Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Was the forum user database every compromised?

    Scheduled Pinned Locked Moved
    Forum Feedback
    3
    4
    600
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      guardian Rebel Alliance
      last edited by

      I am wondering if the forum user database was ever compromised?

      I created an email alias that was only used to register for this forum and never used to send email to anyone.

      When cleaning out a spam box I noticed a few spam messages sent to that address.

      I am going to change the address and see if the issue comes back, but if there was an incident (in the last 2-3 years) it would give me peace of mind knowing that my system was not likely the source of the compromise.

      If you find my post useful, please give it a thumbs up!
      pfSense 2.7.2-RELEASE

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        No, it has not been compromised. However, due to the way NodeBB works in some cases it has in the past exposed the e-mail address for accounts in the page source of threads (not visibly, but could be scraped).

        I'm not sure if they fixed it or what because I'm not seeing it anywhere now. You'll see your own if you look in the page source but that's just because you're logged in as yourself. If you fetch the same page with something like cURL without a login it doesn't contain any addresses that I can see now.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        G 1 Reply Last reply Reply Quote 0
        • G
          guardian Rebel Alliance @jimp
          last edited by

          @jimp thanks.... I see my own email address in this post (no problem, since I used it to log in), but no others.

          I can't remember when it was that the forum got switched to the current software. How long ago was that? Did the old forum have any issues that would leak emails?

          If you find my post useful, please give it a thumbs up!
          pfSense 2.7.2-RELEASE

          1 Reply Last reply Reply Quote 0
          • MargodM
            Margod
            last edited by Margod

            @guardian said in Was the forum user database every compromised?:

            am wondering if the forum user database was ever compromised?

            I created an email alias that was only used to register for this forum and never used to send email to anyone.

            When cleaning out a spam box I noticed a few spam messages sent to that address.

            I am going to change the address and see if the issue comes back, but if there was an incident (in the last 2-3 years) it would give me peace of mind knowing that my system was not likely the source of the compromise.

            If you suspect that your email alias used for forum registration might have been compromised, it's a good practice to change the email address associated with your forum account, as you mentioned. Additionally, it's advisable to use unique and strong passwords for your accounts, enable two-factor authentication if available, and monitor your accounts for any suspicious activity.

            Some organizations use b2b data enrichment tools for known data breaches. You can check with services like Have I Been Pwned to see if your email address has been involved in any known breaches.

            Remember to stay vigilant about online security practices, such as regularly updating passwords, using unique passwords for each service, and being cautious about phishing attempts.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post