Spam To Dnf Account Emails

[Theo]

After 10+ years of using a particular email just to receive DNForum notifications, it started getting both spam and hacking attempts. Since I don't use that email anywhere else, nor do I reply anywhere with that email, that can only mean that the DNForum email database has been compromised or otherwise shared. I'd advise everyone to change their email password, or email altogether.

 

[Johnn]

Post example so we know who the Spammer is?

 

[Theo]

John, spam started coming in on 2/3/2015 and it's varied, example subjects:

• urghhhhhhh! - [email protected]
• from. Liu Yuezhen Beijing, P.R.China - [email protected]
• YOUR PAYMENT WAS APPROVED TODAY... - fake email
• Your Last Wish - [email protected]

 

[Theo]

Was also notified by the server alert that there were attempts to 'guess' the account password, but don't have those anymore.

 

[GeorgeK]

It could just be a dictionary attack, that successfully guessed your DNF email address, if it wasn't very complicated. e.g.

[email protected] is easier to guess than

[email protected]

in terms of purpose-specific email accounts.

 

[Theo]

George, the username+domain pair was never used outside of DNForum and never for any purpose other than to log in and receive notifications. If anyone else has witnessed the same, it's an indication of database leak.

 

[VNA]

I was wondering the same. I also do not use my email linked to DNF anywhere else and I am receiving similar spam emails especially the urghhhhhhh! one.

 

[Theo]

Yep. My email isn't "theo*" so the notion that usernames were harvested doesn't make sense here. Looks like emails are being used.

 

[GeorgeK]

George, the username+domain pair was never used outside of DNForum and never for any purpose other than to log in and receive notifications. If anyone else has witnessed the same, it's an indication of database leak.

Understood, but it still depends on how 'random' the username** portion is, otherwise it could simply be someone who has tested hundreds of thousands of different usernames (i.e. a dictionary attack), and chanced upon the one you used on DNForum.

** Just for clarity, I mean the randomness of the username in the email address (i.e. [email protected]), not the DNForum username.

 

[Jilo]

I'm also receiving some. Especially the urghhhh email.

 

[Theo]

As I'm not the only one getting these emails, what are the odds that it was a brute force 'guesswork' attack?

 

[GeorgeK]

I never received those spam emails.

While it's possible that the forum's database got compromised, and those spams were sent to a subset of the database , I was simply pointing out that there was another possibility (i.e. the original post stated "that can only mean that the DNForum email database has been compromised or otherwise shared" -- emphasis added; not correct, when there are other possibilities for a spammer that don't involve obtaining the DNForum database).

If the forum's email database did get compromised, you'd think they would do a much better job of targeting the spam emails, e.g. make the offerings be related to domain names or webhosting, rather than than just general untargeted spam.

 

[Theo]

George, inversely, just because you did not receive these emails does not mean there is no incident.

I have now changed my linked email and password and advise everyone to do the same.

 

[GeorgeK]

Theo: I agree it's possible (as I said above), but that there are also alternative explanations.

The point I wanted to make, and perhaps it got lost, is that if one uses a different email address for different services, that it should be one that is hard to guess. e.g. [email protected] is harder to guess than [email protected], [email protected], or [email protected]. This reduces spam, because it's less susceptible to a dictionary-based attack, where spammers try to send emails to [email protected].

 

[bro]

Why would anyone dictionary attack on a personal use domain? I believe Theo's theory is correct

 

[Theo]

At any rate, my advice is for everyone concerned to change their associated emails, because brute-forcing known accounts can eventually work, for weak passwords. Also, never share the same password across various accounts.

 

[Nathan King]

It's surprising that the e-mails you're receiving are generic and not domain-related. Perhaps 10 years ago a link to your e-mail was posted on the net, and it was just recently scraped? Or years ago somebody added you to their address book, and later got a virus or their account was compromised.

If the database was compromised, I doubt this is the last we'll hear of it. It's always a good idea to choose a complex-enough password to not be brute-forced anyways.

 

[TheLegendaryJP]

I have been getting them too the last couple weeks.

 

[GeorgeK]

If the DNForum database was compromised, I'd be more concerned about private messages and other information being compromised, rather than the identity of an email address (passwords are presumably stored hashed in any modern software, so they should still be safe).

 

[katherine]

The weak passwords will be easily recovered either using brute force, dictionary attacks or rainbow tables.
I believe you have to change your password every 180 days but I can't remember if the software enforces strong passwords.

I think this forum is poorly thought from a privacy point of view.
For example look at the bottom of the thread (or any other): "Users Who Have Read This Thread (Total: 34)"
This is a creepy feature that was even removed in the past after some outcry from members.

And look at this: http://dnforum.com/useragent/