FORUMS

XDA Security Breach Email Address Leak

3 posts
Thanks Meter: 0
 
By schnopp, Junior Member on 25th February 2014, 10:58 PM
Thread Closed Subscribe to Thread Email Thread
This morning (in New Zealand) I received a phishing email purporting to be from GuildWars2.

I have a specific email address I use for XDA. I have never used this address for anything else in the world. I have hardly ever logged on.

This suggests to me that at minimum XDA is leaking email addresses. Who knows what else?

schnopp
 
 
28th February 2014, 01:43 PM |#2  
bitpushr's Avatar
XDA:Administrator
Thanks Meter: 1,514
 
More
Quote:
Originally Posted by schnopp

This morning (in New Zealand) I received a phishing email purporting to be from GuildWars2.

I have a specific email address I use for XDA. I have never used this address for anything else in the world. I have hardly ever logged on.

This suggests to me that at minimum XDA is leaking email addresses. Who knows what else?

schnopp

Thanks for the report, we are aware of some sort of email leak but haven't been able to track down the source. There has been extensive coverage of it on this thread (please continue discussion there: http://forum.xda-developers.com/show....php?t=1835116). It looks like the breach/email leak occurred in Dec 2011 because only emails set up on XDA from before then have been receiving spam. The spam is always about Diablo and GuildWars2. We don't have any indication that anything else was taken (the whole db or password hashes for example) but just as a general good practice we recommend changing passwords at a regular interval and using unique passwords on every site that you use.

Closing this thread, if you have any other comments please make them on that original thread.
Thread Closed Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes