Page 1 of 1

Address stolen

PostPosted: Mon Aug 06, 2018 9:53 pm
by anonymouse
An address I created for, and have only used for access to, this website has been compromised and used to send me a phishing email (fake Amazon security message).

Usually this means that the site (or a backup copy of the data held on an administrator machine, or a third-party with whom data is shared) has been compromised - sadly not an uncommon issue with online forums - and I have reported details to the administrators. Often site administrators can test/confirm this if they had previously set up a honeypot address or similar.

If other users receive spam sent to a unique address known only to this site, I suggest telling the administrators so they can confirm whether there has been a problem. (It is likely that compromise of user details will be a disclosable incident under GDPR.)


PS I tried to send further details to the administrators but they don’t seem to disclose a contact or security report address in the site information or privacy policy.

Re: Address stolen

PostPosted: Tue Aug 07, 2018 7:46 am
by Paul Webster
Hi Anonymouse, I've sent you an initial email about this (assuming you are the person who also emailed). There is only myself who carries out all technical tasks on Walkhighlands, so there is no security contact other than me.

I've been investigating this, and have not been able to find any evidence of any breach or unauthorised access to any Walkhighlands data, to which we maintain the highest standards of security.

There are several possibilities as to how you could have received a spam email on this address. As stated in my email, I'm continuing to look into the issue.

Re: Address stolen

PostPosted: Tue Aug 07, 2018 1:31 pm
by anonymouse
That wasn’t me who emailed - must have been someone else who was affected.

Re: Address stolen

PostPosted: Tue Aug 07, 2018 1:53 pm
by Paul Webster
Apologies - in your first message you said you had reported this to the administrators. If you aren't the person I've referred to then we've not received anything from you other than this post on the forum.

To be clear, I'm the person responsible for the security of the site - I carry out all the IT work on Walkhighlands. If you want to email me direct you can do so on editor@walkhighlands.co.uk

I've carried out an audit and have so far established that there has been no apparent breach since I moved Walkhighlands to our current host in 2014, at which point I completely rebuilt our servers from scratch with minimal access and highest security.

It's not possible now to look for breaches before then, but Walkhighlands was then hosted using a control panel which offered less security than our current setup. Passwords have always been fully encrypted since the site forum was first set up in 2007 and as such are safe.

Re: Address stolen

PostPosted: Tue Aug 07, 2018 6:16 pm
by klinketyklank
Same here - I received an Amazon phishing email yesterday evening to an email address set up exclusively for this site.

Yes, it is theoretically possible that the same phishing group has happened upon the specific email address used by several users all at the same time, but a much more likely explanation is that there has been a data breach somewhere.

Re: Address stolen

PostPosted: Tue Aug 07, 2018 6:19 pm
by weeblewobble
Exact same problem here, I use unique email addresses for most websites and the unique one I use here has started receiving spam which is indicative of a breach somewhere.

Re: Address stolen

PostPosted: Tue Aug 07, 2018 6:34 pm
by Paul Webster
Thanks for the messages. At this moment I think the most likely scenario is that there may have been a historic breach on our old server/host in 2014 resulting in email addresses being exposed to spam.

I confirm that all my investigations are showing that Walkhighlands current servers are fully secure. It's also worth noting in any case that email addresses are the only personal details we hold (our policy is to store nothing that is not necessary) - we do not have actual names of users, addresses etc., and passwords are fully encrypted and so cannot be accessed even by ourselves.

I've already made a report to the information commissioner about this earlier today on receiving the first report and we are awaiting their instructions as to what further steps to take.

Our emails are actually sent out via Amazon SES service and email itself is not a secure medium (emails can be easily intercepted and read as they cross the web) so there is a possibility of a listener service picking up email addresses, which would not be a security breach. That said, my assumption is that there has been a breach back in 2014.

Re: Address stolen

PostPosted: Wed Aug 08, 2018 2:38 pm
by BlackPanther
I got one of them as well. Somebody claiming they're Amazon. My e-mail is not exclusive for this site but might be the same source of "leak". I don't care personally, I just flag such stuff as spam and delete it so no complaints from my side, just wanted to let you know that it happened to me, too.

Sadly, we live in a digital world and it's impossible to escape from such stuff. Don't let spam mails spoil your day :D

Re: Address stolen

PostPosted: Wed Aug 08, 2018 2:46 pm
by anonymouse
BlackPanther wrote:Don't let spam mails spoil your day :D


Yes, of course, spam just goes in the bin. But nevertheless it is important for us all to let site administrators know when a breach has occurred - and to check what other personal data may have been exfiltrated at the same time. Personally, I take data breaches seriously, as every piece of stolen data adds to criminals’ armouries for future more complex attacks. Luckily I have stored very little on walkhighlands - no credit cards, data of birth, home address etc. Other users may not be in the same position.

It is also important to ensure other users know about breaches because someone out there will have used the same password for this site and other more important sites - and other users will fall for the scam and click on the fake Amazon email.

As the administrator said, it is possible that this is the theft of addresses from a long time ago (or recent breach of an old backup), and perhaps only now bought by scammers from the dark web.

Re: Address stolen

PostPosted: Sat Aug 25, 2018 4:45 pm
by sharmuk
Just for the record I too have a unique address for this site and have received the phishing email

Re: Address stolen

PostPosted: Wed Aug 29, 2018 5:20 pm
by redbadger27
I also use unique addresses for every company/organisation/website I engage with. I also received a fake amazon phishing email recently to the address used to identify me on this site. I first registered with you 19th July 2014. Since then I have only ever received email from you, to that address, related to your website and your commercial interests, which is what I would expect. That was until 24th August 2018 when I started getting spam emails to that address. Since you are the only organisation to hold the address, it can only have come from you or a breach of your systems/processes somehow. I have now disabled that address.

By the way, I tried to report this by email to your editor(at)walkinghighlands(dot)co(dot)uk but received the following message back after a few days : "Your message wasn't delivered. Despite repeated attempts to deliver your message, the recipient's email system refused to accept a connection from your email system. Contact the recipient by some other means (by phone, for example) and ask them to tell their email admin that it appears that their email system is refusing connections from your email server. Give them the error details shown below. It's likely that the recipient's email admin is the only one who can fix this problem. For Email Admins: No connection could be made because the target computer actively refused it. This usually results from trying to connect to a service that is inactive on the remote host - that is, one with no server application running.

Re: Address stolen

PostPosted: Thu Aug 30, 2018 7:00 pm
by Paul Webster
Thanks for your message. As previously posted,I believe that there was a breach, currently we believe in 2015 but have not been able to identify the definite means. I reported the breach to the information commissioner; I'm very sorry about the inconvenience.

The email address to contact us is editor@walkhighlands.co.uk - not walkinghighlands.co.uk (i do own that domain as we've been misprinted as that in newspapers and it means people still get the website, but it doesn't have any email set up on it)