FlyerTalk Forums

FlyerTalk Forums (https://www.flyertalk.com/forum/index.php)
-   Technical Support and Feedback (https://www.flyertalk.com/forum/technical-support-feedback-386/)
-   -   Flyertalk database leak? (https://www.flyertalk.com/forum/technical-support-feedback/1530646-flyertalk-database-leak.html)

alnitak Dec 13, 2013 7:00 am
Flyertalk database leak?
 
I've just received a spam offering "iPad Video Lessons" to an email address that was only ever used to register my account on this forum.

If you're selling the database, this isn't clear on sign on. If you're not selling the database, you have a security problem!

Dodge DeBoulet Dec 14, 2013 7:00 am
There are more ways to obtain email addresses than just a security breach on the host's web site. You could have logged in from a public workstation infected with a keylogger (which may have actually been installed by the sponsor of the public workstation), or (if the address is not terribly complicated) been the victim of a "lucky guess," machine-generated or otherwise.

I nevertheless would be very interested to hear if there was a security breach at IB.

alnitak Dec 14, 2013 10:29 am
Originally Posted by Dodge DeBoulet (Post 21964489)
There are more ways to obtain email addresses than just a security breach on the host's web site. You could have logged in from a public workstation infected with a keylogger (which may have actually been installed by the sponsor of the public workstation), or (if the address is not terribly complicated) been the victim of a "lucky guess," machine-generated or otherwise.

I nevertheless would be very interested to hear if there was a security breach at IB.
I've never used this site other than from an Apple MacOS X desktop and laptop that are under my direct control (not that those are completely immune, but they're a damn sight better than any Windows box).

I use a different email address for every site I register on, and if something was grabbing emails (or worse still credentials) from my end I'd be seeing this problem all over the place.

It would also have to be an amazing lucky guess. There's plenty of email addresses on my domain that the spammers' crawlers know about (e.g. the one I used to use on Usenet) but spam to addresses I've used on 3rd party sites have only ever happened because of breaches on those sites.

ScottC Dec 14, 2013 12:20 pm
Originally Posted by alnitak (Post 21965210)
I've never used this site other than from an Apple MacOS X desktop and laptop that are under my direct control (not that those are completely immune, but they're a damn sight better than any Windows box).

I use a different email address for every site I register on, and if something was grabbing emails (or worse still credentials) from my end I'd be seeing this problem all over the place.

It would also have to be an amazing lucky guess. There's plenty of email addresses on my domain that the spammers' crawlers know about (e.g. the one I used to use on Usenet) but spam to addresses I've used on 3rd party sites have only ever happened because of breaches on those sites.
I'm guessing you have your own domain name? Plenty of spammers are getting smart and sending <sitename> to <domain name>. Flyertalk is a very large site, so chances are they just grabbed your domain name from a list, then added Flyertalk to it.

mikew99 Dec 14, 2013 2:29 pm
I also have my own domain name and give each entity its own customized email address so that I can better track where leaks occur. I can't speak for the OP, but in my case, the email addresses I create can consist of two words, a special character, and a number. There's no way that a spammer can guess this format out of the blue.

I have received spam at several of my custom email addresses, but thankfully, none yet to my FlyerTalk custom email address. I don't use my FT email address for login purposes; I always use my username.

Yes, there are other ways to get my FT email (such as via notifications that FT sends), but if/when I do receive spam to my FT email address, I'd be just as suspicious as the OP as to how it happened.

kipper Dec 15, 2013 10:55 am
I received an email that said, "This is (person's name) from flyertalk" and then was your standard spam message about money. Perhaps there was some sort of issue?

IBobi Dec 16, 2013 6:02 pm
There are other ways to get FT email from people you don't know. To curtail this, go to:

MyFlyerTalk
Edit Options
Messaging & Notification
Receive Email
UNCHECK "Receive Email from Other Members"

oliver2002 Dec 17, 2013 5:36 am
Another point to note is that your email ID goes to the moderators email account if you report a post. If I look at my gmail 'contacts' I see dozens of people I have no clue who they are. Investigation revealed that they reported posts and the gmail assumed that they are sending me email. So if there ever is a breach of my gmail and the contact list is used to spam, these FTers will receive spam.

OverThereTooMuch Dec 31, 2013 10:23 pm
Originally Posted by oliver2002 (Post 21979917)
Another point to note is that your email ID goes to the moderators email account if you report a post. If I look at my gmail 'contacts' I see dozens of people I have no clue who they are. Investigation revealed that they reported posts and the gmail assumed that they are sending me email. So if there ever is a breach of my gmail and the contact list is used to spam, these FTers will receive spam.
This is a great reason why those notifications should NEVER go to a user's email, but to their PM box instead.

IBobi - Sending the notification via PM is the standard implementation that I've seen on most internet forums. For security/privacy reasons (as well as many others), can IB please investigate what it would take to change the notification system?

IBobi Jan 2, 2014 12:25 pm
Originally Posted by OverThereTooMuch (Post 22060138)
This is a great reason why those notifications should NEVER go to a user's email, but to their PM box instead.

IBobi - Sending the notification via PM is the standard implementation that I've seen on most internet forums. For security/privacy reasons (as well as many others), can IB please investigate what it would take to change the notification system?
The large number of PMs that would be generated would strain both the moderators' PM inboxes as well as our database. This is not a change we can make at this time.

wharvey Jan 2, 2014 5:31 pm
I have asked for this feature for years... makes it much easier to respond to members as well. Not sure how it would overload moderator mailboxes... but I can understand overloading the IB database... :)

Originally Posted by IBobi (Post 22069369)
The large number of PMs that would be generated would strain both the moderators' PM inboxes as well as our database. This is not a change we can make at this time.

OverThereTooMuch Jan 2, 2014 8:04 pm
Originally Posted by IBobi (Post 22069369)
The large number of PMs that would be generated would strain both the moderators' PM inboxes as well as our database. This is not a change we can make at this time.
I strongly believe that Internet Brands is not making the right decision for user security or user privacy, but I appreciate that you replied to the thread.

I think this needs to be clarified in the privacy policy. Even if moderators are considered to be IB employees (and I don't think that is the case), I assume IB maintains no responsibility for the security/integrity of the information in their computers. I would expect this to be clarified in section 7 (and possibly other sections as well).

Please update this thread when this FlyerTalk user privacy issue has been addressed.


All times are GMT -6. The time now is 8:42 am.


This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.