[2021-02-25] Private message spam, **NOT** hacked

Christina99 messaged me 6 hours ago, glad I didnā€™t have the suprise of what was contained within.

I never get any messages though and this one with that name suggests something amiss.

So I did not open it, instead I found this thread.

Thanks sb.

I got notification Feb 25 at 3:34am, that Angela98 sent me a message

when I tried to follow the notification link, I got my entire sent message history instead, and there is no Angela98 username on BLF

from which I infer thas sb deleted the account, along with whatever message Angela98 wanted to shareā€¦

I hope she is not lonely without meā€¦ LOL

Diane98 sent me a spurious PM too. Message was sent at 6:01 AM on 25 Feb 2021.
BudgetLightForum had already deleted it so I was not traumatized. LOL.

By the way, I donā€™t know if this is still true, but a long time when I tried to register my usual email with BLF it would not except one with the ā€œ.netā€ extension. After a couple of years I caved and finally registered using my gmail account.

Thanks for the administrators efforts with the forum!

You can. Get rid of Alexa. And your Google phone while youā€™re at it
:wink:

And thanks SB! Your effort is appreciated! :+1:

I got the same from Diane98. Deleted the PM and Blocked :+1:

No PMs from Diane, Chantal etc. What did I do wrong? :frowning:

The raunchy PM I received came from alisausa11. I deleted the PM and blocked the sender.

I agree there doesnā€™t appear to be any security risk. I see no reason to think anything was compromised.

This type of attack is (er, was) almost trivial to do. The siteā€™s infrastructure was designed to make it easy to automate things without any special permissions. Thatā€™s fixed though, and it sounds like sb is looking into more long-term solutions.

As for the weird behavior when clicking one of the deleted messages, thatā€™s an old issue which was unrelated to the spam. It only showed people their own messages. A little weird, but not a risk to security or privacy.

Yeah, I feel the same. No love for me. :cry: :wink:

That explains things OP. Thanks.

slmjim

You both joined BLF in 2019.

If the spambots started with user #1, and then went up from there, maybe they didn't get to BLF members that joined in the last couple of years.

It looks like they didnā€™t go in order, Iā€™ve received PMs from several users that got spammed in the 30,000 - 33,000 user ID range.

No, that bit isnā€™t correct TK. I can see everyoneā€™s messages who replied to me too every message ever that is lol - hundreds of them, or did you mean that? sorry, unsure

Just to be transparent, I removed the previous two threads that started discussing this issue before this official one. Itā€™s not an attempt to hide anything, but rather there was a lot of speculation and wrong information in those threads regarding what had happened. Thanks very much to everyone here for their patience and understanding.

Right, all messages that were ever sent to you were getting dumped onto the screen when visiting an email notification link to a PM that no longer exists. So itā€™s not a privacy leak because they were the same messages that you had sent and received, just all in one big threadless glob.

Ah I see, sorry for the confusion.

Oh, okay.

I bet you've gotten more than your fair share of PMs today.

You could say thatā€¦ :weary: :wink:

Thanks for your hard work and diligence, Mr. Admin.

Yep, if your forum is going to be run by a single administrator, it's beneficial to have someone that is capable (and friendly.)