Windows Secrets might be the source for all things Windows — including security. But even we’re not immune from hackers.
In the past couple of days, many of our subscribers reported receiving spam that appeared to come from Windows Secrets. But we can assure you, the e-mails did not come from us. We’ve always been committed to protecting our subscribers from unwanted junk mail — and we still are.
UPDATE: Since our last update, our IT staff has completed their investigation, and the facts remain unchanged from our original report. We’ve taken steps to strengthen our systems against this type of attack in the future, including limiting the number of sign-in failures from a given IP address.
Again, thank you for your continued support of Windows Secrets.
A brief timeline of the site break-in
Sept. 11: Using a brute-force password-cracking technique, a hacker gained access to the Windows Secrets website via a compromised administrator account.
Sept. 12: The hacker planted malicious code on the site which potentially gave him (or her) the ability to access our database.
Sept. 17: Windows Secrets subscribers (and WS editors) started receiving unexpected e-mails from “Windows Secrets” that were purely and obviously spam.