bagginsbill opened this issue on Nov 01, 2007 · 27 posts
Acadia posted Fri, 02 November 2007 at 1:41 AM
Quote - Acadia,
I think it's worse that that. I don't think it's a mail server issue at all. I think the member database has been broken into, or sold by a dishonest employee. I talk about this all the time with colleages - security policies don't mean a thing if there are humans involved who have an interest in violating them for personal gain.
But how would that explain an email created on October 9th or whatever which started to receive spam 2 weeks later?
I have used addresses from hotmail, gmail and even my ISP and they have all been compromised.
For example:
1) XXXX@gmail.com is my original gmail address. I have had this address since 2002 or so when gmail first came out. During all of that time I never used that email address anywhere. I created it and didn't bother with it because back then it didn't have POP3.
Earlier this year when I signed up for the "Critique Club" and found that my old hotmail "spam account" which I had been using, couldn't handle all of the ebots from Renderosity (newsletter, gallery upload notifications, comment notifications, favourited notifications, wish list notifications etc), I had to find an alternate address to use.
Someone suggested gmail. So I entered XXXX@gmail.com as the address at Renderosity. Within a couple weeks I started to receive spam to this address. Now remember this address was completely spam free for 5 years until it was entered on Renderosity.
2) XXXX@mts.net is my primary ISP email address and used only for personal communication. I do not use this email on websites. I have had this email address since March 2000. It was spam free until I used it on Renderosity earlier this year. Seven years of never having received a single spam email.
When I left the position of co-ordinator and handed back my renderosity.com email address I mistakingly entered XXXX@mts.net into the email area of Renderosity. The following week I got a newsletter addressed to this email address instead of the gmail address, along with spam! I immediately went and changed the email address on Renderosity back to the XXXX@gmail.com one, hoping to control the damage. ***Remember, ***XXXX@mts.net is my ISP email address that was only used for personal business and never on a website, and was spam free for 7 years until I used it on Renderosity.
3) YYYYY@gmail.com is an address I created on October 9 specifically for Renderosity use. I created it for 2 reasons. 1) I was sick of the literally hundreds of spam coming to my XXXX@gmail.com address. 2) To see how long this new address would stay spam free once it was entered on Renderosity. It didn't say spam free for very long. It took 2 weeks for spam to start arriving at this email address after having used it on Renderosity.
4) Poser Pros requires the use of an ISP email address on their website now. For me to continue to access their site I had to use one of my ISP accounts. I have not received any spam to that ISP account since entering it into Poser Pros. It's been about 1 or 2 years since they changed their policy about emails and that ISP email is still 100% spam free.
5) I will also point out that I have a hotmail address that I use specifically for Daz3D. I created that email for Daz back when I first registered there. I have never used that email address for any other purpose than to login to Daz and received their news letters and ebot notifications for purchases. I think I registered with them back in 2004. I have not received a single spam email to that hotmail account, not a single one! That's almost 4 years with a hotmail address that has been used on one website and no where else and for no other purpose, and not a single spam received on it.
While Renderosity isn't sending the spam directly, there is a leak of some kind that is allowing spammers to harvest email addresses entered into Renderosity.
My email history above where I actually have email accounts (some of them hotmail accounts) in use for MSN Messenger or Daz have been spam free for multiple years, while brand new addresses created and used on Renderosity are getting spam, prove that there is a problem at Renderosity's end. Spammers are somehow able to harvest emails from Renderosity specifically. Daz and Poser Pros do not have this problem.
I don't know about the credit card data base. I hope that is more secure than the email server. I also don't think that anyone has been selling email addresses to spammers. I really does seem to me to be a back door problem of some kind which is allowing spammers access to the email addresses.
I could go and change my email address again, but what's the point?" As it is now it would just start getting spam in it too. :(
"It is good to see ourselves as
others see us. Try as we may, we are never
able to know ourselves fully as we
are, especially the evil side of us.
This we can do only if we are not
angry with our critics but will take in good
heart whatever they might have to
say." - Ghandi