Just a heads up, there might've been a database breach

tape3950

Hi, I'm not really a user here, I forgot why I even registered here a while back.

I use a specific email for sketchUcation (just fyi you can do this easily with gmail by using username+anythingyouwant@gmail.com), and despite not using it anywhere else, I just received an email to it. I don't use the gmail trick to be clear, the email I used is specifically sketchucation@mydomain.tld. The spam email I received was from igorproxorov96 at gmail.com containing "Sketchucation, hello, is it your email?"

Based on that, I can only conclude a part of the database was leaked or there was a access breach. The latter is most likely if phpBB is out of date.

I recommend you change your password at the very least and use a password manager so you don't reuse passwords on other websites as well.

Anyways, uh, good luck with that.

Gábor

Thank you for the heads up.

We do not know about any database leaks at SketchUcation.com. But as I see at the settings you allowed for other members to email you. With this option set on other members can email you and can see your email address. You can switch this setting off at your User Control Panel:

User Settings

Eegee

@gábor said:

...But as I see at the settings you allowed for other members to email you. With this option set on other members can email you and can see your email address...

That could explain it, however I can't find any way on this forum to view email addresses of other members. I can't click on user names to view profiles for instance. So are you really sure there isn't a database breach?

I too have received a similar email like tape3950 did, and it sure smells spammy.

Gábor

Both Eegee and tape3950 have 1 posts on the forums. Therefore they are in the new user's group until they have at least 2 approved posts. People in the new user's group has less permissions, therefore they can't PM or email other users. This is why you are not seeing the envelope icon.

We discussed at SketchUcation this feature and now we set the "Users can contact me by e-mail" option off by default for newly registered members and set everybody's setting off. So if somebody would like to enable others to email him/her, he / she has to permit it by turning "Users can contact me by e-mail" on.

ntxdave

I received an email like tape3950 this morning. Will go look at the settings.

Just looked at the settings and mine already was set to no (that members can send me emails). I do have it set to allow administrators can send me emails.

gullfo

its pretty common for spambots to scan forums looking for emails, tel#, and other personal information, especially if the forums list "new members" etc making it easier for the bots to pick the latest accounts for scanning.

so as a general rule - turning off all notifications / permissions to send emails / text messages / etc except for forum members is a good idea, as is restricting personal information in posts, profiles etc which may be scanned without login or as part of the wonder that is Google.

Gábor

@ntxdave said:

.....looked at the settings and mine already was set to no (that members can send me emails)....

As I mentioned in my previous post I set everybody's to OFF today. If somebody wants to let others to email him/her has to set to ON again.

Sent from my SM-G988B using Tapatalk

ntxdave

Don't know how I missed that. : Sure thre plain as day.

Kenny

I just logged in here today after not doing so for a while. Chrome alerted me to a possible data breach when I did so and suggested I change my password. Maybe there has been a breach?

Anne O Grady

Hey Kenny,

No breach - all is well