Another security breach

[autolycus]

I've commented before about breaches in the Club's data security. Those who use one email address for many purposes may not have realised the source of some of their spam, phishing attacks, or malware-bearing mail, but I use a email addresses for this site which I don't use anywhere else. Four of these addresses have now been leaked to this murky world, and I now block them. The latest one I have set up, only a few weeks ago, and which has never been used to send or receive mail, started receiving phishing mails a couple of days ago.

It would be far too much of a coincidence for this one address to have been hacked or keylogged from my PC, since I not only use a more secure operating system than most (Linux), but am getting no similar mail to the dozens of other unique email addresses I use. I suspect a serious flaw in the Club's systems.

In one sense, it doesn't matter, as I'm too old and cynical to panic every time my Apple account has been suspended or I receive a mysterious report to review, but I'd be a bit worried if the Club held any more of my personal data.

Kevin

[SteveClem]

Have you notified the club? They may not pick up the problem from the forum.

[les]

Don't you get confused as to where you are with dozens of addresses, and as a layman what is the reason for so many ? I have two.

[olderisbetter]

I have an email from apple that gmail has picked up as spam, which it is as i have no apple accounts.

[irmscher]

I get emails from Santander Paypal and Ebay and all are scams

[autolycus]

Don't you get confused as to where you are with dozens of addresses, and as a layman what is the reason for so many ? I have two.

I registered my own domain, partly because it meant I could very easily forward emails through whichever ISP I'm using at the time. Thus every year or so I swap ISP, taking advantage of special offers and cashbacks, but don't have to tell everyone whose address books I may be in.

I only normally use a few different ones to send mail, but it means that when one escapes because I've got into the address book of someone whose computer security is compromised, I can quite easily set that address to bounce all incoming mail. I've not found spam filters to be very effective - too many genuine emails get falsely trapped. If you're running any sort of business, I think it's one of the dead giveaways that you're unprofessional if you have a hotmail, gmail, or aol address.

In answer to the other comments, I wasn't particularly wanting to start a thread on scam emails in general, but I'm sure the Club is leaking data here. If you use the same email addresss for many purposes, you won't know who has leaked it.

Kevin

[les]

Thanks, I sort of get it!

[Monty-4]

I'm not sure Linux is so much more secure, it's just traditionally been less of a target. The same benefit OSX had for a while but it's being hit a lot harder these days.

The MMOC will certainly not have an in-house server for hosting and will be renting the space, and security, from a provider. You'd hope whoever the host is would notify the MMOC of any breaches and we'd be notified of any real concerns.

Also it's perfectly possible that your addresses are just being brute forced.

[Blaketon]

The Internet has become the Intermess and given time, I feel it could even implode. I'm not sure that Internet crime is taken seriously or (Being a global thing) tackled in a cohesive way. I've often said I should like to get hold a cement lorry, fill it full of manure and empty it through the front door of a spammer, with the words "Have some of it back".

[olderisbetter]

I was getting five emails a day asking if i wanted to buy tinned pork luncheon meat in bulk, i am sure this was some kind of spam...

[autolycus]

Mentioning Linux was pure mischief on my part: sorry.

I know of one car club database, for a club comparable in size to the MMOC, that is hosted locally - it even uses MSAccess. A proper hosting company should indeed have high levels of security, but how many individuals have the requisite passwords, or have been allowed to run queries?

Brute force attack? Unlikely on my machine, given that five MMOC addresses have been breached, but virtually none of the many others I use.

Kevin

[irmscher]

How do you know that you have been breached and what is it that you have to do??