bagginsbill opened this issue on Nov 01, 2007 · 27 posts
bagginsbill posted Fri, 02 November 2007 at 11:21 AM
Attached Link: http://market.renderosity.com/mod/forumpro/showthread.php?thread_id=2704078
Annie,You're making great points, but none of them are responsive to what I've told you. I created a unique 17 character email address. It does not contain my username. It has numbers in it and periods. It is impossible to guess. It does not go to a well known site like yahoo or gmail. I have never posted it anywhere in any public forum of any kind. It exists only in this site's database. The only way it could be discovered would be if there is a security breach here or at my mail forwarding service. Since the entire and only reason for the existence of that mail server is to eat spam and is extremely secure. None of my other 40 addresses has been compromised. This strongly points to the Renderosity database as the source of the leakage of my address.
The mail server it goes to is a forwarding service that hides my true email address. That server says the headers in the spam I got were forged (not telling the truth), meaning that the IP address that sent the mail did not match the stated host name according to the internet Domain Name Service. That indicates that the sender wanted to hide their true identity, which indicates fraud.
The actual email itself was a phishing message, hoping I'd be stupid and answer it and get sucked into some financial scam.
So - we have a sender who wishes to hide his identity, using an address that is impossible to guess and could only come from Renderosity, sending me a message whose only purpose is to engage me in an attempt to take money from me.
I can't understand why this is not being taken seriously, or why a couple of you are trying to convince me that this happens all the time. It does not happen all the time, but often enough that I have taken the precaution of never giving my real email address to any web site or any retailer. I have also taken the precaution of not leaving any true personal information on this website database.
I have been the victim of identity theft TWICE. One time, it was because a retailer's customer database (TJ MAXX) was broken into by hackers, who then performed over $2000 of cash advances from my credit card, even though I had told the CC company to disable cash advances on my account. The second time was when some idiot at the Boston Globe accidentally printed all the accounts, including credit card numbers, of all the Boston area subscribers. These printouts were then mistakenly used to wrap bundles of newspapers and sent to retailers all over Massachusetts. One of those bundles had my name and info on its wrapper.
So far, all that has happened, largely because I'm cautious, is that I got some spam. I have a simple means to stop that without any great inconvenience to me. This will not be the case for the vast majority of Renderosity members. That concerns me.
Once I understand that Renderosity has plugged the leak, I will make a new address and shut off the old one. But so far, nobody has officially responded. Given that the good folks at Rendo usually respond instantly to anything (good or bad) that I post that concerns them, I gather from the continued silence that they are pretty upset about this and are working very hard to figure out what to do. Until they say something that is technically sound with regard to a mitigation of this problem, I'm going to continue to assume that the Renderosity database is visible to somebody and be careful with my information.
As to who it is affecting, or whether it is odd that I was affected and you were not, that doesn't really matter to me. I don't need to worry less just because only a few dozen people have spoken up about it. Remember, the only people who would suspect Renderosity got breached are those like myself who are certain that the address which was used was unique to Renderosity. There are probably another 100,000 subscribers who put their real email address here and can't tell the difference between general spam and spam that's a result of a breakin here.
Remember, too, that it even if they missed you that proves nothing. Follow to the linked thread. Dozens of people are talking about being affected, and Rendo knows there is a problem.
There is a lot of confusion - people talking about individuals having trojans, about spoofing and making email look like it was sent from Rendosity. Do not get confused. These emails don't look like they were sent by or through Renderosity. That is not the issue. The issue is they were sent to unguessable addresses which are ONLY stored here at Renderosity.
Renderosity forum reply notifications are wonky. If I read a follow-up in a thread, but I don't myself reply, then notifications no longer happen AT ALL on that thread. So if I seem to be ignoring a question, that's why. (Updated September 23, 2019)