walkhighlands

Check this board for announcements about new features and content on Walkhighlands

Address stolen

Address stolen


Postby anonymouse » Mon Aug 06, 2018 9:53 pm

An address I created for, and have only used for access to, this website has been compromised and used to send me a phishing email (fake Amazon security message).

Usually this means that the site (or a backup copy of the data held on an administrator machine, or a third-party with whom data is shared) has been compromised - sadly not an uncommon issue with online forums - and I have reported details to the administrators. Often site administrators can test/confirm this if they had previously set up a honeypot address or similar.

If other users receive spam sent to a unique address known only to this site, I suggest telling the administrators so they can confirm whether there has been a problem. (It is likely that compromise of user details will be a disclosable incident under GDPR.)


PS I tried to send further details to the administrators but they don’t seem to disclose a contact or security report address in the site information or privacy policy.
anonymouse
 
Posts: 3
Joined: Aug 18, 2010

Re: Address stolen

Postby Paul Webster » Tue Aug 07, 2018 7:46 am

Hi Anonymouse, I've sent you an initial email about this (assuming you are the person who also emailed). There is only myself who carries out all technical tasks on Walkhighlands, so there is no security contact other than me.

I've been investigating this, and have not been able to find any evidence of any breach or unauthorised access to any Walkhighlands data, to which we maintain the highest standards of security.

There are several possibilities as to how you could have received a spam email on this address. As stated in my email, I'm continuing to look into the issue.
User avatar
Paul Webster
Site Admin
Mountain Walker
 
Posts: 5826
Munros:282   Corbetts:222
Fionas:71   Donalds:45+17
Sub 2000:121   Hewitts:133
Wainwrights:135   Islands:92
Joined: Jan 6, 2007
Location: Highland
Walk wish-list

Re: Address stolen

Postby anonymouse » Tue Aug 07, 2018 1:31 pm

That wasn’t me who emailed - must have been someone else who was affected.
anonymouse
 
Posts: 3
Joined: Aug 18, 2010

Re: Address stolen

Postby Paul Webster » Tue Aug 07, 2018 1:53 pm

Apologies - in your first message you said you had reported this to the administrators. If you aren't the person I've referred to then we've not received anything from you other than this post on the forum.

To be clear, I'm the person responsible for the security of the site - I carry out all the IT work on Walkhighlands. If you want to email me direct you can do so on editor@walkhighlands.co.uk

I've carried out an audit and have so far established that there has been no apparent breach since I moved Walkhighlands to our current host in 2014, at which point I completely rebuilt our servers from scratch with minimal access and highest security.

It's not possible now to look for breaches before then, but Walkhighlands was then hosted using a control panel which offered less security than our current setup. Passwords have always been fully encrypted since the site forum was first set up in 2007 and as such are safe.
User avatar
Paul Webster
Site Admin
Mountain Walker
 
Posts: 5826
Munros:282   Corbetts:222
Fionas:71   Donalds:45+17
Sub 2000:121   Hewitts:133
Wainwrights:135   Islands:92
Joined: Jan 6, 2007
Location: Highland
Walk wish-list

Re: Address stolen

Postby klinketyklank » Tue Aug 07, 2018 6:16 pm

Same here - I received an Amazon phishing email yesterday evening to an email address set up exclusively for this site.

Yes, it is theoretically possible that the same phishing group has happened upon the specific email address used by several users all at the same time, but a much more likely explanation is that there has been a data breach somewhere.
klinketyklank
 
Posts: 1
Joined: Jun 26, 2014

Re: Address stolen

Postby weeblewobble » Tue Aug 07, 2018 6:19 pm

Exact same problem here, I use unique email addresses for most websites and the unique one I use here has started receiving spam which is indicative of a breach somewhere.
weeblewobble
Stravaiging
 
Posts: 2
Munros:189   
Joined: Feb 17, 2014

Re: Address stolen

Postby Paul Webster » Tue Aug 07, 2018 6:34 pm

Thanks for the messages. At this moment I think the most likely scenario is that there may have been a historic breach on our old server/host in 2014 resulting in email addresses being exposed to spam.

I confirm that all my investigations are showing that Walkhighlands current servers are fully secure. It's also worth noting in any case that email addresses are the only personal details we hold (our policy is to store nothing that is not necessary) - we do not have actual names of users, addresses etc., and passwords are fully encrypted and so cannot be accessed even by ourselves.

I've already made a report to the information commissioner about this earlier today on receiving the first report and we are awaiting their instructions as to what further steps to take.

Our emails are actually sent out via Amazon SES service and email itself is not a secure medium (emails can be easily intercepted and read as they cross the web) so there is a possibility of a listener service picking up email addresses, which would not be a security breach. That said, my assumption is that there has been a breach back in 2014.
User avatar
Paul Webster
Site Admin
Mountain Walker
 
Posts: 5826
Munros:282   Corbetts:222
Fionas:71   Donalds:45+17
Sub 2000:121   Hewitts:133
Wainwrights:135   Islands:92
Joined: Jan 6, 2007
Location: Highland
Walk wish-list

Re: Address stolen

Postby BlackPanther » Wed Aug 08, 2018 2:38 pm

I got one of them as well. Somebody claiming they're Amazon. My e-mail is not exclusive for this site but might be the same source of "leak". I don't care personally, I just flag such stuff as spam and delete it so no complaints from my side, just wanted to let you know that it happened to me, too.

Sadly, we live in a digital world and it's impossible to escape from such stuff. Don't let spam mails spoil your day :D
User avatar
BlackPanther
Mountain Walker
 
Posts: 3839
Munros:268   Corbetts:182
Fionas:136   
Sub 2000:75   
Joined: Nov 2, 2010
Location: Beauly, Inverness-shire

Re: Address stolen

Postby anonymouse » Wed Aug 08, 2018 2:46 pm

BlackPanther wrote:Don't let spam mails spoil your day :D


Yes, of course, spam just goes in the bin. But nevertheless it is important for us all to let site administrators know when a breach has occurred - and to check what other personal data may have been exfiltrated at the same time. Personally, I take data breaches seriously, as every piece of stolen data adds to criminals’ armouries for future more complex attacks. Luckily I have stored very little on walkhighlands - no credit cards, data of birth, home address etc. Other users may not be in the same position.

It is also important to ensure other users know about breaches because someone out there will have used the same password for this site and other more important sites - and other users will fall for the scam and click on the fake Amazon email.

As the administrator said, it is possible that this is the theft of addresses from a long time ago (or recent breach of an old backup), and perhaps only now bought by scammers from the dark web.
anonymouse
 
Posts: 3
Joined: Aug 18, 2010

Re: Address stolen

Postby sharmuk » Sat Aug 25, 2018 4:45 pm

Just for the record I too have a unique address for this site and have received the phishing email
sharmuk
 
Posts: 1
Joined: Feb 10, 2013

Re: Address stolen

Postby redbadger27 » Wed Aug 29, 2018 5:20 pm

I also use unique addresses for every company/organisation/website I engage with. I also received a fake amazon phishing email recently to the address used to identify me on this site. I first registered with you 19th July 2014. Since then I have only ever received email from you, to that address, related to your website and your commercial interests, which is what I would expect. That was until 24th August 2018 when I started getting spam emails to that address. Since you are the only organisation to hold the address, it can only have come from you or a breach of your systems/processes somehow. I have now disabled that address.

By the way, I tried to report this by email to your editor(at)walkinghighlands(dot)co(dot)uk but received the following message back after a few days : "Your message wasn't delivered. Despite repeated attempts to deliver your message, the recipient's email system refused to accept a connection from your email system. Contact the recipient by some other means (by phone, for example) and ask them to tell their email admin that it appears that their email system is refusing connections from your email server. Give them the error details shown below. It's likely that the recipient's email admin is the only one who can fix this problem. For Email Admins: No connection could be made because the target computer actively refused it. This usually results from trying to connect to a service that is inactive on the remote host - that is, one with no server application running.
redbadger27
 
Posts: 1
Joined: Jul 19, 2014

Re: Address stolen

Postby Paul Webster » Thu Aug 30, 2018 7:00 pm

Thanks for your message. As previously posted,I believe that there was a breach, currently we believe in 2015 but have not been able to identify the definite means. I reported the breach to the information commissioner; I'm very sorry about the inconvenience.

The email address to contact us is editor@walkhighlands.co.uk - not walkinghighlands.co.uk (i do own that domain as we've been misprinted as that in newspapers and it means people still get the website, but it doesn't have any email set up on it)
User avatar
Paul Webster
Site Admin
Mountain Walker
 
Posts: 5826
Munros:282   Corbetts:222
Fionas:71   Donalds:45+17
Sub 2000:121   Hewitts:133
Wainwrights:135   Islands:92
Joined: Jan 6, 2007
Location: Highland
Walk wish-list




Can you help support Walkhighlands?


Our forum is free from adverts - your generosity keeps it running.
Can you help support Walkhighlands and this community by donating by direct debit?



Return to Walkhighlands announcements and feedback

Who is online

Users browsing this forum: No registered users and 0 guests