Your Forum is leaking e-mail addresses

[rothi]

Hi Alltogether

Your Forum leaked my E-mail Address to spammers. Maybe you should check your Systems and check how this happened. I'm sure the information has been stolen from your System because I use a dedicated mail address for each sign up I do. Now I have to change the E-Mail Address here. Please be more careful with my information next time!

Regards, Rothi

[SKaero]

We've been alerted to the compromis http://www.roundcubeforum.net/10-miscellaneous/30-forum-feedback/9412-email-database-compromise.html we will get this taken care of right away, sorry for the problems.

[mailaddict]

Hi,

same here, my e-mail address (dedicated/unique address for this forum) is spammed 3 to 4 times a day since a few days.

Headers:

Code: [Select]


Return-Path: <gjiyyuzky@harding62.fsnet.co.uk>
X-Original-To: <<unique@mydomain>>
Delivered-To: <<myserver>>
Received: from harding62.fsnet.co.uk (84.122.34.35.dyn.user.ono.com [84.122.34.35])
by [[myserver]] (Postfix) with SMTP id B6FB4361603
for <<unique@mydomain>>; Tue, 21 Feb 2012 22:07:31 +0100 (CET)
Received: from [22.186.97.73] by snmp.otwaloow.com with ESMTP; Tue, 21 Feb 2012 14:49:35 -0600
Received: from smtp4.cyberemailings.com ([100.231.64.116]) by smtp.endend.nl with QMQP; Tue, 21 Feb 2012 14:41:36 -0600
Received: from unknown (106.175.137.47)
by external.newsubdomain.com with NNFMP; Tue, 21 Feb 2012 14:27:19 -0600
Received: from m1.gns.snv.thisdomainl.com [154.59.164.168] by qnx.mdrost.com with SMTP; Tue, 21 Feb 2012 14:26:01 -0600
Received: from smtp.doneohx.com [210.102.66.143] by asx121.turbo-inline.com with SMTP; Tue, 21 Feb 2012 14:16:53 -0600
Message-ID: <D0B6EF7C.DDE0F1EF@harding62.fsnet.co.uk>
Date: Tue, 21 Feb 2012 14:16:53 -0600
From: &quot;Fun Girl&quot; <gjiyyuzky@harding62.fsnet.co.uk>
MIME-Version: 1.0
To: <<unique@mydomain>>
Subject: Welcome!


Content:

Code: [Select]

Hello How are you doing? I enjoy your page.

Do you want to check my own private images?

Email me at jillenetcq865@hotmail.com and i'll answer back with my private pics.

<>


Should we change passwords / e-mail addresses? If yes, you should post a public announcement.

Regards, mailaddict

[SKaero]

Unfortunately I don't know how big of breach has occurred since I don't control the forum software or the server I have passed along the situation to the forum administrator and awaiting to hear back.

[Volnhar]

I've been getting the same thing as well. Around 5 to 10 emails a day. I create email accounts for each forum that I belong to.

Looks like I'll be doing a new one soon for here.

Changing my password as well.

[rothi]

Good point to change the password aswell

Its a good thing to have individual addresses for each service and then let them forward to a catchall-address. The roundcubeforum.net@mydomain.com address is now forwarding to spam@mydomain.com
Strange thing that those addresses got leaked as I'm considering vBulleting as very secure. Hope that it was just a little breach and not that your server has been compromised... Good luck then...

Maybe an official announcement would be good letting users know that something happened and that they should update their credentials.