't find anything noticeable there.

Btw, I get almost 500 spam mails per day.

Best regards,
Florian


#3

Florian - thanks for checking. However, the email I got the spam on is a VERY particular string, ONLY provided to you folks for registration on this board, I believe. It is almost impossible that it was guessed in a dictionary spam attack, for example. It HAS to have come from the user database.

So, someone's stolen data from your database. There isn't any other way this email address could have been gotten, I'm sorry to say. :frowning:

  • Tim

#4

E-Mails can be guessed by using generators.


#5

Quite true - however, in my long experience dealing with spam, I suspect that this one came from this database, given it's specificity. There's always the chance of a dictionary attack (using generators,/ as you say), but all such attacks have usually been pretty random-looking email addresses, not specific, unlikely ones like the one I used here.

Anyway, I'd suggest people keep aware of a possible misuse/stealing of user data, that's all.

  • Tim

#6

I had a look at all IPB related logs (I'm always using the latest version with all security fixes btw) and analyzed all ftp and http logs for suspicious entries but I found nothing remarkable.

Best regards,
Florian


#7

Oh well, I don't know what to say, 'cept I'm getting spam on that email address. :frowning:

But thanks for checking.

  • Tim

#8

I also have my GMail address registered on several Invision Power Boards (including Mp3tag, Hydrogenaudio and IPS official forums) and never received spam. Of course, I also checked the Spam folder in GMail.


#9

Try creating an email address with a "very particular" string - and share it with no-one.
You will still eventually get spam in that mailbox.
This is one of the things brightmail (and probably google) do to spot spam "runs" - and block specifically that spam message.
Gmail's pretty good, if you don't have privacy issues, otherwise brightmail's even better - but AFAIK they only sell in blocks of ten and you have to be running your own mail server - and your email, once delivered, stays on your own server (important for places like medical and law offices).
Bob


#10

Just a thought on this topic: e-mail communication are not encrypted, and perhaps spammers are hacking internet relay/routers to catch e-mail addresses going thru them. Sad but could be very true :expressionless: