Originally Posted by
Dodge DeBoulet
There are more ways to obtain email addresses than just a security breach on the host's web site. You could have logged in from a public workstation infected with a keylogger (which may have actually been installed by the sponsor of the public workstation), or (if the address is not terribly complicated) been the victim of a "lucky guess," machine-generated or otherwise.
I nevertheless would be very interested to hear if there was a security breach at IB.
I've never used this site other than from an Apple MacOS X desktop and laptop that are under my direct control (not that those are completely immune, but they're a damn sight better than any Windows box).
I use a different email address for every site I register on, and if something was grabbing emails (or worse still credentials) from my end I'd be seeing this problem all over the place.
It would also have to be an amazing lucky guess. There's plenty of email addresses on my domain that the spammers' crawlers know about (e.g. the one I used to use on Usenet) but spam to addresses I've used on 3rd party sites have only ever happened because of breaches on those sites.