Originally Posted by schnopp
This morning (in New Zealand) I received a phishing email purporting to be from GuildWars2.
I have a specific email address I use for XDA. I have never used this address for anything else in the world. I have hardly ever logged on.
This suggests to me that at minimum XDA is leaking email addresses. Who knows what else?
Thanks for the report, we are aware of some sort of email leak but haven't been able to track down the source. There has been extensive coverage of it on this thread (please continue discussion there: http://forum.xda-developers.com/show....php?t=1835116
). It looks like the breach/email leak occurred in Dec 2011 because only emails set up on XDA from before then have been receiving spam. The spam is always about Diablo and GuildWars2. We don't have any indication that anything else was taken (the whole db or password hashes for example) but just as a general good practice we recommend changing passwords at a regular interval and using unique passwords on every site that you use.
Closing this thread, if you have any other comments please make them on that original thread.
Current Phone: Nexus 5 (Android L)
Secure Hash: 79C7D3CDA80B4A657A215DD020586AA38C9C7A685F039F46E0 98CF4D107A3D427A9FA590CE3D