I received two almost-identical pieces of spam this morning. Both were trying to recruit 'industrious agent in Netherlands' for some sort of work. One was addressed to my main e-mail address, the other to 'flyertalk@<mydomain>.com', an e-mail address I've only ever given to Flyertalk.

As it happens, I have two FT accounts, one with my main address and the other at 'flyertalk@<mydomain>.com'.

So I conclude, fairly clearly, that somebody else has the Flyertalk user database. Whether they only have the e-mail addresses, or whether they have the e-mail addresses, userids, passwords, and everything else, I don't know -- but some form of penetration has clearly occurred.

Can you guys look into this? I'll forward the two spams on request.