Just thought you may all want to know that an email address, very specific to this site and only used on this site about 4 times last year has today been bombarded by phishing emails.
My profile has always been set to not give out my email address so its not been obtained that way. This would suggest that user information has leaked from this site.
The fact I was able to have my password emailed to me also suggests that passwords are stored in a non-hashed format, ie not protected at thier end - very unsual these days - this would suggest that if email addresses have leaked, so have passwords.
I have tried to contact the administrators but they have not replied so please be aware.
Regards
CC
|
I raised this a while ago - same story, two email addresses honestjohn@mydomain and hj1@mydomain both get regular phishing attacks.
Various other people replied reporting the same.
Site admin poo-pooed our concerns.
The site was hacked a while ago.
I know what I think, and my opinion of the site admin isnt as high as it was.
|
|
|
This would suggest that user information has leaked from this site.
You obviously didn't see the announcement made on the 25th June 2009?
www.honestjohn.co.uk/forum/post/index.htm?t=76204
I have tried to contact the administrators but they have not replied so please be aware.
You sent the email at 11:36am. No offence, but we do get quite a few emails to plough though on a daily basis, besides trying to fit in a full time job and moderate the forum. A little patience wouldn't go amiss on your part.
By far the simplest thing for you to do is to set up a filter in your email software saying if email arrives addressed to xxxx@yyyy.com , then delete it.
As all has been explained in the above link, I don't think there is any need for further discussion.
Locked. DD - BR Moderator.
Edited by Dynamic Dave on 12/10/2009 at 20:54
|
|
|
Dave
By locking my previous thread I guess you were attempting to stifle further debate, and I guess to also prevent any reply to what was a terse and unfriendly reply ? to which I do take offence! Certainly not called for - I do not regularly visit and so was not aware of all the problems you have been having. Certainly on my last visit I remember people being really helpful. Given that my last message has been viewed 214 times in a matter of hours suggests it is very much relevant - why did you lock the thread?
>>You obviously didn't see the announcement made on the 25th June 2009?
>>www.honestjohn.co.uk/forum/post/index.htm?t=76204
No Dave ? I too have a day job so didn?t have time to trawl the 30,000 odd threads to find this one, nor did a quick search return anything - but thank you for letting me know ? it?s a shame an email was not sent to all users notifying them of such a serious breach as soon as you became aware.
>>You sent the email at 11:36am. No offence, but we do get quite a few emails to >>plough though on a daily basis, besides trying to fit in a full time job and
>>moderate the forum. A little patience wouldn't go amiss on your part.
Unfortunately I now get lots of emails too! Maybe an apology for losing my user details would go amiss here either.
>>As all has been explained in the above link, I don't think there is any
>>need for further discussion.
Why not? I read in that thread about encrypting passwords by 1st July ? I can only conclude that has not been done as my password was emailed to me today. Suggesting one way hash functions (pretty standard stuff for about 5 years now) to prevent further embarrassing attacks have not been implemented.
Given the circumstances that you store this information in such a weak way - your inviting attacks.
CC
|
This was debated at length ages ago. The fact you didn't visit around that time is not our problem. So this is locked and merged with your original post.
Just let us know and we can delete your account.
Rob (another moderator)
Edited by rtj70 on 12/10/2009 at 22:23
|
Whenever I sign up for membership of a website such as this one, I use a unique e-mail address (eg for this site, the address I used was honestjohn@my domain dot com). I have today started to receive phishing e-mails addressed to this specific (honestjohn) e-mail address - which has never been given out to any other website. In other words, some or all of the Honest John membership details, including e-mail addresses, has been stolen or leaked.
Moved from Computer Related Questions. smokie, Moderator
Edited by smokie on 13/10/2009 at 19:17
|
|
|
|
