PDA

View Full Version : Possible Hack



AniaR
08-17-2018, 08:15 AM
Hey all I woke up this morning to some vulgar emails from "Christin Crum" which seems to be a play on Chris Crumbly (a well known mermaid photographer). The emails just had a bunch of porn IN the email and somehow made it through my spam filter.

Turns out, I was not the only one, and dozens of my mer-friends did. They all had it sent to their business emails, but mine was my personal. I couldn't figure this out because I don't post my personal email anywhere online and rarely use it.

Then I realized what we all had in common- we are all members of Mernetwork and I noticed a bunch of the members when I went back through and looked at who the emails were sent through. I of course, used my personal email to sign up on here as opposed to my business. I saw one of the admin on there as well.

I reported this to Iona but she may not see it for a little bit. So as a general heads up I would change your passwords, I will be doing that.

I don't wanna post the screenshot of emails here because it'll publicly post people's addresses but I recognized:

Matt from Sirenetics, mermaid lanai, mermaid selene, Dylan, Malingni, Tiana, and more. A lot of people used their personal emails too.

If you check your email you don't have to open the message but it would be from 'Christin crum" if you're lucky it went to your spam, but for some reason it didn't get filtered for everyone I've asked.

AniaR
08-17-2018, 09:16 AM
Ps you should absolutely change your email password if you get this, or if your email and mernetwork pass are the same

Sent from my [device_name] using MerNetwork mobile app

MerEmma
08-17-2018, 09:37 AM
Thanks for sharing a heads up on this!!

Saelyyia
08-17-2018, 11:54 AM
Thanks for the heads up!

Winged Mermaid
08-17-2018, 06:09 PM
Not sure where or how they acquired the info- will be checking in with our host to see if they know anything, and notifying the users in a mass email as well. Seems like some kind of database is always getting hacked and info leaked, and us being a small site apparently makes us no exception.

MerFantasy
08-18-2018, 10:13 AM
Oh my god, thanks for the tip. That is some scary stuff :O

Sent from my shell phone using MerNetwork mobile app (http://r.tapatalk.com/byo?rid=95032)

malinghi
08-19-2018, 03:18 AM
Thanks for pointing this out. I just submitted a ticket to our hosting company for them to look into it. The two obscene emails I received both had the same 34 recipients listed. They were mostly early users of the site. I'm not sure if that's significant, and I'm not sure whether only those 34 people received these spam emails, or if other people besides those 34 received them as well. If you received them feel free to let me know.

Based on the site logs I'm not seeing any weird activity. One possibility is that this email list could have been collected during a previous hack years ago. In any case, I recommend changing your passwords to this site as a precaution.

OrcaMatt
08-19-2018, 12:28 PM
Laaaame. Ok thanks!

Sent from my [device_name] using MerNetwork mobile app

AniaR
08-19-2018, 11:37 PM
I would make a password change mandatory, create an alert reminding people to do it on the front page. The site can end up liable. Cuz I changed my password the last time it was brought up, and I STILL got it.