[Q] Has the member list been hacked? - About xda-developers.com

I guess "Off topic" is the right place for this.
Just got two emails from some unknown sender with the following message;
Greetings"
I hope this message meets you in good state of health? My name is [ Mrs Monalisa Cebile Nelson ], I'm young and adventurous woman, searching for a dependable and positive minded person. Actually I found your e-mail address from [ http://forum.xda-developers.com ] and specifically contact you for assistance in foreign partnership based on agreement for mutual benefit, also will very much acknowledge your immediate response please. I hope we can have a positive correspondence and also we can work collectively? Anyway I will intimate you more on that as soon as we get in contact. Please if you are interested do not hesitate to get back to me via [ [email protected] ] for more details and my pictures. Best regards with expectation to hear from you soon.
Mrs Lisa Nelson...
Any idea on this?

SKJoy2001 said:
I guess "Off topic" is the right place for this.
Just got two emails from some unknown sender with the following message;
Greetings"
I hope this message meets you in good state of health? My name is [ Mrs Monalisa Cebile Nelson ], I'm young and adventurous woman, searching for a dependable and positive minded person. Actually I found your e-mail address from [ http://forum.xda-developers.com ] and specifically contact you for assistance in foreign partnership based on agreement for mutual benefit, also will very much acknowledge your immediate response please. I hope we can have a positive correspondence and also we can work collectively? Anyway I will intimate you more on that as soon as we get in contact. Please if you are interested do not hesitate to get back to me via [ [email protected] ] for more details and my pictures. Best regards with expectation to hear from you soon.
Mrs Lisa Nelson...
Any idea on this?
Click to expand...
Click to collapse
The site isn't compromised - you've configured your profile to show this information publicly.
Your account settings are making a lot of contact information available - check out your profile page at http://forum.xda-developers.com/member.php?u=2123239 and go to contact info - there's a few email addresses showing up there. Your yahoo and own-domain emails are both appearing there - you may wish to not publicise such information on the site.

pulser_g2 said:
The site isn't compromised - you've configured your profile to show this information publicly.
Your account settings are making a lot of contact information available - check out your profile page at http://forum.xda-developers.com/member.php?u=2123239 and go to contact info - there's a few email addresses showing up there. Your yahoo and own-domain emails are both appearing there - you may wish to not publicise such information on the site.
Click to expand...
Click to collapse
It is good to learn that nothing bad had happened. I knew my email address is exposed, but it was a little strange someone might care to copy it from here and include in a mailing list in a random basis and it would take a lot of hard work to check and copy for all members here! Feeling special lol

SKJoy2001 said:
It is good to learn that nothing bad had happened. I knew my email address is exposed, but it was a little strange someone might care to copy it from here and include in a mailing list in a random basis and it would take a lot of hard work to check and copy for all members here! Feeling special lol
Click to expand...
Click to collapse
It will be a crawler - like search engines crawl pages for search terms, some crawlers trawl the entire internet for email addresses to spam. Unfortunate that it happens, but so is the internet these days... That's just ordinary spam, nothing more, nothing less.

Related

Welcome to the improved XDA-developers forum

First of all: don't worry. Everything you are used to is still here. Your username still exists, all the messages are still here, and we're all still here.
There are a few changes though:
You can set a country flag, as well as which device(s) you have and a home GSM-provider. These will be displayed in icon form with your messages. It's completely uncomplicated and much more fun if everyone participates. So please use the 'Profile' button in the menu above to set these things for you. They help others help you by knowing what device you have and what provider you are using.
Topics now have an extra property, which defines whether they are relevant for the original XDA, for the XDA II or for both. A small icon shows with each message. You can set this property when you start a new topic.
The separate XDAII board is gone. All messages there have been moved to the forum where they are most appropriate (see below). The fact that the messages were originally posted in XDAII now shows with an icon.
We now allow attachments, both in forum postings and in Private Messages, sized up to 50MB (!).
The boards have new names, and are slightly re-organized:
[list:42f131921e]
General
Current events, news, etc.
Using it
messages formerly in 'PocketPC' go here.
Not too technical, about use and peculiarities.
Unlocking it
formerly called 'Unlocking'
Networking it
formerly called 'GPRS/WAP settings'
Stocking up for it
formerly called 'Accessories'
Upgrading and modifying it
formerly 'ROM updates'
Hacking it
formerly 'Programmers corner' and 'Other techie stuff'
Anything but it
formerly called 'Off-topic'
[/list:u:42f131921e]
We currently use the plain-vanilla 'subSilver' phpBB style. Expect further changes to the way things look over the next few days. Please let me know by clicking 'PM' under this message if anything that used to work for you all of a sudden isn't working anymore.
Hope you like it...
New look
Sexy!
Wow ! well done ! :wink: certainly a lot of work ...thanks
Sure does and it looks good too! 8)
But found the following to be missing:
no USA T-Mobile listed under GSM Provider
no AT&T radio stacks listed under Radio Version.
Qman said:
no USA T-Mobile listed under GSM Provider
Click to expand...
Click to collapse
Whoops. Fixed.
no AT&T radio stacks listed under Radio Version.
Click to expand...
Click to collapse
We're still confused about all these Radio Stack Upgrade numbers. And if we are confused, imagine what that means for the poor folks out there. But I will include some more numbers tomorrow...
A couple of suggestions:
In the ROM Version setting of the profile, there should be a "kitchen" option for 4.00.16, since this is on at least one kitchen (perhaps "kitchen" ought to be a check box?)
I don't know that I would have chosen to have a merged 'update it' forum for XDAI and XDAII. Most readers are interested in info for one device and dont care about the other.
pdhenry said:
A couple of suggestions:
In the ROM Version setting of the profile, there should be a "kitchen" option for 4.00.16, since this is on at least one kitchen (perhaps "kitchen" ought to be a check box?)
Click to expand...
Click to collapse
Done. I might make it a checkbox later on.
I don't know that I would have chosen to have a merged 'update it' forum for XDAI and XDAII. Most readers are interested in info for one device and dont care about the other.
Click to expand...
Click to collapse
I was planning to create a one-click filter option for 'viewforum.php'.
Why damn, this blob-thing is ... growing.
As you may have seen the forum now has it's own hostname: forum.xda-developers.com. All existing links (/forum and /phpBB) will redirect to the correct thread or post on the new hostname (using a rewrite rule and sending HTTP 'Moved Permanently').
The uncompressed database for the forum is now 40 MB, the entire site is sending and receiving a few GigaBytes per day, to and from over 2500 unique IP-numbers each day.
Congradulation!
Hello
Well done and great work, keep it up.
thanks with best regards.
Othman
looks alrite but i miss the yellowy colour scheme now looks like every other forum on the web lol :roll:
how strange ...
the DB is only 40Mb ... this fits on 10% of my stamp size SD card ...
and yet, with just 2500 db-access (and how many posts? probably 100kb)
we get Giga bytes of traffic....
Just think how wasteful we're with current technology....
This goes double for a Pocket PC with two wireless communications,
100's of Mb of data, 400Mhz cpu ... and all that it does is displaying
who is calling your phone
Hmmm ....
[this is not a flame of the site or the PPC.... just a note on the status of the information/software age of the 21st century in general]
Looks
gazzaman2k said:
looks alrite but i miss the yellowy colour scheme now looks like every other forum on the web lol :roll:
Click to expand...
Click to collapse
No worries: this is temporary. There will be some proper design-work done on the entire site.
This is a good opportunity to say "Thank you" to Mario Giambanco, whose ideas and kind offer to work on the site prompted me to do some cleanup first, which resulted in the changes you see. Between him, myself, and hopefully some other volunteers we can now start to do a major overhaul concerning the looks and stale content of the main site.
The new 'main site' is going to be database-generated (from the phpBB database), and will have at least 'News' and 'FAQ' pages, pointing to topics on the forum. This will mean the 'main site' will be much more of an up-to-date tribute to the collective work of all of you on the forum, instead of a somewhat stale collection of some cool stuff we did way back. Creating layout in the way we did it before is just too much work.
Welcome to our new face
It looks very nice :lol:
But maybe we need added section: download & upgrade hardware ???
:wink:
very nice
Simply An excellent job
I preferred the old one. bah humbug
Thank You!
Thanks! For all the hard work it is much appreciated :wink:
Keep burning the midnight oil, it can only get better! ( like the XDA II )
Kind Regards, StayLucky Jim.
Hacking it ?
I written quite a few custom applications for the XDA and your site has some interesting infomation that has helped me.
I have replied a couple of times too with some code snipits.
All was very professional.
Now the Programmers Corner is under Hacking it, so I must of now become a Hacker. An interesting term, that I will have to add to my CV and see if it effects my future software appointments.
At last! Your decision to migrate to 2.0.6 is very welcome
If you interested - I can suggest two mobile adaptations for phpbb:
- read only version optimized for using as Mobile Favorites/Avantgo channels
and
- fully functional version for using from mobile devices.
These versions were developed and tested for one of the mostly visited (264,100 messages currently) PDA-related site in Russia http://www.handy.ru/board Unfortunately, all of the site is on Russian, but you may look though the following links just to smell it:
Mobile Favorites/AvantGo version:
Setup channels (Controls translation: forum name; timeframe; pictures (all/smiles only/none); link conversion mode; signatures on/off)
Ready-to-synchronize channel link (two days plus vacations, smiles only, links converted to text, without signatures).
Online mobile version: (banners should be visible from desktop PC only)
Forum index
Forum page
Topic discussion
All security is the same as in desktop phpbb version. Almost all functionality is implemented except site administration, advanced moderation panel (topic joining/splitting/mass deletes) and profile changing/private messaging.
These forum versions not include support for skins or language resources (sorry, but I develop them as fast as I can). So translation to English and slight adaptation to your mods (if any) needed. But I'm ready for this job.
The only main forum changes needed are:
- adding 4 lines to template variables array initialization;
- modifying 4 template files to add links to mobile versions;
Re: Hacking it ?
vangelderp said:
Now the Programmers Corner is under Hacking it, so I must of now become a Hacker. An interesting term, that I will have to add to my CV and see if it effects my future software appointments.
Click to expand...
Click to collapse
It seemed like a logical term to combine 'Programmers corner' and the little used 'Other techie stuff'. We think of the term 'hacker' as meaning a benign and very advanced programmer or techie, and not in any negative media-sensationalist terms. (Even though some of us do smile when we take the SIMlock off.)
Ofcourse if you think the rest of the world would see this differently, you're welcome to say 'Programmers corner' in future job applications.
I sincerely hope this linguistic issue will not keep you from continuing to benefit and contribute in the future.

Browser support

When i am opening my browser of sense2.1 latest european rom...and type anythng in google there is a message as below..plz suggest
403. That’s an error.
Your client does not have permission to get URL /search?hl=en&sky=ee&ie=ISO-8859-1&q=wildfire&btnG=Search from this server. (Client IP address: 106.79.92.162)
Please see Google's Terms of Service posted at http://www.google.com/terms_of_service.html
If you believe that you have received this response in error, please report your problem. However, please make sure to take a look at our Terms of Service (http://www.google.com/terms_of_service.html). In your email, please send us the entire code displayed below. Please also send us any information you may know about how you are performing your Google searches-- for example, "I'm using the Opera browser on Linux to do searches from home. My Internet access is through a dial-up account I have with the FooCorp ISP." or "I'm using the Konqueror browser on Linux to search from my job at myFoo.com. My machine's IP address is 10.20.30.40, but all of myFoo's web traffic goes through some kind of proxy server whose IP address is 10.11.12.13." (If you don't know any information like this, that's OK. But this kind of information can help us track down problems, so please tell us what you can.)
We will use all this information to diagnose the problem, and we'll hopefully have you back up and searching with Google again quickly!
Please note that although we read all the email we receive, we are not always able to send a personal response to each and every email. So don't despair if you don't hear back from us!
Also note that if you do not send us the entire code below, we will not be able to help you.
Best wishes, The Google Team
/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/k5fvA2I66JbZwNlbWR30BXRdrHXiq755jzFYIxHKZk7n5nT_m G3aT0FK5QxgMWm0kmH41qW_cvO6pTegMrRGT5-wayz1A4CGBE OnhawbsjlCPdnaoDYI-i_MfJDJWijNeEwKeLBZj3cCF-cY0Ji MW8eAcNj3GWivAh8S09rIg5xMyKJdm4oOeKyMJ1rMG9khJHxL pmRilz1OvvNIFVVLEu4a9VGDG9SNl_DMfbf0pW9sqGhO21KFO 07u7gJIUoWGiN2W5IR4fMwT5vK_NfuioRJ8DJg_8cBYXy6Kss 1h_O3VaYlylGwilxMG5m19gwtZzD_4iWHeKgji-qTN7dUKKyh 8lI15uySZX1y2vn9_3OghK_uDL4YpUsOqAs7TJUgvhaFm7MUP tI_oWQMt9jVxWSped7m5AzFwjp74iaB5m-dYM47rDNbtBaZNv 1n-DRI4Yndqa0Lbtf9tRaUix2wsmJqB2Mhtvf3Cb1ArZ9P7ds 4lI9W2c3XNJcQzbXvEydYumbd7BJYYiSY2Ox28a2mqsU-eLWH pLMNcRvFpkOF-BiGwhGQfUiRdsJI4nsA5k1gdBs6EtLgqEvo8 qGJ49UbISWyGjQ0NP_YxwB0-x3KnMh7Q8CbxvXQlu-SGA6zgd lCCCLOtwdWqHKjjZR8xGWOvmoez03DNYXRuDAt_td9KQLo9DI ER-_HW3K2DUrdG5zQUXuouP2Lb_ve9xF-F6yjJnqFdkDAK9FI BqyLbTjoKSJAs4ffbKLjFwGzEIqSiXmLPXT6AGBFnfEH1Zmqx p7sMmFAPamQL4AuSmIV2sQHjMNuLNZEoGQErBa-tPkdaZg0lT l3eyrLKEzlK_AUMBiz5PtADWqlNdX4xFXgkkgDSw8yW4PJei3 tFkdOnst7neDJo1veqG5FFed_78E5YQguhLfdIcqQ8uF42xqa Nz5Bv6m5sdwM5SyewpquafrEK5NCkqRk1WsVwCDQd1BHyOqSy sS-QlQTcd0_faH9Aku-Dnr0FPZ-7K8-jfXdLTox5I-eH3daIe fo3M-S-_x49m4BoNxpuF-vzhuxRt3OJ-vALhGDc6b4mykI_LG s-d9gLcttt5Y5okzSxlBnVaAsqsSqnPNpGfGoBzradjPSZOh7 spajeUff0SgFHKmwEvVlg3FFJO3k7-hnS5s3YGKd9Wmhsxrdz ifrwC4RgGbsqKTMMUEQyUotX9118jc0_CYfvrpucVLMFztBCe nThy-jZJ6AVjmDdviBU_-3LwG8VeqH6GC_8uVooTHmaQ-JoOX _lpqTz0tNi3RIBMubZy-Yvomwv-LofCZ1SmFy04wdIKXE6Zq2 yD_MIRrJeyVsZ8WNA8rRH5HikdIBbx_O7QWh55pj55BTjeTHk css-yNPEVFjoacSBK7Q2duzCwOvzCW4OQ8x-932_7rrpOdfqA -_oNXksLeMid6B8tgroOFXD5IPXPC8EDIX7Z94SgaAR5qiJFb SCPi3FonIak3ho7PV2PFe8dSqCJYNgQn66hpFiv01enkrlU-N xB8BOO_i-QOQszn6uvKIvkY1kYQ2pFSQqBa9GSNz6ojDEM7po 2lolAQ0CPd5bS4eu +/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+ That’s all we know.
Sent from my HTC Wildfire S A510e using xda app-developers app

Email Compromise? (Diablo Spam)

Hi there,
I have my own domain name. When signing up to websites, such as xda-developers, I use that site name as the to address for my domain name ie, [email protected]
This morning, I've received a spam email with subject "Subject [EN]Diablo III Account Locked - Action Required" to my xdadevelopers address at my domain.
Has there been a database compromise perchance? I've had a search through the forums here and don't see anyone else that has mentioned it as yet. The spam arrived about 3 hours ago from now.
It'd be a shame to have to close my account and devnull this email address, as I really love these forums and the great users herein.
Regards.
Update 1: It's certainly not a dictionary attack that I can see, as I haven't received any others of this nature to my catchall mailbox.
If it's any help at all, the headers show this as the sender host;
Received: from WWW-9763E06E580.net (unknown [110.103.67.128])
(very likely unrelated to any alleged compromise attempts, if indeed a compromise even occured).
I have seen this reported a couple times before but no resolution as I recall. I have passed this on to one of the admins, hopefully he can take a look and let us know if this is a problem to be concerned about.
I'm not aware of any compromise of the database. What I can say is that we treat our members data with the utmost respect and this would certainly be a concern of ours, but I don't see any evidence of any kind of intrusion like that.
bitpushr said:
I'm not aware of any compromise of the database. What I can say is that we treat our members data with the utmost respect and this would certainly be a concern of ours, but I don't see any evidence of any kind of intrusion like that.
Click to expand...
Click to collapse
Thank you for checking that sir. I believe that in the other threads, it was suggested that someone might have posted their email and a screen-scraper harvested it, or perhaps their email was grabbed some other way, but nothing definitive ever came of it.
bitpushr said:
I'm not aware of any compromise of the database. What I can say is that we treat our members data with the utmost respect and this would certainly be a concern of ours, but I don't see any evidence of any kind of intrusion like that.
Click to expand...
Click to collapse
Thanks for that, and I respect that data is treated with complete secrecy. I've not used this address or posted it anywhere else. It's used solely to login with, so i'm still a bit confused. I'll leave it for now, as it's only one example.
Regards.
Hi,
I'm in the exact same case, I use per site email on my domain , no dictionary attacks too (I got catchall so I see them) and same mail received
Same mail same kind of sender:
Thu, 16 Aug 2012 08:22:23 +0200 (CEST)
Received: from WWW-9763E06E580.org (unknown [110.103.67.40])
I can assure that this email is not used in any screen-shot or anything else than logging here.
This is quite annoying and since I don't use the same header as the other one (me it's [email protected]) it really seems that the mails data are compromised.
Regards,
Tolriq.
As above, exactly the same spam email, although the email address I used to sign up here is more complex than just [email protected]
I'll keep the email around, in case anyone wants to follow up on it.
Could this perhaps be the result of the new theme showing user email addresses on member pages (Eg. somewhere on http://forum.xda-developers.com/member.php?u=3492510)? Even if it's corrected now, if it did at any point, spammers may have scraped the member list during that time.
I've also just gotten an email directed at my one-time use address used for registering at XDA. Something's up, check your logs you've been compromised. I highly recommend a notice and forced password reset.
Return-path: <[email protected]>
Envelope-to: xda@MYDOMAIN.COM
Received: from [110.103.66.127] (port=57501 helo=WWW-9763E06E580.org)
by [REDACTED] with esmtp (Exim 4.63)
(envelope-from <[email protected]>)
id 1T6h7P-000354-NH
for xda@MYDOMAIN.COM; Wed, 29 Aug 2012 08:11:36 -0400
From: "Diablo III" <[email protected]>
To: <xda@MYDOMAIN.COM>
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-Spam-Level: *****
X-Spam-Report: score=5.0 tests=CMAE_1, SHORTCIRCUIT version=3.3.1 cmae=v=1.1
cv=02sxpKrcaeIklPG9ikjtw9+Ix2dV+yAR3ckHHBRjlIA= c=0 sm=0 p=eKWGPzfAF9w9RlBXnosA:9
a=rfP7uN3eH0UA:10 a=SpdMY5nFWogA:10 a=IkcTkHD0fZMA:10 a=L-ISu7bKYZgA:10
a=jWLQlvoj7db9vSsTWhEWiQ==:17 a=blzCNhbTAAAA:8 a=3J15CkO5AAAA:8
a=xrJga5KMAAAA:8 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117
X-Spam-Score: 5
Subject: [EN]Diablo III Account Locked - Action Required
I'll add a +1 to this (got phish with subject "[EN]Diablo III Account Locked - Action Required" trying to get me to visit a url on host us.diablo.net.zh-fot.in) . The unique address I used to register here in early 2008, while not super cryptic, is not as simple as [email protected] and likely would not be the left-hand part of anyone else's email addr, so likely would not have been derived from the phisher mixing-and-matching from different lists. It appears that they've successfully harvested xda member email addresses.
I can confirm that I've just got the phishing e-mail mentioned by other users here, on an e-mail account created and given exclusively to xda forum.
Code:
Received: from WWW-9763E06E580.org (unknown [110.103.67.201])
From: "Diablo III" <[email protected]>
To: <sax_[B][COLOR="Red"]xda-developers[/COLOR][/B]@xxxxxxxxxx.xxx>
Subject: [EN]Diablo III Account Locked - Action Required
Now I am in the process of making the current e-mail invalid and I creating a new unique one.
We will see how it goes...
I can confirm this. I use [email protected] and haven't had any unusual mail to any other address on my domain.
SMTP From: [email protected]
---
Message-ID: <[email protected]>
From: "Diablo III" <[email protected]>
To: <[email protected][Redacted]>
Subject: [EN]Diablo III Account Locked - Action Required
Date: Wed, 29 Aug 2012 17:00:34 +0800
MIME-Version: 1.0
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
[Base64 Message Body Redacted]
+1 for me
Mail address used here is site specific, never used for anything else, cannot be dictionary generated.
We have received several reports from users receiving spam and/or phishing emails to email accounts which were unique to their profile on our community. We feel that there are enough of these to indicate that at some point in the past there was some sort of information disclosure which exposed these email accounts. We are not aware of any particular information disclosure or what exact information may have been exposed.
That being said, we take our community members' information security seriously and continuously review our code and configurations for security vulnerabilities. We do, however, run 3rd party forum software and plugins which occasionally have public security vulnerabilities. We apply all patches as soon as they are available to ensure the security of our data and therefore of our community. Even so, there is always the chance that someone is using an unpublished security vulnerability to try to attack our forum and gain personal information.
Our forum, as with many others running similar software, is a target for hackers attempting to harvest personal data (email addresses, passwords, etc). We highly recommend that you use a unique password for each website you are signed up with, and change that password on a regular basis. For services that support two-factor authentication, enable this option for even more security and peace of mind.
If anyone has information relating to any sort of information disclosure or compromise, we encourage them to report them to the technical contact at http://www.xda-developers.com/contact/#technical
Thank you and as always, questions and comments are welcome.
I posted in the other thread about this but figured I'd chime in here as well. I also use my own [email protected] address just for this site. I've never posted the address publicly and I always make up new passwords for each site. Those are at minimum 8 random characters/numbers/symbols.
In the other thread it was proposed that an admin/moderators system may of been compromised and a screen scraper had seen our emails. I find this pretty unlikely since my last post before the ones about this was in March. Are you sure all the moderators/admins can be trusted not to of sold our information themselves?
I think enough people have reported this problem that you should acknowledge it on the homepage and ask if people receiving these emails can post back so you can get a real idea of how many peoples accounts have been compromised.
Until you have found the source of the leak what is the point of changing our emails/passwords, they could just pull the new info again, besides, it's a PIA to keep changing my email address. Is anything being done about this or are you just waiting for some good willed hacker to email you at the address you posted?
Tann San,
I have a zero-tolerance policy about spam and getting the information I trust to a site, leaked all over the place,
but the only reason I've posted about it, is to confirm that indeed happened, after seeing bitpushr's post,
so the sysadmin(s) can look into it.
After said that, please keep in mind that even if they find out what caused the leak this time and patch it,
that doesn't mean that it won't happen again in the future. So the least we (the members) can do,
is to follow svetius advice and keep different passwords for each service we subscribe to and different e-mail accounts
whenever possible, although most of the disposable e-mail services, sadly are banned in this site -- obviously to fight spam accounts.
I hope that this can answer your question about why to change email/passwords this time (and every time after that).
I understand your frustration, it is indeed PITA, but one can hope that whatever backdoor was open to our data, it is closed for now...
You misunderstood me, I do use different email addresses for all my logins, that's the benefit of having my own email server. I also use different random passwords for each account. What I meant was that it's a annoying to change my email address here more than once since the leak hasn't been identified. For example, I can change it right now to another one but then whoever got our addresses already could go back and get my new email address, so then I have to change it again.
I don't really use my account here very often but I do read the RSS feeds/articles every day. I'm just saying that it seems a bit irresponsible to not let people know that their email accounts and who knows what other information has been stolen. That is also part of the reason I asked what was being done about this besides waiting for whoever it was to tell them how they did it.
Unfortunately "hoping" that the leak has been sealed is not a solution.
I wrote the screen scraper suggestion, and that's a pretty unlikely scenario since those are usually used against high value targets for banking info/logins. Most harvesters use the outlook address book or mine the browser cache of victim machines. The most likely explanation is that this was a sql injection attack on the forum software and probably took place "many moons" ago.
Ditto
Not sure if you want more confirmation, but I too have received Diablo III related fishing messages - to an address specific to this board.
My best bet is that someone sold a list of email address on...
Not a big issue for me as I'll just change my email address if the messages gets too much. Going to change my password just in case, but I haven't noticed anything strange.
Good luck!
Rinkink said:
Not sure if you want more confirmation, but I too have received Diablo III related fishing messages - to an address specific to this board.
My best bet is that someone sold a list of email address on...
Not a big issue for me as I'll just change my email address if the messages gets too much. Going to change my password just in case, but I haven't noticed anything strange.
Good luck!
Click to expand...
Click to collapse
XDA will never, ever ever ever sell E-mail adreses!
Sent from my MB525 using xda app-developers app
Rinkink said:
Not sure if you want more confirmation, but I too have received Diablo III related fishing messages - to an address specific to this board.
My best bet is that someone sold a list of email address on...
Not a big issue for me as I'll just change my email address if the messages gets too much. Going to change my password just in case, but I haven't noticed anything strange.
Good luck!
Click to expand...
Click to collapse
We have looked for any suspicious activity carried out by authorised users, and have found nothing so far.
I'm currently working backwards through years of vBulletin emails to see if there's anything from the past that could be an issue.
Your actual password isn't stored on, or transmitted to, XDA. It's stored in a hashed and salted form, which is more than can be said for many high profile sites unfortunately that were in the news recently...
Still, we'll not be happy until we can work out what's happened, no matter how long ago or recently it may have been.

[Q] Google Legal Investigations... WTF!!!

um I'm 16 and have no about the law or what any of this mean, can someone tell me if i need to do anything please...
Hello,
Google has received a subpoena seeking information related to Android
applications that may have been made available on alternative markets
without the consent of the developer. The subpoena seeks information
about those Android applications, including contact information for the
developers of the applications. Our records show that your Android
developer account will be included in the information Google will provide
in response to this subpoena.
Google is not in a position to provide you with legal advice or discuss
the substance of the process in our possession. For more information
about the subpoena, you may wish to contact the Federal Bureau of
Investigation -- Atlanta Field Office at (404) 679-9000, reference #
2011R00320/FBI/ORKIN.
Regards,
Google Legal Investigations Support
Click to expand...
Click to collapse
http://www.androidcentral.com/fbi-investigating-android-apps-gathering-developer-information-google
I'd start by contacting google.
thanks for the responses, i Skyped the FBI this morning in collage, they said they didn't want Google sending these emails out and not to worry about it XD
That just means the FBI wanted to do their investigations without anyone knowing, but Google blew the whistle.. why would you suddenly not worry about it if it worried you initially?
There are shady markets selling pirated apps w/o developer's permission. There's an investigation, and because you have a developer account you're being included in that.
Kookas said:
That just means the FBI wanted to do their investigations without anyone knowing, but Google blew the whistle.. why would you suddenly not worry about it if it worried you initially?
Click to expand...
Click to collapse
i was worried because i had no idea what it meant.
The strange thing about it is why would the FBI or any law enforcement agency want a secret subpoena for information about the *victim* of a crime they're investigating? EG, if Gucci shoes were being copied and sold, why would they get a secret subpoena against Gucci? Doesn't add up.

Hi. Contactive. We have cake.

Hi,
We make Contactive(it's an app)(just to make sure we're on the same page here). It's guaranteed to (insert sips ref here) rustle your jimmies.
We've received some great feedback lately and we're hungry like a wolf for moar. That's where you come in:fingers-crossed:. Fill our suggestion box full of stuff. Types of feedback that we like to munch on:
- all positive comments
- A bunch of five stars pls
- words that want to make us cry
- And I'm legally binded to ask for some constructive criticism. Not too much though. Our dev's get angry pretty easily(please do not tweet to contactive that i said that).
Also too our lead dev is single(lololololol) he like's to go on very brief walks on the beach, he gets tired very easily, and his fave movie is the about the ring.
I guess I should say something about the app now. Um, well it makes your phone ring, or vibrate, when you get a call. It tells you if a celebrity is calling you like Dr. Dre or if its your mailman, or if its just your mum.
But wait there's more:highfive:, if your mom's on twitter, and let's face it there's like a 99% chance she is, it will show you her latest tweet before you pick up her call... you'll be prepared. Also too it'll import all of your friends from Facebook, Twitter, Linkedin(if you have a job), and Gmail to your phone's address book. It identifies unknown callers too by crawling over the inter-webs for all public information connected to that number(ie. location, name,a picture if available, and some other stuff I cant remember.
Seriously though View attachment 2043155
http://contactive.com/
https://play.google.com/store/apps/...forums&utm_medium=XDADevelopers&utm_term=post
Also I forgot to say that our website is the bees knees, so click the link in the op. pls.
contactive_dave said:
Hi,
We make Contactive(it's an app)(just to make sure we're on the same page here). It's guaranteed to (insert sips ref here) rustle your jimmies.
We've received some great feedback lately and we're hungry like a wolf for moar. That's where you come in:fingers-crossed:. Fill our suggestion box full of stuff. Types of feedback that we like to munch on:
- all positive comments
- A bunch of five stars pls
- words that want to make us cry
- And I'm legally binded to ask for some constructive criticism. Not too much though. Our dev's get angry pretty easily(please do not tweet to contactive that i said that).
Also too our lead dev is single(lololololol) he like's to go on very brief walks on the beach, he gets tired very easily, and his fave movie is the about the ring.
I guess I should say something about the app now. Um, well it makes your phone ring, or vibrate, when you get a call. It tells you if a celebrity is calling you like Dr. Dre or if its your mailman, or if its just your mum.
But wait there's more:highfive:, if your mom's on twitter, and let's face it there's like a 99% chance she is, it will show you her latest tweet before you pick up her call... you'll be prepared. Also too it'll import all of your friends from Facebook, Twitter, Linkedin(if you have a job), and Gmail to your phone's address book. It identifies unknown callers too by crawling over the inter-webs for all public information connected to that number(ie. location, name,a picture if available, and some other stuff I cant remember.
Seriously though View attachment 2043155
http://contactive.com/
https://play.google.com/store/apps/...forums&utm_medium=XDADevelopers&utm_term=post
Click to expand...
Click to collapse
The app looks pretty nice ... :good: ... And the WebSIte Design ... AWESOME !! (may i ask who made the website ?) .... Keep up ... !! :good:
Looks awesome. can we get a dark theme?
this apps sounds good, gonna give a try. thread subscribe. thks to dev team :good:
I'm not trying to discredit your app but what does it bring that the others don't have ? I tried it works exactly like https://play.google.com/store/apps/details?id=com.callapp.contacts that is my main contacts app
Giving it a try; seems like a useful application, but I am a little concerned about the massive consolidation of personal information. The privacy policy is a good read!
Can you add a feature to remove duplicate numbers in phone contacts
This is good:good:, but feel they have two or more contacts,
numbers on the phone does not directly connect to facebook
hanifbsk said:
Can you add a feature to remove duplicate numbers in phone contacts
This is good:good:, but feel they have two or more contacts,
numbers on the phone does not directly connect to facebook
Click to expand...
Click to collapse
what do you mean by duplicate numbers?
hisname said:
what do you mean by duplicate numbers?
Click to expand...
Click to collapse
I have a lot of duplicate numbers in the phone
eg for my number, there are 4 same name in the phonebook,
and it automatically removes it,
and hope this app can change the google phonebook, not only the number on the application
niranjan94 said:
The app looks pretty nice ... :good: ... And the WebSIte Design ... AWESOME !! (may i ask who made the website ?) .... Keep up ... !! :good:
Click to expand...
Click to collapse
thanks! our in-house front-end guy plus designer made it.
honki24 said:
Looks awesome. can we get a dark theme?
Click to expand...
Click to collapse
We've had a few requests for theme customization. right now, we're busy with bug fixes and core features, but we're hoping to get to a place where we can work on themes. We know the blue is super bright, and some people like it, some people don't.
exadeci said:
I'm not trying to discredit your app but what does it bring that the others don't have ? I tried it works exactly like https://play.google.com/store/apps/details?id=com.callapp.contacts that is my main contacts app
Click to expand...
Click to collapse
Yeah. CallApp is our main competitor - and right now we do pretty much the same thing. But we're tryna eventually leapfrog them.
hanifbsk said:
Can you add a feature to remove duplicate numbers in phone contacts
This is good:good:, but feel they have two or more contacts,
numbers on the phone does not directly connect to facebook
Click to expand...
Click to collapse
Not sure what's happening there but Contactive SHOULD be taking care of your duplicate numbers. There's also an option to manually merge/link profiles when you go into an individual profile and hit settings. Could you shoot us an email at [email protected]?
PS. Thank you to @TheRomMistress for the article!
I'm trying to wrap my brain around how your app works and where the line in privacy is.
Without actually installing your app, my theory is...
* Your app takes a snapshot of my address book and pushes that to a 3rd party service
* This service builds up a database of numbers, names, and useful information to find people on social networking sites
* Some of this information is pushed back down to the user for their particular contact
* Once a call comes in, if the user already exists the app should know which accounts on what social networks the pole for the callers most recent postings
* If the caller doesn't exist in the address book, a quick ping off to the 3rd party service is made to request any known information on this new caller's phone number, and that's pushed back down to the user and relevant content is shown
Is all that approximately correct or do I have it all backwards? Thanks!
I'm really liking the layout of this app. Good work! Could you guys incorporate a way to turn of the dialer sound?
rubin110 said:
I'm trying to wrap my brain around how your app works and where the line in privacy is.
Without actually installing your app, my theory is...
* Your app takes a snapshot of my address book and pushes that to a 3rd party service
* This service builds up a database of numbers, names, and useful information to find people on social networking sites
* Some of this information is pushed back down to the user for their particular contact
* Once a call comes in, if the user already exists the app should know which accounts on what social networks the pole for the callers most recent postings
* If the caller doesn't exist in the address book, a quick ping off to the 3rd party service is made to request any known information on this new caller's phone number, and that's pushed back down to the user and relevant content is shown
Is all that approximately correct or do I have it all backwards? Thanks!
Click to expand...
Click to collapse
Iam totally agree with RUBIN110..Big concern is privacy .I'm not trying to discredit your app but App from Newyork ..,,,Whats About NSA?..Whats about U.S. and British government mass surveillance programs?
I really like the look of the app and I want to use it, but I'm concerned about the privacy aspects.
Do you collect the data and use or store it outside of this app?
rubin110 said:
I'm trying to wrap my brain around how your app works and where the line in privacy is.
Without actually installing your app, my theory is...
* Your app takes a snapshot of my address book and pushes that to a 3rd party service
* This service builds up a database of numbers, names, and useful information to find people on social networking sites
* Some of this information is pushed back down to the user for their particular contact
* Once a call comes in, if the user already exists the app should know which accounts on what social networks the pole for the callers most recent postings
* If the caller doesn't exist in the address book, a quick ping off to the 3rd party service is made to request any known information on this new caller's phone number, and that's pushed back down to the user and relevant content is shown
Is all that approximately correct or do I have it all backwards? Thanks!
Click to expand...
Click to collapse
As the lowly intern, this is my understanding of how it works - from both asking a bunch of questions and sitting next to the dev guys everyday listening to what they talk about:
You got it mostly correct.
1. yes. The app saves your address book in Contactive's database and stores links (not info) to matching social network profiles. This info is NOT shared with 3rd party services.
2. yes. The service builds up a database of the following: name, number, social network IDs
3. yes. The info you see for a particular contact all depends on what info you can see if you were to visit that user's Facebook page. For example, if you are friends with Alex, all of the info you can normally see on Alex's Facebook will show up within Contactive. If you are NOT friends with Alex, only the info Alex has made public will be seen within Contactive.
4. yes - IF 1. you are friends with them already on the social networks you connect to Contactive, and/or 2. Contactive's database has connected that number to a specific social network account.
5. yes. If the caller doesnt exist in your address book, requests are sent to Contactive's database and third parties such as yelp, facebook, etc - all the different sources we use.
gaquarian said:
Iam totally agree with RUBIN110..Big concern is privacy .I'm not trying to discredit your app but App from Newyork ..,,,Whats About NSA?..Whats about U.S. and British government mass surveillance programs?
Click to expand...
Click to collapse
We're pretty sure if the NSA wanted any of the info we have, they can get it off of Facebook. LOL
imtoomuch said:
I really like the look of the app and I want to use it, but I'm concerned about the privacy aspects.
Do you collect the data and use or store it outside of this app?
Click to expand...
Click to collapse
Nope. We don't use or store it for anything other than to bolster our caller ID feature. We won't sell any of our information either.
Are you able to add an option to silence the key press tone?
peedub said:
Are you able to add an option to silence the key press tone?
Click to expand...
Click to collapse
youre actually the second person today to ask about that. I'll bring it up to the dev team and report back.
Looks cool. Any plans for a dark theme and integrating call block( damn telemarketers)
Sent from my SGH-T999 using Tapatalk 2

Categories

Resources