My devmaster.net email address is now in the hands of spammers.

49d03f4858f16c002c085a615130fdd1
0
edam 101 Dec 18, 2012 at 15:59

Here are the facts:

  • I use unique email addresses for each site/company.
  • The email address I use with devmaster.net has *ONLY* been used to register with these forums.
  • The email address I use with devmaster.net is sufficiently random to not be guessable.
  • I signed up with devmaster.net 30th May 2012 to post this post. (This has been my only interaction with the site, until now.)
  • Today I received spam (alledgedly from fremanfighter@dune.com) to the email address.
  • The email I received was entirely unrelated to devmaster.net.

I notice that I am not the first person to report this.

So, it seems reasonable to concluding the following.

Either:

a/ devmaster.net has had a serious security breach,or

b/ devmaster.net user email addresses are being given (sold) to unrelated third parties (spammers), in violation of the site’s privacy agreement.

Either way, I seriously doubt that I am the only person who would like to hear what the site maintainers have to say about this.

16 Replies

Please log in or register to post a reply.

A638aa42130293f319eda7fa4ba121f4
0
fireside 141 Dec 18, 2012 at 19:13

This sounds like someone used the private message system to spam you. I seriously doubt that it could be they sold your email address and you only got one piece of spam in that amount of time. It’s not the same as giving out your address if they used the PM system. The PM system only notifies you of the message, it doesn’t give out your address.

I’m not a site maintainer or anything, just your conclusions don’t sound totally logical.

49d03f4858f16c002c085a615130fdd1
0
edam 101 Dec 19, 2012 at 11:05

@fireside

This sounds like someone used the private message system to spam you.

I think this is extremely unlikely. I find it very difficuly to believe that a notification email from devmaster.net that someone had PM’ed me would be totally unidentifyable as having come from devmaster.net.

Back in 2009, when this was previously reported, the site admins acknowledged that the devmaster database had been compromised. So I can’t help but wonder if this is the case again.

It would be nice to hear from the site admins.

Fdbdc4176840d77fe6a8deca457595ab
0
dk 158 Dec 20, 2012 at 06:56

First of all, I can assure you that DevMaster.net never sells, licenses, or shares your information with third-parties. We take security of the site very seriously, so we’ll look into this to determine if there was any compromise.

Please forward me the email that you got to “dia at devmaster.net” and we’ll investigate it.

49d03f4858f16c002c085a615130fdd1
0
edam 101 Dec 20, 2012 at 11:56

@Dia

First of all, I can assure you that DevMaster.net never sells, licenses, or shares your information with third-parties. We take security of the site very seriously, so we’ll look into this to determine if there was any compromise. Please forward me the email that you got to “dia at devmaster.net” and we’ll investigate it.

Hi Dia, thanks for the reply.

I have forwarded you the email. I would be very interested to hear what you learn fro your investigations.

8e156032c689e2c371468d2a2f223db8
0
Kippesoep 101 Dec 23, 2012 at 21:27

I have had the same thing. I also use a unique address and also received a message from the same address edam listed. A message with a passionate plea about how there should be more guns in the US (oh, yes, please do, and just kill the other gunslingers, but keep it out of my frigging country). Not only do I disagree with that nutcase, but the fact that he is spamming it to e-mail addresses from members here is rather worrying.

Update 2012-12-27: Another one, from the same sender.

49d03f4858f16c002c085a615130fdd1
0
edam 101 Jan 04, 2013 at 14:54

@Kippesoep

A message with a passionate plea about how there should be more guns in the US

Mine too.

Here’s an excerpt:

The primary-school shooting in Newtown, Connecticut, approximately 45 miles from the Colt Arms Factory, is just another one in the long line of government psyops designed to persuade the public to allow the government to take away their guns, and their means to defend themselves against the government and the banksters that the politicians really serve. The small children murders are designed to create hysterical emotions in women to get them to demand that guns are banned. If that doesn’t work they will continue with their evil agenda with worse and worse atrocities on younger children, until they get their way and disarm the people, so that they cannot fight back against government tyranny.

@Dia: Any word on how this happened? This would seem to be a serious security breach.

1d770d71a97146bb3fe3a8fb9250736b
0
darkyy 101 Jan 06, 2013 at 10:06

I have personally not gotten this mail nor any mail from the account sending it, but I do find alot of references to that email, completely unrelated to devmaster.net, and if somehow there has just been a coincidence that the mail has been guessed, could be one reason.

Another interesting notice people saying they have an unique mail to certain websites where they say they’ve started getting spam. 80% off these I found used vBulletin or IPB could be an exploit. Could be coincidence of course, but when it comes to forum software I rarely trust them THAT much. ; )

49d03f4858f16c002c085a615130fdd1
0
edam 101 Jan 18, 2013 at 15:14

@Dia: any word on what happened? It’s been a month now.

@darkyy: it is extremely unlikely that this email was guessed. My guess would also be a vulnerability in the site somewhere. It’d be nice to have some feedback about it.

Fdbdc4176840d77fe6a8deca457595ab
0
dk 158 Jan 21, 2013 at 09:51

Yes, it looks like DevMaster has been recently compromised by a security vulnerability of the forum software. We’ve been trying to investigate if other systems were compromised. So far, it looks like only the forums database was affected, from which the emails were obtained. The forums software has already been patched with the latest security updates.

Unfortunately, due to the popularity of the forum software we’re using, such security vulnerabilities are inevitable. However, this really speaks to the importance of ensuring we regularly stay up-to-date with the software. We’re going to take measures to ensure such updates are applied immediately after they’re announced.

We’re deeply sorry for this. In the coming months, we’ll be overhauling the forum software with a custom one that better integrates with the rest of the site, which will hopefully dramatically reduce the probability of this happening again.

B5262118b588a5a420230bfbef4a2cdf
0
Stainless 151 Jan 21, 2013 at 10:01

I don’t understand spammers.

I mean , have any of you EVER followed a link in a spam mail?

Just what makes it so useful?

It’s like these companies that use automated phone callers, has anyone ever done anything other than yell down the phone at them.

49d03f4858f16c002c085a615130fdd1
0
edam 101 Jan 24, 2013 at 19:52

@Dia: Thanks for the update. And thanks for being so honest about what’s happened.

@Stainless: No, but you have to remember that they’ll send billions of emails and it only takes one in a thousand for it to be worth it for them. Also, it acts as a non-idiot filter, so only those who are most gullible (and therefore most susceptible to whatever scam they’re peddling) will reply/click.

Fd80f81596aa1cf809ceb1c2077e190b
0
rouncer 104 Jan 25, 2013 at 07:43

Have a look at reedbetas post on 2d vectors (Move in Any 2D direction. (Server)), something strange is going on.

A8433b04cb41dd57113740b779f61acb
0
Reedbeta 168 Jan 25, 2013 at 07:58

Hmm…something strange is indeed going on! I’m sure I put a link to xkcd’s “lucky 10,000” comic in there, but now the paragraph is gone…did someone edit it? (And rouncer, why did you post in this thread?)

Fdbdc4176840d77fe6a8deca457595ab
0
dk 158 Jan 25, 2013 at 08:39

@rouncer, what was wrong with Reedbeta’s post exactly?

Fd80f81596aa1cf809ceb1c2077e190b
0
rouncer 104 Jan 25, 2013 at 10:10

oh, woops sorry - i thought someone was tampering with the posts, no sorry - i thought that web comic was spam thats all, no sorry its ok. :)

A8433b04cb41dd57113740b779f61acb
0
Reedbeta 168 Jan 25, 2013 at 15:51

Haha, okay, I can see how what I posted might’ve looked like spam. :)