BassChat email address database compromised?

[pelago]

Hi,

Last night I received a piece of junk email at an email address that I've only ever used for basschat. (I create a new email address for each new website I register on, so that if an address gets compromised, I know who to blame and so that I can delete/change that individual address without affecting any others). The subject line was "Newtown, Connecticut is the second Dunblane Primary-School Massacre." As this email address has only ever been typed into one place, the basschat registration form, that must mean that your user database has been compromised, assuming that you aren't selling or giving away our email addresses knowingly.

I don't use the site much but I see some messages about a hack, although I haven't read that the user database had been compromised. It would be nice to have a definitive thread explaining exactly what had happened.

Anyway, I thought you might like to know.

[Kiwi]

I've had that too although it was in my junk folder.

Protecting contact information is our highest priority. Our host was very careful to examine whether security of information had been compromised after the last hacking and it didn't appear there had been any attempts to access the database. I'm wondering if its possible your email may have been publicised somewhere. Bots trawl the net and record email addresses automatically in order to generate spam lists that can be sold.

[wateroftyne]

FWIW, I've had nothing spam-flavoured sent to my Basschat-specific email address.

[Dood]

It's also worth noting that if an end user workstation is infected with malware, useful information such as email addresses used for logging on to websites ( and worse paswords) can be harvested by the malicious to spread spam or of course, identity theft.

[Cat Burrito]

I'm delighted this was posted; I've been waiting weeks for an e-ticket and discovered it was there all along in my Spam folder that I never check. I'm afraid I did receive the "[color=#282828][font=helvetica, arial, sans-serif]Newtown, Connecticut is the second Dunblane Primary-School Massacre" email but in a bid to tackle identity fraud I always give out Cliff Richard's details so no worries from me. [/font][/color]

[louisthebass]

I've had the Newtown email as well - that ended up in my personal email junk box.

Edited December 18, 2012 by louisthebass

[Dad3353]

No 'Spam' received here, Newtown nor any other. I see all mail received in real time, and my 'Spam' box is empty. I hope it stays that way...
Hope this helps...

[Silvia Bluejay]

Some ISPs have spam filters that get rid of messages [b]before[/b] they end in our inboxes. That may explain why some of you have found messages in your own spam folders while others never received anything at all.

[Oopsdabassist]

Yup I got it too, went straight into spam..at least it works

[BassPimp66]

Nothing to report here. The usual viagra bulls***

[Shambo]

I've just received the Newtown spam but, tbh since Monster.com got hacked a few years ago, I've faced a never ending stream of it.

[KingBollock]

Instead of having a new email address for every site you sign up to, you can use the name of the site as your sign-in name. So say you're registering at a site called fluffybunnies.com, you'd register with your real name as fluffybunnies. Then if you got spam generated from the email address you used for that site, it'd come addressed to fluffybunnies and you'd know where it came from. Though that probably wouldn't work on a site where you have to use your username as your register info.

An old email address of mine was hacked once because I allowed my browser to remember its password so that I didn't have to type it in every time. It spammed everyone in my list with stuff about iPods, something I have never owned. It even sent one to my Dad who thought I was trying to get back in touch after a couple of years of not talking to him, that was annoying.

Not had the Newtown spam myself.

[pelago]

Thanks for the replies. I've never typed the email address I use for this forum into anywhere else. The only places it would appear would be in this forum's database, and briefly in my email inbox when I got the confirmation email from you. That email was deleted quickly. I doubt my workstation was hacked (I run Linux and I work in IT so hopefully know what I'm doing). If it wasn't your registration database itself that was compromised, you might want to look into seeing for any log files containing email addresses, or whether your email outgoing path is secure - e.g., can you trust your ISP not to be harvesting email addresses when you send out confirmation emails.

Edit: I've just realised that the other place the email address exists is at my email hosting company of course. I'm pretty sure they haven't been hacked (they are a small company and very open about things), and anyway, I have hundreds of email addresses registered with them but only received spam sent to my basschat-specific email address.

Anyone else who [i]has[/i] received the spam, it would be useful to know if the email address it was sent to was unique for basschat. If you only have one email address that you use for lots of things, then there's no reason to blame basschat.

Anyway, I'm not trying to make any trouble, just passing on the info. The very reason I setup unique addresses like this is to try and help notify people of possible problems.

Edited December 19, 2012 by pelago

[charic]

You don't need to hack to find your email address.

Any member of this site can see it. If a member was created as a bot then it could have fairly easily went through peoples pages gathering email addresses as it goes.

[pelago]

Oh, is that true? I didn't think that was normal for forums. Are you sure it's not just because you're a moderator that you can see my email address? Can anyone else (non-moderator) confirm that they can see my email address?

[johnDeereJack]

I just had a look at your profile and can't see an email address anywhere. Also checked my spam emails and no sign of the message you mention.
Hope this is somewhat helpful

[charic]

Ah fair enough, I forget I'm a mod sometimes

[LiamPodmore]

Nope, same as BassPimp66 for me, just lots of viagra, holidays to Ireland and casinos for me, oh and emails from Epiphone for some reason.

Liam

[hubrad]

I got that mail, dropped in my hotmail Junk folder. My address isn't at all unique to BC, so it could have come any way round.
I think alot of these spammers don't even bother harvesting real email addys these days, but make up millions of permutations of names and mail servers. I've sometimes received such stuff as one of dozens of Cc addresses which are vaguely similar to mine; never bothered checking to see if any of the others even exist!

[pobrien_ie]

[quote name='LiamPodmore' timestamp='1355924029' post='1904525']
Nope, same as BassPimp66 for me, just lots of viagra, [u][b][color=#ff0000]holidays to Ireland[/color][/b][/u] and casinos for me, oh and emails from Epiphone for some reason.

Liam
[/quote]

Hey that's not spam

[ianhowardbass]

I had the same email about Dunblane etc, that to was for the email address specific to this site, my normal email doesn't have my name followed by bass@yahoo etc.

I set up that email address just to register on here.

I had a ton of spam when I used my real email address earlier in the year, when I registered on a site trying to find a flat share in London. I was getting 40 or 50 spam emails a day. A friend told me to set up different email addresses for things like that, then I'd be able to see where they were coming from.

[leftybassman392]

Must say I was a bit surprised to receive it in my inbox (spam filter didn't catch it). It's a general address so could've been from anywhere I guess. All the same...

[jonsmith]

I've had it too (picked up and put in spam folder by my ISP). Email address is not unique to BC so it could have been picked up anywhere, but given some of the comments above, I suppose it is possible that BC was the source for my email address.

Edited December 21, 2012 by jonsmith

[flyfisher]

Just checked, and the hotmail address I used for registration also received that spam email. I didn;t set it up specifically for BC, but I hardly ever use it these days.

Hmm.

[Wing]

I too got the spam mail on my basschat only email. The other possibility besides the site being hacked is a compromise of an administrators login through session hijacking/sidejacking like the one affecting yahoo email users.