Results 1 to 4 of 4
  1. #1
    5 Star Lounger ibe98765's Avatar
    Join Date
    Aug 2001
    Location
    Bay Area, California, USA
    Posts
    968
    Thanks
    19
    Thanked 4 Times in 4 Posts

    Fixya.com email addresses hacked

    I used Fixya once in the past and the ID over there has been languishing. Yesterday, I received a nicely constructed spam email using the Fixya registration email address. Huh?

    I sent a version of the below email to Fixya to warn them but all I got in return today was a form letter saying [summary] "we are concerned with privacy and security and everything is good here".

    I thought I would post the info elsewhere so others can keep an eye out if they happen to have a Fixya registration. You might want to change your email address.

    -----------------

    I used the disposable email address nwp9-x7y1@xemaps.com for registering for the Fixya forums. NO ONE ELSE HAD THIS ADDRESS!

    Unfortunately, either Fixya has started selling email addresses or you have been hacked or some renegade employee has stolen and sold your email address file (and what else, one wonders?).

    Evidence is a spam email I received this morning directed to my Fixya email address (again, an address that has only been used to register for the Fixya forums):

    http://i.minus.com/ioygWSNBQlDbZ.jpg

    I have around 200 disposable spamex email addresses and this is the only one that has received this (or any) spam email. So the problem must be with FIxya.

  2. #2
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    ibe,

    is the text below the break-line the copy of your email from "fixya"? If so, you may wish to remove the link to what might be a dangerous site i [dot] minus [dot] com [forward-slash] ioygWSNBQlDbZ [dot] jpg.

    Anyway, one possibility is that your fixya address just happens to have been hit by a botnet probing for valid email addresses. One attack vector these guys use is to deluge randomly named email addresses at well known hosts and wait for either a reply, or include an image, which then hits an IP tracker tool when it is downloaded by the email client at the target.

    I use gmail for throw-away addresses and still get spam in the junk folder on those - presumably through the mechanism above.

  3. #3
    5 Star Lounger ibe98765's Avatar
    Join Date
    Aug 2001
    Location
    Bay Area, California, USA
    Posts
    968
    Thanks
    19
    Thanked 4 Times in 4 Posts
    Quote Originally Posted by Tinto Tech View Post
    ibe,

    is the text below the break-line the copy of your email from "fixya"? If so, you may wish to remove the link to what might be a dangerous site i [dot] minus [dot] com [forward-slash] ioygWSNBQlDbZ [dot] jpg.

    Anyway, one possibility is that your fixya address just happens to have been hit by a botnet probing for valid email addresses. One attack vector these guys use is to deluge randomly named email addresses at well known hosts and wait for either a reply, or include an image, which then hits an IP tracker tool when it is downloaded by the email client at the target.

    I use gmail for throw-away addresses and still get spam in the junk folder on those - presumably through the mechanism above.
    The minus address is a valid screenshot on a reliable site. WHY would you call it a "dangerous site"?

    As to probing, the possibility of a botnet probing non-standard email addresses (spamex addresses have a DASH in the middle) and actually hitting a valid one is extremely unlikely at best. AND if this were happening, why didn't I get hit on any of my other 200+ spamex email addresses?

  4. #4
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    Simple misunderstanding ibe: it wasn't clear to me if the text you posted below the break line was a quote from the spammy email. If it had been, the link may have been from a bad site, that's all.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •