Jump to content
Why become a member? ×
  • advertisement_alt
  • advertisement_alt
  • advertisement_alt

BassChat email address database compromised?


pelago
 Share

Recommended Posts

Hi,

Last night I received a piece of junk email at an email address that I've only ever used for basschat. (I create a new email address for each new website I register on, so that if an address gets compromised, I know who to blame and so that I can delete/change that individual address without affecting any others). The subject line was "Newtown, Connecticut is the second Dunblane Primary-School Massacre." As this email address has only ever been typed into one place, the basschat registration form, that must mean that your user database has been compromised, assuming that you aren't selling or giving away our email addresses knowingly.

I don't use the site much but I see some messages about a hack, although I haven't read that the user database had been compromised. It would be nice to have a definitive thread explaining exactly what had happened.

Anyway, I thought you might like to know.

Link to comment
Share on other sites

I've had that too although it was in my junk folder.

Protecting contact information is our highest priority. Our host was very careful to examine whether security of information had been compromised after the last hacking and it didn't appear there had been any attempts to access the database. I'm wondering if its possible your email may have been publicised somewhere. Bots trawl the net and record email addresses automatically in order to generate spam lists that can be sold.

Link to comment
Share on other sites

It's also worth noting that if an end user workstation is infected with malware, useful information such as email addresses used for logging on to websites ( and worse paswords) can be harvested by the malicious to spread spam or of course, identity theft.

Link to comment
Share on other sites

I'm delighted this was posted; I've been waiting weeks for an e-ticket and discovered it was there all along in my Spam folder that I never check. I'm afraid I did receive the "[color=#282828][font=helvetica, arial, sans-serif]Newtown, Connecticut is the second Dunblane Primary-School Massacre" email but in a bid to tackle identity fraud I always give out Cliff Richard's details so no worries from me. [/font][/color]

Link to comment
Share on other sites

Instead of having a new email address for every site you sign up to, you can use the name of the site as your sign-in name. So say you're registering at a site called fluffybunnies.com, you'd register with your real name as fluffybunnies. Then if you got spam generated from the email address you used for that site, it'd come addressed to fluffybunnies and you'd know where it came from. Though that probably wouldn't work on a site where you have to use your username as your register info.

An old email address of mine was hacked once because I allowed my browser to remember its password so that I didn't have to type it in every time. It spammed everyone in my list with stuff about iPods, something I have never owned. It even sent one to my Dad who thought I was trying to get back in touch after a couple of years of not talking to him, that was annoying.

Not had the Newtown spam myself.

Link to comment
Share on other sites

Thanks for the replies. I've never typed the email address I use for this forum into anywhere else. The only places it would appear would be in this forum's database, and briefly in my email inbox when I got the confirmation email from you. That email was deleted quickly. I doubt my workstation was hacked (I run Linux and I work in IT so hopefully know what I'm doing). If it wasn't your registration database itself that was compromised, you might want to look into seeing for any log files containing email addresses, or whether your email outgoing path is secure - e.g., can you trust your ISP not to be harvesting email addresses when you send out confirmation emails.

Edit: I've just realised that the other place the email address exists is at my email hosting company of course. I'm pretty sure they haven't been hacked (they are a small company and very open about things), and anyway, I have hundreds of email addresses registered with them but only received spam sent to my basschat-specific email address.

Anyone else who [i]has[/i] received the spam, it would be useful to know if the email address it was sent to was unique for basschat. If you only have one email address that you use for lots of things, then there's no reason to blame basschat.

Anyway, I'm not trying to make any trouble, just passing on the info. The very reason I setup unique addresses like this is to try and help notify people of possible problems.

Edited by pelago
Link to comment
Share on other sites

I got that mail, dropped in my hotmail Junk folder. My address isn't at all unique to BC, so it could have come any way round.
I think alot of these spammers don't even bother harvesting real email addys these days, but make up millions of permutations of names and mail servers. I've sometimes received such stuff as one of dozens of Cc addresses which are vaguely similar to mine; never bothered checking to see if any of the others even exist!

Link to comment
Share on other sites

I had the same email about Dunblane etc, that to was for the email address specific to this site, my normal email doesn't have my name followed by bass@yahoo etc.

I set up that email address just to register on here.

I had a ton of spam when I used my real email address earlier in the year, when I registered on a site trying to find a flat share in London. I was getting 40 or 50 spam emails a day. A friend told me to set up different email addresses for things like that, then I'd be able to see where they were coming from.

Link to comment
Share on other sites

I've had it too (picked up and put in spam folder by my ISP). Email address is not unique to BC so it could have been picked up anywhere, but given some of the comments above, I suppose it is possible that BC was the source for my email address.

Edited by jonsmith
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...