pfsense forums data breach confirmed

mer

@anonymous-5132 Thanks: I was just making sure, I was not trying to imply or assume motive to anyone

Anonymous-5132

Wow, what junk forum software. My post above isn't spam until I try to edit it to remove the duplicated word. Teach me to proofread three times...

---Edit---

Just testing to see if all my edits are considered spam for some reason...

johnpoz

@anonymous-5132 said in pfsense forums data breach confirmed:

Have you looked at the other thread? Have you looked at the evidence I presented?

Yes - and there is no "evidence" you getting some email to some address "you" say has not been used elsewhere - or not leaked "elsewhere" or someone didn't specific add to a spam list, etc. etc.. is sure and the hell not "evidence" of a breach... When more than you come forward and say hey we all got this spam, from our only used on this forum you might have something worth talking about.

My "EVIDENCE" show no spam to my private address - so clearly your email address was obtained elsewhere.. Do you see how thin you accusation is?

getting email to the clearly unique and unknowable "pfsense" at some domain - yeah just screams their db has been compromised <rolleyes>

Anonymous-5132

@johnpoz said in pfsense forums data breach confirmed:

@anonymous-5132 said in pfsense forums data breach confirmed:

Have you looked at the other thread? Have you looked at the evidence I presented?

Yes - and there is no "evidence" you getting some email to some address "you" say has not been used elsewhere -

So we're supposed to believe you at your word but not me? You who has yet to post anything but words and has given absolutely no reason whatsoever to be trusted and in fact has shown good reason not to be trusted?

or not leaked "elsewhere" or someone didn't specific add to a spam list, etc. etc.. is sure and the hell not "evidence" of a breach...

So I leaked my own email address, defeating my own system I put together to detect leaked email addresses? Or are you claiming I faked the email headers and server log lines I posted? And you think I'm the one being completely unreasonable? ROFL!

When more than you come forward and say hey we all got this spam, from our only used on this forum you might have something worth talking about.

You mean like the three other people who have posted? Did the two others who posted evidence so far fake their evidence as well?

My "EVIDENCE" show no spam to my private address - so clearly your email address was obtained elsewhere.. Do you see how thin you accusation is?

Your "evidence" is your word and absolutely nothing else. You claim that you haven't received spam, and quite frankly, I don't believe you. I, and two other people, have posted hard evidence. You have posted crazy assumptions and ignored facts.

getting email to the clearly unique and unknowable "pfsense" at some domain - yeah just screams their db has been compromised <rolleyes>

A data breach of the old pfsense forum is the simplest explanation given the facts. What else could explain multiple different people all receiving spam to an address only used in that one place? Do you honestly believe that three different people all decided to forge evidence to falsely claim that they got spam to a unique email used at a single website and then all chose the old pfsense forum out of millions of choices? Oh, but I'm the one being unreasonable.

One of us has posted evidence, and one of us has not. One of us has read the evidence posted by two other people, and one of us has not. The fact is the evidence posted so far supports the theory that a list of email addresses used on the old pfsense forums has been leaked. No amount of words from a clearly unreasonable person will change that.

jdeloach

@anonymous-5132

I think it's about time that a moderator LOCK this post as there has been no credible evidence that there has been a leak posted and lets quit feeding this troll.

Joolee

The full (redacted) E-mail I received is:
https://pastebin.com/ApKP3fmG

kiokoman

let me guess !! let me guess !!
the email of @johnpoz johnpoz [snipped mod]

johnpoz

@kiokoman no that is not private address that the forum knows about..

kiokoman

@johnpoz
it was here
https://forum.netgate.com/topic/61267/minor-issue-with-client-export-config-commands
maybe you should clean that also
I wanted to show that it is not impossible to find them
also
https://marc.info/?l=pfsense-discussion&r=1&w=2
it's full of information about personal emails for example

johnpoz

@kiokoman thanks - from 2013, wow.. Not sure how I missed that way back then.

But yeah great example..

Joolee

@johnpoz your email address is also exposed in your Redmine profile, in case you're wondering. You can set it to private in the settings.

bingo600

@joolee
Might be nice to edit the above to just say your mail address

johnpoz

@joolee thanks - but that is not the address tied to my forum account either.. But another great example on my part ;) showing that email can be harvested without a "breach".. ;)

provels

I get spam every day in my roadside mail box.
Who do I see about that?

johnpoz

@provels I would contact the Postal Service about their breach.. Since clearly that is the only explanation