Was the forum user database every compromised?
-
I am wondering if the forum user database was ever compromised?
I created an email alias that was only used to register for this forum and never used to send email to anyone.
When cleaning out a spam box I noticed a few spam messages sent to that address.
I am going to change the address and see if the issue comes back, but if there was an incident (in the last 2-3 years) it would give me peace of mind knowing that my system was not likely the source of the compromise.
-
No, it has not been compromised. However, due to the way NodeBB works in some cases it has in the past exposed the e-mail address for accounts in the page source of threads (not visibly, but could be scraped).
I'm not sure if they fixed it or what because I'm not seeing it anywhere now. You'll see your own if you look in the page source but that's just because you're logged in as yourself. If you fetch the same page with something like cURL without a login it doesn't contain any addresses that I can see now.
-
@jimp thanks.... I see my own email address in this post (no problem, since I used it to log in), but no others.
I can't remember when it was that the forum got switched to the current software. How long ago was that? Did the old forum have any issues that would leak emails?
-
@guardian said in Was the forum user database every compromised?:
am wondering if the forum user database was ever compromised?
I created an email alias that was only used to register for this forum and never used to send email to anyone.
When cleaning out a spam box I noticed a few spam messages sent to that address.
I am going to change the address and see if the issue comes back, but if there was an incident (in the last 2-3 years) it would give me peace of mind knowing that my system was not likely the source of the compromise.
If you suspect that your email alias used for forum registration might have been compromised, it's a good practice to change the email address associated with your forum account, as you mentioned. Additionally, it's advisable to use unique and strong passwords for your accounts, enable two-factor authentication if available, and monitor your accounts for any suspicious activity.
Some organizations use b2b data enrichment tools for known data breaches. You can check with services like Have I Been Pwned to see if your email address has been involved in any known breaches.
Remember to stay vigilant about online security practices, such as regularly updating passwords, using unique passwords for each service, and being cautious about phishing attempts.
