Email leakage - About xda-developers.com

Dear admins,
I received this email from paypal this morning.
http: imgur.com/hRcDthL
Background:
- Email was registered with xda using yahoo address guard since 2010.
- Emails are forwarded to gmail account
- I am not an active contributor but i do frequent this site a lot to find info.
- My xda account details are not set to public
- Other services which have this email address is tapatalk
I believe the email is legit, as it has been signed by paypal and verified by gmail.

@bitpushr

zfuyuan said:
Dear admins,
I received this email from paypal this morning.
http: imgur.com/hRcDthL
Background:
- Email was registered with xda using yahoo address guard since 2010.
- Emails are forwarded to gmail account
- I am not an active contributor but i do frequent this site a lot to find info.
- My xda account details are not set to public
- Other services which have this email address is tapatalk
I believe the email is legit, as it has been signed by paypal and verified by gmail.
Click to expand...
Click to collapse
Thanks for the heads up - I think the concern here is that your email address has been discovered via XDA. There was another thread where people were getting spams to XDA-only email accounts, where the accounts were all created before 2012. It would appear that at some point email addresses were recoverable from XDA, however we are not sure if it is via a privacy exploit on a web page, a 3rd party service (like tapatalk) or database dump. We don't have any evidence of anything besides people with XDA-only email addresses getting emails. What we would recommend is changing your password on XDA (and all sites!) occasionally just in case there was a database dump, and we have looked into any privacy exploits on our servers and are not aware of any now (or in the past).
Hope that helps.

Related

Accounts @mailtomymobile.com available now!

Fellow XDA Users!
I have set up a mail system hosted by Google with the domain name 'mailtomymobile.com'.
You can have an account there if you'd like one - it's based on Googlemail, so you get all the features ofGmail - large disk capacity, full web access, forwarding, spam filtering etc, and of course, you can access it via POP3 or preferably IMAP on your XDA.
There is a limit of 500 user acocunts available beyond which it is not financially viable... if you'd like an account, I'm asking for a one-off donation for setup of £10 (20 USD)... some of the funds generated will be donated to this site and xdasite.com to contribute towards running costs. PrivateMessage me or email [email protected] with the username you require and a secondary email address where the login information etc can be sent, and I'll get back to you with more details. Usernames are, of course, first come, first served.

Accounts @mailtomymobile.com now available!

Fellow XDA Users!
I have set up a mail system hosted by Google with the domain name 'mailtomymobile.com'.
You can have an account there if you'd like one - it's based on Googlemail, so you get all the features ofGmail - large disk capacity, full web access, forwarding, spam filtering etc, and of course, you can access it via POP3 or preferably IMAP on your XDA.
There is a limit of 500 user accounts available beyond which it is not financially viable... if you'd like an account, I'm asking for a one-off donation for setup of £10 (20 USD)... some of the funds generated will be donated to this site and xdasite.com to contribute towards running costs. PrivateMessage me or email [email protected] with the username you require and a secondary email address where the login information etc can be sent, and I'll get back to you with more details. Usernames are, of course, first come, first served.

Comprimised XDA email database? ([EN]Diablo III Account Locked - Action Required)

Today, I received a scam email to the account I created solely to join XDA developers, eg [email protected]
My privacy settings do not allow other users to send me email., Are there any other users who have recently received a similar email (see below)? Has the email database of xda been compromised?
Greetings
It has come to our attention that your account is involved in illegal transactions. As you may not be aware of, this conflicts with the EULA and Terms of Agreement.
Terms of Use: (http://www.worldofwarcraft.com/legal/termsofuse.html).
It will be ongoing for further investigation by Blizzard Entertainment's employees.
If you wish to not get your account suspended you should immediately verify your account ownership.
You must complete the steps below to secure the account and your computer.
STEP 1: ACCOUNT INVESTIGATION
We now provide a secure website for you to verify that you have taken the appropriate steps to secure the account, your computer, and your email address.
Click on the link below to verify your e-mail address of the Battle.net account:
https://www.battle.net/account/d3/login-support.html (this link is falsified in the email)
If you can’t click the link above, copy and paste the entire URL into your browser.
STEP 2: VERIFY YOUR SUBMISSION WAS RECEIVED
We will contact you with further instructions once we have received and processed your submission. If you do not receive a reply within 48 hours of submitting this form, please resend it from the address listed above.
Please be aware that if unauthorized access to this account, it may lead to further action against the account.
We understand that these policies may seem harsh, but they are in place to ensure that every player is able to enjoy their time in game. Thank you for respecting our position.
Please do not reply to this email as you will receive an automated response.
Regards,
Thary
Account Administration Team
Blizzard Entertainment 2012
Click to expand...
Click to collapse
gnac said:
Today, I received a scam email to the account I created solely to join XDA developers, eg [email protected]
My privacy settings do not allow other users to send me email., Are there any other users who have recently received a similar email (see below)? Has the email database of xda been compromised?
Click to expand...
Click to collapse
Yes, I received the exact same email
Title of email was Diablo 3 but email is about WoW? These scammers are getting more stupid
I haven't got the email
Sent from my Galaxy Nexus using Tapatalk 2
I've had this before and suffered no ill effects because of it. It's a very common one.
Someone brought this up before and our server guy assures us that our database has not been compromised. If it's a Gmail account then set up the extra security features and view the log in info for peace of mind.
Obviously you shouldn't reply or anything but you already knew that...
Sent From My Fingers To Your Face.....
Is it by any chance hotmail?
They had an issue not long ago when loads of people got spammed with these, reporting them to blizzard themselves can help them bring them down
Sent from my Galaxy Nexus using Tapatalk 2
I received the Diablo III email today to my customised account as well. It is using my own email server, not hotmail, gmail or any of the other online free ones and the format is [email protected] I don't use this email address anywhere else and I've never written it in a publicly viewable area. I've checked my XDA account and as far as I can see the email address is not publicly visible. I use customised addresses like this for each site I register with so I can tell where spam email is coming from, so exactly this kind of situation.
Just got my first email spam (also a diablo III phish) to my specific xda email address. The only other gaming related phishing emails I get is to a email address that was forum compromised several years ago. This is also not generated from a dictionary attack to my server.
Your email address database may not have been compromised, but I would not be surprised if one of your moderators / admins or such that has visible access to visible email addresses on the forums is being screen scraped by a virus.
Could be although the last time I posted here (besides in this thread) was months ago, in March.
othermark said:
Just got my first email spam (also a diablo III phish) to my specific xda email address. The only other gaming related phishing emails I get is to a email address that was forum compromised several years ago. This is also not generated from a dictionary attack to my server.
Your email address database may not have been compromised, but I would not be surprised if one of your moderators / admins or such that has visible access to visible email addresses on the forums is being screen scraped by a virus.
Click to expand...
Click to collapse
We have checked our own logs to look for any kind of suspicious activity like scraping, and I believe none was found. The list of privileged accounts is checked regularly, along with removal from anyone no longer requiring it, to prevent this.
We continue to investigate. I've got a number of accounts on XDA registered with different email addresses though, and haven't seen anything like this. I'll continue to look into this.
Thanks for your diligence. As we all know the email account listing swipe/accrual/etc didn't have to be anything recent. This could be from anytime between 2010 and now, somebody has just managed to monetize/find usefulness in the data currently.
There's another thread about this with more replies over here.
Same here
Got the same email today.
I'll flag the server admin, though I'm not sure it's on our end as our database is secure and we don't share any contact details.
Also, another thread exists on this so let's just use one: http://forum.xda-developers.com/showthread.php?t=1835116

E-mail Address Change

I tried to update my e-mail address some days ago, from my old domain to my one, but couldn't get your Web site to send me an activation e-mail to verify the new e-mail address for the life of me. I'd submitted the contact form with all information requesting manual assistance/intervention to facilitate the re-activation/verification of my account. However, no reply has been received.
As such, I was forced to update my e-mail address back to my old domain and received the verification e-mail there (which, by the way, forwards to my new address/domain). There was a bit of a delay from the time that I submitted the e-mail address and when I received the e-mail, but at least, it eventually arrived.
Can somebody please offer some assistance in getting my new e-mail address associated with my account and activated? I have no issue receiving mail from anywhere else at my new address, and yes, I checked the junk/SPAM folder for it.
stew721 said:
I tried to update my e-mail address some days ago, from my old domain to my one, but couldn't get your Web site to send me an activation e-mail to verify the new e-mail address for the life of me. I'd submitted the contact form with all information requesting manual assistance/intervention to facilitate the re-activation/verification of my account. However, no reply has been received.
As such, I was forced to update my e-mail address back to my old domain and received the verification e-mail there (which, by the way, forwards to my new address/domain). There was a bit of a delay from the time that I submitted the e-mail address and when I received the e-mail, but at least, it eventually arrived.
Can somebody please offer some assistance in getting my new e-mail address associated with my account and activated? I have no issue receiving mail from anywhere else at my new address, and yes, I checked the junk/SPAM folder for it.
Click to expand...
Click to collapse
To change the email in your xda account, just login to xda, then navigate to "Control Panel" (at the top - right, under your "Welcome, ..." your xda-name).
Then navigate to "Your Profile" > "Edit Your Details" > "EMAIL & PASSWORD" click on the bttuon "Edit EMAIL & PASSWORD".
Alternatively you can navigate to "SETTINGS & OPTIONS" > "Edit EMail & Password".
You should also check your general options under "SETTINGS & OPTIONS" > "Edit Options" > "Messageing & Notification".
stew721 said:
I tried to update my e-mail address some days ago, from my old domain to my one, but couldn't get your Web site to send me an activation e-mail to verify the new e-mail address for the life of me. I'd submitted the contact form with all information requesting manual assistance/intervention to facilitate the re-activation/verification of my account. However, no reply has been received.
As such, I was forced to update my e-mail address back to my old domain and received the verification e-mail there (which, by the way, forwards to my new address/domain). There was a bit of a delay from the time that I submitted the e-mail address and when I received the e-mail, but at least, it eventually arrived.
Can somebody please offer some assistance in getting my new e-mail address associated with my account and activated? I have no issue receiving mail from anywhere else at my new address, and yes, I checked the junk/SPAM folder for it.
Click to expand...
Click to collapse
I have changed your email address, and sent you a test email. You do not need to activate the address, but please ensure you can receive emails, or you'll lose features like password reset, and subscriptions.
pulser_g2 said:
I have changed your email address, and sent you a test email. You do not need to activate the address, but please ensure you can receive emails, or you'll lose features like password reset, and subscriptions.
Click to expand...
Click to collapse
Thanks for that. I'll check my e-mail later when I get a chance.
It's weird though as XDA has been the only place that I'd not received e-mail from directly. All other activation e-mails were delivered almost instantly. That, and I heavily depend upon e-mail for my business. My clients have never reported any issues either.
With that said, my old domain forwards to my new one. And, I know that e-mails from XDA to it are forwarded on to my new address without issue.
Perhaps, if you have an administrator who could check your mail server at some point when they have a chance for any frozen mail to the new address or any other failures. Offhand, at the moment, I'm not sure as to why there are issues with XDA only.
--
Sent via Tapatalk 2 from my TELUS HTC Amaze 4G on the Fido network.
stew721 said:
Thanks for that. I'll check my e-mail later when I get a chance.
It's weird though as XDA has been the only place that I'd not received e-mail from directly. All other activation e-mails were delivered almost instantly. That, and I heavily depend upon e-mail for my business. My clients have never reported any issues either.
With that said, my old domain forwards to my new one. And, I know that e-mails from XDA to it are forwarded on to my new address without issue.
Perhaps, if you have an administrator who could check your mail server at some point when they have a chance for any frozen mail to the new address or any other failures. Offhand, at the moment, I'm not sure as to why there are issues with XDA only.
--
Sent via Tapatalk 2 from my TELUS HTC Amaze 4G on the Fido network.
Click to expand...
Click to collapse
I'll ask him to check the outgoing mail logs, but AFAIK our servers are set up correctly (else I think more than one person would have issues! )
pulser_g2 said:
I'll ask him to check the outgoing mail logs, but AFAIK our servers are set up correctly (else I think more than one person would have issues! )
Click to expand...
Click to collapse
I'd meant to reply here a few days ago, but have been busy with work. However, I'm now receiving e-mails from XDA to my new domain. Please thank whoever did whatever to fix the issue.

I am receiving SPAM-Mails to the mail address I am registred at xda-developer

I am using a unique mail address to register at xda-developers - now i am receiving spam-/phishing-mails (Diablo III account phishing e.g.) to this email address. How can that be. I never used this unique mail address anywhere else. Do you have a leak in your database oder do you sell account data?
XDA never sells account data, but could be a database issue.
Sent from my GT-P3100 using xda app-developers app
I received 2-4 mails but i don't know the mail's author before... but i hope xda :good:
hstop said:
I am using a unique mail address to register at xda-developers - now i am receiving spam-/phishing-mails (Diablo III account phishing e.g.) to this email address. How can that be. I never used this unique mail address anywhere else. Do you have a leak in your database oder do you sell account data?
Click to expand...
Click to collapse
I also just received one today; I have never received one in the past, so I am rather upset that my xda-developers-only email address has been somehow leaked. I noticed that privacy settings on this account were at their most permissive, so I tightened them all up, though I don't think that allowed people to see the email address I provided here.
I have changed both my email address and password here just in case.
As a side note, I use Tapatalk to read/post on this forum sometimes; could that be a possible vector?
I would highly suggest that the management of this site and board make a serious investigation into the leaking of our email addresses.
- Tim
We have investigated this and haven't been able to identify any leaks of information, and we do not sell any member data. If this concerns you we recommend changing your XDA Email address as well as updating your password (it is a good idea to do this at a regular interval anyway).
Closing this thread as there is already a lengthy thread regarding this topic and it seems to be the exact same spam email.

Categories

Resources