Information Receiving Spam mail to an alias address only used to sign-in to this forum.
Amonbofis
Closed Account
Posts: 9
#1
2023-09-06, 16:10
I have gotten into the habit of creating separate aliases for forum login purposes.
I have done the same here within the last 6 months.
I just received a typical 'Nigerian Prince' scam email that used the address only used on this site, nowhere else.
This time, it was not a Nigerian prince but the grand-daughter of Late Colonel Muammar Gaddafi.
The originator was AISHA GADDAFI <[email protected]>
Note that my username was MiamiBlues and nowhere was the rest of the email address listed for the public to view.
I have since disabled that alias.
This is a bit concerning as I thought security had been tightened since the last major issue.
Find
Reply
Lunatixz
Team-Kodi Member
Posts: 7,133
#2
2023-09-06, 17:49
(2023-09-06, 16:10)Amonbofis Wrote: I have gotten into the habit of creating separate aliases for forum login purposes.
I have done the same here within the last 6 months.
I just received a typical 'Nigerian Prince' scam email that used the address only used on this site, nowhere else.
This time, it was not a Nigerian prince but the grand-daughter of Late Colonel Muammar Gaddafi.
The originator was AISHA GADDAFI <[email protected]>
Note that my username was MiamiBlues and nowhere was the rest of the email address listed for the public to view.
I have since disabled that alias.
This is a bit concerning as I thought security had been tightened since the last major issue.

https://kodi.tv/article/forum-data-breac...ons-taken/
Image Lunatixz - Kodi / Beta repository
Image PseudoTV - Forum | Website | Youtube | Help?
Find
Reply
Amonbofis
Closed Account
Posts: 9
#3
2023-09-06, 18:56
Thanks Lunatixz, I had just left as A MOD on this site when it happened.
That's the point though, this email alias was created after the site had been restored.
Find
Reply
yol
Team-Kodi Member
Posts: 223
#4
2024-02-15, 18:49
Hi, thanks for informing us. Unfortunately, I think the best we can do is take this as a data point and monitor if it comes up again. We're not aware of any other breach or how your email address could have otherwise leaked. When exactly (date?) was the alias created?
Find
Reply
yol
Team-Kodi Member
Posts: 223
#5
2024-02-16, 10:46
A few words of clarification:
* The account in question was not part of the 21 February DB dump.
* The 21 February DB dump was the most recent date for which we could confirm that someone accessed the data.
* We became aware of the forum issue around beginning of April. Until then, the access of the attacker persisted.
* Therefore, it is entirely feasible that there were further dumps or user data taken after 21 February, even though the logs do not show this (the hacker had admin level access after all). We have always operated under this assumption.
* The account in question was created between 21 February and the reinstall of the forum (8 April), so it could have been part of a further dump.
* We have shared with haveibeenpwned the full list of user emails as of when we took the forums offline (beginning of April), since, as explained above, there could have been further accesses.
* Theoretically, although I do not assume so, the address could also have leaked via haveibeenpwned.
Find
Reply

Home
Search
Help
Logout Mark Read Team Forum Stats Members Help
Receiving Spam mail to an alias address only used to sign-in to this forum.0