I am using a unique mail address to register at xda-developers - now i am receiving spam-/phishing-mails (Diablo III account phishing e.g.) to this email address. How can that be. I never used this unique mail address anywhere else. Do you have a leak in your database oder do you sell account data?
XDA never sells account data, but could be a database issue.
Sent from my GT-P3100 using xda app-developers app
I received 2-4 mails but i don't know the mail's author before... but i hope xda :good:
hstop said:
I am using a unique mail address to register at xda-developers - now i am receiving spam-/phishing-mails (Diablo III account phishing e.g.) to this email address. How can that be. I never used this unique mail address anywhere else. Do you have a leak in your database oder do you sell account data?
Click to expand...
Click to collapse
I also just received one today; I have never received one in the past, so I am rather upset that my xda-developers-only email address has been somehow leaked. I noticed that privacy settings on this account were at their most permissive, so I tightened them all up, though I don't think that allowed people to see the email address I provided here.
I have changed both my email address and password here just in case.
As a side note, I use Tapatalk to read/post on this forum sometimes; could that be a possible vector?
I would highly suggest that the management of this site and board make a serious investigation into the leaking of our email addresses.
- Tim
We have investigated this and haven't been able to identify any leaks of information, and we do not sell any member data. If this concerns you we recommend changing your XDA Email address as well as updating your password (it is a good idea to do this at a regular interval anyway).
Closing this thread as there is already a lengthy thread regarding this topic and it seems to be the exact same spam email.
Related
I have my stock email linked to comcast and i keep geting this junk from pumkin i marked it as spam but it keeps comming to my phone how to i stop it?
Sent from my SPH-D710 using xda premium
djjosh said:
I have my stock email linked to comcast and i keep geting this junk from pumkin i marked it as spam but it keeps comming to my phone how to i stop it?
Sent from my SPH-D710 using xda premium
Click to expand...
Click to collapse
This topic is not related to Epic 4g touch nor Android.
Anyway, here is a short explanation.
The sender of junk email, they do not use the actual domain or IP address. Also, they change the sender's ip address every time. There are many ways to distinguish this kind of emails from the email server level but it's so limited in email client's level. For the Android phones, there are just few spam filters available and most case, it would not work for your comcast email. You need to login to comcast account and check the spam filter options. There's nothing to do with your phone in this case.
Today, I received a scam email to the account I created solely to join XDA developers, eg [email protected]
My privacy settings do not allow other users to send me email., Are there any other users who have recently received a similar email (see below)? Has the email database of xda been compromised?
Greetings
It has come to our attention that your account is involved in illegal transactions. As you may not be aware of, this conflicts with the EULA and Terms of Agreement.
Terms of Use: (http://www.worldofwarcraft.com/legal/termsofuse.html).
It will be ongoing for further investigation by Blizzard Entertainment's employees.
If you wish to not get your account suspended you should immediately verify your account ownership.
You must complete the steps below to secure the account and your computer.
STEP 1: ACCOUNT INVESTIGATION
We now provide a secure website for you to verify that you have taken the appropriate steps to secure the account, your computer, and your email address.
Click on the link below to verify your e-mail address of the Battle.net account:
https://www.battle.net/account/d3/login-support.html (this link is falsified in the email)
If you can’t click the link above, copy and paste the entire URL into your browser.
STEP 2: VERIFY YOUR SUBMISSION WAS RECEIVED
We will contact you with further instructions once we have received and processed your submission. If you do not receive a reply within 48 hours of submitting this form, please resend it from the address listed above.
Please be aware that if unauthorized access to this account, it may lead to further action against the account.
We understand that these policies may seem harsh, but they are in place to ensure that every player is able to enjoy their time in game. Thank you for respecting our position.
Please do not reply to this email as you will receive an automated response.
Regards,
Thary
Account Administration Team
Blizzard Entertainment 2012
Click to expand...
Click to collapse
gnac said:
Today, I received a scam email to the account I created solely to join XDA developers, eg [email protected]
My privacy settings do not allow other users to send me email., Are there any other users who have recently received a similar email (see below)? Has the email database of xda been compromised?
Click to expand...
Click to collapse
Yes, I received the exact same email
Title of email was Diablo 3 but email is about WoW? These scammers are getting more stupid
I haven't got the email
Sent from my Galaxy Nexus using Tapatalk 2
I've had this before and suffered no ill effects because of it. It's a very common one.
Someone brought this up before and our server guy assures us that our database has not been compromised. If it's a Gmail account then set up the extra security features and view the log in info for peace of mind.
Obviously you shouldn't reply or anything but you already knew that...
Sent From My Fingers To Your Face.....
Is it by any chance hotmail?
They had an issue not long ago when loads of people got spammed with these, reporting them to blizzard themselves can help them bring them down
Sent from my Galaxy Nexus using Tapatalk 2
I received the Diablo III email today to my customised account as well. It is using my own email server, not hotmail, gmail or any of the other online free ones and the format is [email protected] I don't use this email address anywhere else and I've never written it in a publicly viewable area. I've checked my XDA account and as far as I can see the email address is not publicly visible. I use customised addresses like this for each site I register with so I can tell where spam email is coming from, so exactly this kind of situation.
Just got my first email spam (also a diablo III phish) to my specific xda email address. The only other gaming related phishing emails I get is to a email address that was forum compromised several years ago. This is also not generated from a dictionary attack to my server.
Your email address database may not have been compromised, but I would not be surprised if one of your moderators / admins or such that has visible access to visible email addresses on the forums is being screen scraped by a virus.
Could be although the last time I posted here (besides in this thread) was months ago, in March.
othermark said:
Just got my first email spam (also a diablo III phish) to my specific xda email address. The only other gaming related phishing emails I get is to a email address that was forum compromised several years ago. This is also not generated from a dictionary attack to my server.
Your email address database may not have been compromised, but I would not be surprised if one of your moderators / admins or such that has visible access to visible email addresses on the forums is being screen scraped by a virus.
Click to expand...
Click to collapse
We have checked our own logs to look for any kind of suspicious activity like scraping, and I believe none was found. The list of privileged accounts is checked regularly, along with removal from anyone no longer requiring it, to prevent this.
We continue to investigate. I've got a number of accounts on XDA registered with different email addresses though, and haven't seen anything like this. I'll continue to look into this.
Thanks for your diligence. As we all know the email account listing swipe/accrual/etc didn't have to be anything recent. This could be from anytime between 2010 and now, somebody has just managed to monetize/find usefulness in the data currently.
There's another thread about this with more replies over here.
Same here
Got the same email today.
I'll flag the server admin, though I'm not sure it's on our end as our database is secure and we don't share any contact details.
Also, another thread exists on this so let's just use one: http://forum.xda-developers.com/showthread.php?t=1835116
Short story: I need to know if there is a way to find the transaction id number from the apps that i've purchased in play store. I do have root.
Long Story: I setup my Google login using the main email i was using at that time. That email address happened to be provided to me by my ISP. Last month i switched my ISP to another ISP and lost access to the original email address that i set up with my Google account since that service was cancelled effectively today. Today i also logged into Google and clicked the "change" link next to my primary email address under accounts. I was sent a verification email to the "new" email address that i put in. I followed the instruction in the email which had me click a link verifying my "new" address. I now have no apps nor contacts linked to my Google login when i login. I can no longer use my previous login either. I've contacted GooglePlay help and have started a complaint. They say there is no record of my original email address or my purchases (100's of $$$). For a company to forfeit all my purchases because i changed my email and furthermore never warn me is ridiculous.
This should be a lesson that you should use gmail instead of An isp's email.
Please press Thanks.THANK YOU
Samsung Fan1693 said:
This should be a lesson that you should use gmail instead of An isp's email.
Please press Thanks.THANK YOU
Click to expand...
Click to collapse
yea exactly I've never once used an isp provided email address cause its just a bad idea. Lesson learned the hard way I guess
Sent from my SGH-I747M using xda app-developers app
I understand that it was a bad idea but the option to switch emails associated with the account is still there. Soo even if it wasn't an isp email it still would have done the same thing because it was the action of updating the email not the actuals isps fault.
Salt has been poured into the wounds already. Does anybody have any constructive advise on how to get or if there actually is any transaction record for paid apps stored on my phone?
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
I tried to update my e-mail address some days ago, from my old domain to my one, but couldn't get your Web site to send me an activation e-mail to verify the new e-mail address for the life of me. I'd submitted the contact form with all information requesting manual assistance/intervention to facilitate the re-activation/verification of my account. However, no reply has been received.
As such, I was forced to update my e-mail address back to my old domain and received the verification e-mail there (which, by the way, forwards to my new address/domain). There was a bit of a delay from the time that I submitted the e-mail address and when I received the e-mail, but at least, it eventually arrived.
Can somebody please offer some assistance in getting my new e-mail address associated with my account and activated? I have no issue receiving mail from anywhere else at my new address, and yes, I checked the junk/SPAM folder for it.
stew721 said:
I tried to update my e-mail address some days ago, from my old domain to my one, but couldn't get your Web site to send me an activation e-mail to verify the new e-mail address for the life of me. I'd submitted the contact form with all information requesting manual assistance/intervention to facilitate the re-activation/verification of my account. However, no reply has been received.
As such, I was forced to update my e-mail address back to my old domain and received the verification e-mail there (which, by the way, forwards to my new address/domain). There was a bit of a delay from the time that I submitted the e-mail address and when I received the e-mail, but at least, it eventually arrived.
Can somebody please offer some assistance in getting my new e-mail address associated with my account and activated? I have no issue receiving mail from anywhere else at my new address, and yes, I checked the junk/SPAM folder for it.
Click to expand...
Click to collapse
To change the email in your xda account, just login to xda, then navigate to "Control Panel" (at the top - right, under your "Welcome, ..." your xda-name).
Then navigate to "Your Profile" > "Edit Your Details" > "EMAIL & PASSWORD" click on the bttuon "Edit EMAIL & PASSWORD".
Alternatively you can navigate to "SETTINGS & OPTIONS" > "Edit EMail & Password".
You should also check your general options under "SETTINGS & OPTIONS" > "Edit Options" > "Messageing & Notification".
stew721 said:
I tried to update my e-mail address some days ago, from my old domain to my one, but couldn't get your Web site to send me an activation e-mail to verify the new e-mail address for the life of me. I'd submitted the contact form with all information requesting manual assistance/intervention to facilitate the re-activation/verification of my account. However, no reply has been received.
As such, I was forced to update my e-mail address back to my old domain and received the verification e-mail there (which, by the way, forwards to my new address/domain). There was a bit of a delay from the time that I submitted the e-mail address and when I received the e-mail, but at least, it eventually arrived.
Can somebody please offer some assistance in getting my new e-mail address associated with my account and activated? I have no issue receiving mail from anywhere else at my new address, and yes, I checked the junk/SPAM folder for it.
Click to expand...
Click to collapse
I have changed your email address, and sent you a test email. You do not need to activate the address, but please ensure you can receive emails, or you'll lose features like password reset, and subscriptions.
pulser_g2 said:
I have changed your email address, and sent you a test email. You do not need to activate the address, but please ensure you can receive emails, or you'll lose features like password reset, and subscriptions.
Click to expand...
Click to collapse
Thanks for that. I'll check my e-mail later when I get a chance.
It's weird though as XDA has been the only place that I'd not received e-mail from directly. All other activation e-mails were delivered almost instantly. That, and I heavily depend upon e-mail for my business. My clients have never reported any issues either.
With that said, my old domain forwards to my new one. And, I know that e-mails from XDA to it are forwarded on to my new address without issue.
Perhaps, if you have an administrator who could check your mail server at some point when they have a chance for any frozen mail to the new address or any other failures. Offhand, at the moment, I'm not sure as to why there are issues with XDA only.
--
Sent via Tapatalk 2 from my TELUS HTC Amaze 4G on the Fido network.
stew721 said:
Thanks for that. I'll check my e-mail later when I get a chance.
It's weird though as XDA has been the only place that I'd not received e-mail from directly. All other activation e-mails were delivered almost instantly. That, and I heavily depend upon e-mail for my business. My clients have never reported any issues either.
With that said, my old domain forwards to my new one. And, I know that e-mails from XDA to it are forwarded on to my new address without issue.
Perhaps, if you have an administrator who could check your mail server at some point when they have a chance for any frozen mail to the new address or any other failures. Offhand, at the moment, I'm not sure as to why there are issues with XDA only.
--
Sent via Tapatalk 2 from my TELUS HTC Amaze 4G on the Fido network.
Click to expand...
Click to collapse
I'll ask him to check the outgoing mail logs, but AFAIK our servers are set up correctly (else I think more than one person would have issues! )
pulser_g2 said:
I'll ask him to check the outgoing mail logs, but AFAIK our servers are set up correctly (else I think more than one person would have issues! )
Click to expand...
Click to collapse
I'd meant to reply here a few days ago, but have been busy with work. However, I'm now receiving e-mails from XDA to my new domain. Please thank whoever did whatever to fix the issue.
Dear admins,
I received this email from paypal this morning.
http: imgur.com/hRcDthL
Background:
- Email was registered with xda using yahoo address guard since 2010.
- Emails are forwarded to gmail account
- I am not an active contributor but i do frequent this site a lot to find info.
- My xda account details are not set to public
- Other services which have this email address is tapatalk
I believe the email is legit, as it has been signed by paypal and verified by gmail.
@bitpushr
zfuyuan said:
Dear admins,
I received this email from paypal this morning.
http: imgur.com/hRcDthL
Background:
- Email was registered with xda using yahoo address guard since 2010.
- Emails are forwarded to gmail account
- I am not an active contributor but i do frequent this site a lot to find info.
- My xda account details are not set to public
- Other services which have this email address is tapatalk
I believe the email is legit, as it has been signed by paypal and verified by gmail.
Click to expand...
Click to collapse
Thanks for the heads up - I think the concern here is that your email address has been discovered via XDA. There was another thread where people were getting spams to XDA-only email accounts, where the accounts were all created before 2012. It would appear that at some point email addresses were recoverable from XDA, however we are not sure if it is via a privacy exploit on a web page, a 3rd party service (like tapatalk) or database dump. We don't have any evidence of anything besides people with XDA-only email addresses getting emails. What we would recommend is changing your password on XDA (and all sites!) occasionally just in case there was a database dump, and we have looked into any privacy exploits on our servers and are not aware of any now (or in the past).
Hope that helps.