Today was surprised by some spam mails, on mailboxes I only use on PSU, so I was wondering, how they managed to get these mail addresses?

Did someone steal the User database?

Please be honest and respond!

We have no indication that this has occurred.

Could you please check again?
I'm definitely not using these E-Mail Aliases anywhere else, only for our Outfit account and my personal account.

Although the content was some senseless stuff

According to Weber inequalities are created and preserved by traditional authority. April 12, 1925, less than three months after the death of her husband. English medium as well.

and

December 2007 due to the expiration of its mandate, despite American calls for its continued presence. The railway chose to have their terminal close to the city center. Enormous fingers appear through a set of shattered windows on the left, moving as if trying to grab the car.

There is no other way, how they could've obtained these mail addresses.

Sent from:

Return-Path: <[email protected]>
Reply-To: <[email protected]>
From: "ps-universe" <[email protected]>

Return-Path: <[email protected]>
Reply-To: <[email protected]>
From: "psu" <[email protected]>

Unfortunately I don't know what to tell you. It's not like we can just check a status page and see if things have been compromised :)

I reviewed our various logs, both admin and web and db and saw no indication of any sort of compromise.

Okay, that's true.

IMO the spam is an indicate for a comprised leak and you should consider a mass mail so users can change their passwords.

For security sake.

SerethiX - serethi.de (http://serethi.de)

I really can't see doing that for one report. There are other ways for people to get their hands on e-mail addresses.

Same for me, getting massive spam since yesterday on the account that is only used for PSU.

I am really concerned about this and you should at least inform your users about this leak. I will change my password and create a different mailbox for PSU in the meantime and stronly advise everyone else to do the same.

You still have to consider that most of the users do not use dedicated adresses for all sites and won't complain here because they can not track the origin of their spam.

dedicated mailboxes = more spam control

SerethiX - serethi.de (http://serethi.de)

Is this email: SerethiX[the_AT_symbol]dgma[dot]eu? Or "admin" at the same domain, or Serethix/admin at serethi.de? Any of those would be easy for a web spider to scrape from your posts here...

I'd agree the 'from' field would seem to indicate the spammers are in some way linking you account to PSU, but suggesting a web database has been breached is a pretty serious accusation to base on one or two incidents of spamming.... And even more so to suggest that password hashes have somehow been compromised...

No, they are not connected to the domain.

SerethiX - serethi.de (http://serethi.de)

What Mightymouser said. I cannot assume our entire database has been compromised based on a few reports of spam.

http://www.planetside-universe.com/showthread.php?p=957140#post957140

We got additional reports of spam and also I was able to delve into some backups and pull some older logs.