Fixya.com email addresses hacked

Topic

New Reply

I used Fixya once in the past and the ID over there has been languishing. Yesterday, I received a nicely constructed spam email using the Fixya registration email address. Huh?

I sent a version of the below email to Fixya to warn them but all I got in return today was a form letter saying [summary] “we are concerned with privacy and security and everything is good here”.

I thought I would post the info elsewhere so others can keep an eye out if they happen to have a Fixya registration. You might want to change your email address.

—————–

I used the disposable email address nwp9-x7y1@xemaps.com for registering for the Fixya forums. NO ONE ELSE HAD THIS ADDRESS!

Unfortunately, either Fixya has started selling email addresses or you have been hacked or some renegade employee has stolen and sold your email address file (and what else, one wonders?).

Evidence is a spam email I received this morning directed to my Fixya email address (again, an address that has only been used to register for the Fixya forums):

http://i.minus.com/ioygWSNBQlDbZ.jpg

I have around 200 disposable spamex email addresses and this is the only one that has received this (or any) spam email. So the problem must be with FIxya.

Reply | Quote

Replies

ibe,

is the text below the break-line the copy of your email from “fixya”? If so, you may wish to remove the link to what might be a dangerous site i [dot] minus [dot] com [forward-slash] ioygWSNBQlDbZ [dot] jpg.

Anyway, one possibility is that your fixya address just happens to have been hit by a botnet probing for valid email addresses. One attack vector these guys use is to deluge randomly named email addresses at well known hosts and wait for either a reply, or include an image, which then hits an IP tracker tool when it is downloaded by the email client at the target.

I use gmail for throw-away addresses and still get spam in the junk folder on those – presumably through the mechanism above.

Reply | Quote

ibe,

is the text below the break-line the copy of your email from “fixya”? If so, you may wish to remove the link to what might be a dangerous site i [dot] minus [dot] com [forward-slash] ioygWSNBQlDbZ [dot] jpg.

Anyway, one possibility is that your fixya address just happens to have been hit by a botnet probing for valid email addresses. One attack vector these guys use is to deluge randomly named email addresses at well known hosts and wait for either a reply, or include an image, which then hits an IP tracker tool when it is downloaded by the email client at the target.

I use gmail for throw-away addresses and still get spam in the junk folder on those – presumably through the mechanism above.

The minus address is a valid screenshot on a reliable site. WHY would you call it a “dangerous site”?

As to probing, the possibility of a botnet probing non-standard email addresses (spamex addresses have a DASH in the middle) and actually hitting a valid one is extremely unlikely at best. AND if this were happening, why didn’t I get hit on any of my other 200+ spamex email addresses?

Reply | Quote

Simple misunderstanding ibe: it wasn’t clear to me if the text you posted below the break line was a quote from the spammy email. If it had been, the link may have been from a bad site, that’s all.

Reply | Quote

is the text below the break-line the copy of your email from “fixya”?

To, not from.

If so, you may wish to remove the link to what might be a dangerous site i [dot] minus [dot] com [forward-slash] ioygWSNBQlDbZ [dot] jpg.

That’s just a screen shot of his spam email.

Bruce

Reply | Quote