I agree there doesn’t appear to be any security risk. I see no reason to think anything was compromised.
This type of attack is (er, was) almost trivial to do. The site’s infrastructure was designed to make it easy to automate things without any special permissions. That’s fixed though, and it sounds like sb is looking into more long-term solutions.
As for the weird behavior when clicking one of the deleted messages, that’s an old issue which was unrelated to the spam. It only showed people their own messages. A little weird, but not a risk to security or privacy.
No, that bit isn’t correct TK. I can see everyone’s messages who replied to me too every message ever that is lol - hundreds of them, or did you mean that? sorry, unsure
Just to be transparent, I removed the previous two threads that started discussing this issue before this official one. It’s not an attempt to hide anything, but rather there was a lot of speculation and wrong information in those threads regarding what had happened. Thanks very much to everyone here for their patience and understanding.
Right, all messages that were ever sent to you were getting dumped onto the screen when visiting an email notification link to a PM that no longer exists. So it’s not a privacy leak because they were the same messages that you had sent and received, just all in one big threadless glob.