Kodi Community Forum
Information Receiving Spam mail to an alias address only used to sign-in to this forum. - Printable Version

+- Kodi Community Forum (https://forum.kodi.tv)
+-- Forum: Discussions (https://forum.kodi.tv/forumdisplay.php?fid=222)
+--- Forum: Website and Forum Issues or Suggestions (https://forum.kodi.tv/forumdisplay.php?fid=35)
+--- Thread: Information Receiving Spam mail to an alias address only used to sign-in to this forum. (/showthread.php?tid=374355)



Receiving Spam mail to an alias address only used to sign-in to this forum. - Amonbofis - 2023-09-06

I have gotten into the habit of creating separate aliases for forum login purposes.
I have done the same here within the last 6 months.
I just received a typical 'Nigerian Prince' scam email that used the address only used on this site, nowhere else.
This time, it was not a Nigerian prince but the grand-daughter of Late Colonel Muammar Gaddafi.
The originator was AISHA GADDAFI <[email protected]>
Note that my username was MiamiBlues and nowhere was the rest of the email address listed for the public to view.
I have since disabled that alias.
This is a bit concerning as I thought security had been tightened since the last major issue.


RE: Receiving Spam mail to an alias address only used to sign-in to this forum. - Lunatixz - 2023-09-06

(2023-09-06, 16:10)Amonbofis Wrote: I have gotten into the habit of creating separate aliases for forum login purposes.
I have done the same here within the last 6 months.
I just received a typical 'Nigerian Prince' scam email that used the address only used on this site, nowhere else.
This time, it was not a Nigerian prince but the grand-daughter of Late Colonel Muammar Gaddafi.
The originator was AISHA GADDAFI <[email protected]>
Note that my username was MiamiBlues and nowhere was the rest of the email address listed for the public to view.
I have since disabled that alias.
This is a bit concerning as I thought security had been tightened since the last major issue.

https://kodi.tv/article/forum-data-breach-lessons-learned-actions-taken/


RE: Receiving Spam mail to an alias address only used to sign-in to this forum. - Amonbofis - 2023-09-06

Thanks Lunatixz, I had just left as A MOD on this site when it happened.
That's the point though, this email alias was created after the site had been restored.


RE: Receiving Spam mail to an alias address only used to sign-in to this forum. - yol - 2024-02-15

Hi, thanks for informing us. Unfortunately, I think the best we can do is take this as a data point and monitor if it comes up again. We're not aware of any other breach or how your email address could have otherwise leaked. When exactly (date?) was the alias created?


RE: Receiving Spam mail to an alias address only used to sign-in to this forum. - yol - 2024-02-16

A few words of clarification:
* The account in question was not part of the 21 February DB dump.
* The 21 February DB dump was the most recent date for which we could confirm that someone accessed the data.
* We became aware of the forum issue around beginning of April. Until then, the access of the attacker persisted.
* Therefore, it is entirely feasible that there were further dumps or user data taken after 21 February, even though the logs do not show this (the hacker had admin level access after all). We have always operated under this assumption.
* The account in question was created between 21 February and the reinstall of the forum (8 April), so it could have been part of a further dump.
* We have shared with haveibeenpwned the full list of user emails as of when we took the forums offline (beginning of April), since, as explained above, there could have been further accesses.
* Theoretically, although I do not assume so, the address could also have leaked via haveibeenpwned.


RE: Receiving Spam mail to an alias address only used to sign-in to this forum. - iurgt - 2024-09-14

(2023-09-06, 17:49)Lunatixz Wrote:
(2023-09-06, 16:10)Amonbofis Wrote:  

https://kodi.tv/article/forum-data-breach-lessons-learned-actions-taken/

What a great opportunity to inform users of "something I know and something I have" security notion.  A password alone is silly. TOTP, FIDO2.  These are some great options.  A pox upon those promoting google 'free' services.



RE: Receiving Spam mail to an alias address only used to sign-in to this forum. - iurgt - 2024-09-14

(2024-09-14, 07:01)iurgt Wrote:
(2023-09-06, 17:49)Lunatixz Wrote:
(2023-09-06, 16:10)Amonbofis Wrote:  

https://kodi.tv/article/forum-data-breach-lessons-learned-actions-taken/

What a great opportunity to inform users of "something I know and something I have" security notion.  A password alone is silly. TOTP, FIDO2.  These are some great options.  A pox upon those promoting google 'free' services.
Neat.  I can't edit.  Also encourage users (of hosting) to routinely change passwords.


This forum uses Lukasz Tkacz MyBB addons.