XDA Security Breach Email Address Leak

schnopp · Feb 25, 2014

This morning (in New Zealand) I received a phishing email purporting to be from GuildWars2.

I have a specific email address I use for XDA. I have never used this address for anything else in the world. I have hardly ever logged on.

This suggests to me that at minimum XDA is leaking email addresses. Who knows what else?

schnopp

bitpushr · Feb 28, 2014

schnopp said:
This morning (in New Zealand) I received a phishing email purporting to be from GuildWars2.

I have a specific email address I use for XDA. I have never used this address for anything else in the world. I have hardly ever logged on.

This suggests to me that at minimum XDA is leaking email addresses. Who knows what else?

schnopp

Thanks for the report, we are aware of some sort of email leak but haven't been able to track down the source. There has been extensive coverage of it on this thread (please continue discussion there: http://xdaforums.com/showthread.php?t=1835116). It looks like the breach/email leak occurred in Dec 2011 because only emails set up on XDA from before then have been receiving spam. The spam is always about Diablo and GuildWars2. We don't have any indication that anything else was taken (the whole db or password hashes for example) but just as a general good practice we recommend changing passwords at a regular interval and using unique passwords on every site that you use.

Closing this thread, if you have any other comments please make them on that original thread.

Topics

Topics

XDA Security Breach Email Address Leak

schnopp

New member

bitpushr

Retired XDA:Administrator

Similar threads

New posts