![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SC-Help] Re: SpamCop Security Breach ???
Bill Turlock
"Bill Turlock" at sonnic.net
Mon Sep 6 18:53:44 EDT 2004
Ellen wrote:
>
> "John E. Malmberg" <wb8tyw at qsl.network> wrote in message
> news:G-6dnQB8QqvHGIDcRVn-vQ at adelphia.com...
> > Bill Turlock wrote:
> >
> > >
> > > What exactly does it mean that my "address was revealed"?
> >
> > Apparently the e-mail address that you use to get spamcop.net e-mails.
>
> Yes
>
> >
> > > To whom and under what circumstances?
> >
> > To unknown people who have put random numbers into the spamcop.net
> > password reset form just to see what e-mail address popped up.
>
> I don't know to whom specifically. A change password url was used into which
> someone could put a "user ID" number and have the email address pop-up -- no
> other information showed up.
>
> >
> > > Am I going to have to endure an endless blast of spam now, or
> > > what?
> >
> > It would probably be more in the spammers interest to listwash you from
> > their spam runs as they know that spamming that address would be reported.
>
> Personally I suspect the end result will likely be nothing -- other than
> perhaps a suppression list -- but I don't know for certain.
>
> >
> > As the abusable feature was disabled and then repaired shortly after
> > spamcop.net was notified about it, it is likely that only a few early
> > testers had actually seen your e-mail address.
>
> It was a small number of users/addresses.
>
> >
> > <snip>
> > > I've been a supporter of Julian since the early days, I used to
> > > send him donations even before this became a paid service and I
> > > expect better than this kind of vague 'information'!
>
> Unfortunately this is all the information that is available. I am not trying
> to downplay this security breach but you know everything I know and, as you
> can see, there is not actually much to know. No one hacked into the
> database, the url allowed them to put in a number and see an email address.
> Had they clicked the link on the page, the *owner* of the address would have
> gotten an email saying "this is your new password" -- annoying to be sure if
> the email address owner had not planned to change their password.
>
> >
> >
> > > I am extremely annoyed.
>
> As are we ...
>
> > >
> > > I know mistakes happen, but I want the full story and I want it
> > > now!
>
> This is the full story. I know it sounds like there should be something more
> but there isn't.
>
> Ellen
Thank you very much.
Bill
More information about the SpamCop-Help
mailing list