Stardot possibly hacked?

on-topic acorn-related discussions not covered by the other forums
Post Reply
User avatar
jms2
Posts: 2730
Joined: Mon Jan 08, 2007 6:38 am
Location: Derby, UK
Contact:

Stardot possibly hacked?

Post by jms2 » Fri Nov 20, 2020 1:45 pm

On Wednesday I got an email purporting to be from "Robin Irvine" - a name which looked vaguely familiar to me. However the content of the email was just a link to an obscure and seemingly dodgy web address, so I deleted it without clicking on the link.

I have just realised that the reason I recognised the name is because Robin Irvine was a regular poster on here back in 2014. I don't think I have ever had any email correspondence with him, so I wonder how somebody has managed to get hold of both his name and my email address?

Anyone else seen something like this?

User avatar
flaxcottage
Posts: 4321
Joined: Thu Dec 13, 2012 8:46 pm
Location: Derbyshire
Contact:

Re: Stardot possibly hacked?

Post by flaxcottage » Fri Nov 20, 2020 2:05 pm

I have a lot of spam emails, as do most of us, I expect.

How did the spammers get my email address? - simple, unscrupulous organisations sell on your email when you do business with them, answer surveys, write reviews, etc.

How did they get the name Robert Irvine? - they invented it. All my spam comes from made up names but strangely nobody called Arthur Longbottom yet. :lol:

I would put this down to coincidence. :?
- John

Check out the Educational Software Archive at www.flaxcottage.com

SteveBagley
Posts: 263
Joined: Sun Mar 15, 2015 8:44 pm
Contact:

Re: Stardot possibly hacked?

Post by SteveBagley » Fri Nov 20, 2020 2:12 pm

I think it is also quite a common tactic that if hackers get hold of someone's address book or email account that they will just pair address from that on to make the email seem more believable. After all, if Alice knows Bob and Bob Knows Charlie it's quite likely that Alice might also know Charlie, so if Bob's address book is compromised sending an email purporting to be from Alice to Charlie has a higher chance of being noticed by the victim. So it might not be stardot itself that has been hacked, it could just be a user on stardot.

Steve

User avatar
davidb
Posts: 2907
Joined: Sun Nov 11, 2007 10:11 pm
Contact:

Re: Stardot possibly hacked?

Post by davidb » Fri Nov 20, 2020 2:40 pm

Names and e-mail addresses get harvested from all sorts of places: public mailing lists, compromised webmail providers, customer lists, and so on. Some of these are effectively saying something about a group of people who know each other, so using someone's name from the list will make it more likely you will read a mail from them rather than just delete it.

Sometimes you could get a random spam mail with a familiar-sounding name. Since spammers send out lots of messages, there are bound to be some people who think it's relevant to them. It's a numbers game.

Bobbi
Posts: 534
Joined: Thu Sep 24, 2020 12:32 am
Contact:

Re: Stardot possibly hacked?

Post by Bobbi » Fri Nov 20, 2020 3:58 pm

I often get spam which appears to be from myself. I am not sure why spammers think that is a good idea!

User avatar
jms2
Posts: 2730
Joined: Mon Jan 08, 2007 6:38 am
Location: Derby, UK
Contact:

Re: Stardot possibly hacked?

Post by jms2 » Fri Nov 20, 2020 4:30 pm

I guess its nothing then. I actually don't get a lot of spam (at least, not much that gets past the spam filter anyway), so this one initially seemed genuine to me. Robin is a pretty unusual name though isn't it.

User avatar
danielj
Posts: 8497
Joined: Thu Oct 02, 2008 5:51 pm
Location: Manchester
Contact:

Re: Stardot possibly hacked?

Post by danielj » Fri Nov 20, 2020 4:38 pm

The forum was, I believe, hacked quite a long time ago - before my time! I don't know the details though, I think it was just brought down.

d.

guesser
Posts: 493
Joined: Mon Jun 26, 2006 10:21 pm
Contact:

Re: Stardot possibly hacked?

Post by guesser » Fri Nov 20, 2020 10:47 pm

SteveBagley wrote:
Fri Nov 20, 2020 2:12 pm
I think it is also quite a common tactic that if hackers get hold of someone's address book or email account that they will just pair address from that on to make the email seem more believable.
I get this with a member of the Speccy scene from years ago. I assume his system was exploited and address book harvested at some point by clicking on the link in a similar dubious email.
A web based teletext editor which can export as Mode 7 screen memory: https://zxnet.co.uk/teletext/editor
Join the Teletext Discord for teletext chat.

User avatar
1024MAK
Posts: 10361
Joined: Mon Apr 18, 2011 5:46 pm
Location: Looking forward to summer in Somerset, UK...
Contact:

Re: Stardot possibly hacked?

Post by 1024MAK » Sat Nov 21, 2020 12:07 am

I honestly don’t know what you are complaining about, I get spam emails where the name of the sender is known to be dead (I knew the person). I don’t know how the spammers got hold of the information.

Also, please keep in mind that plain emails are plain text with no protection or security features. So even if you are very careful and your email provider is very careful, in addition to the other ways of getting names and email addresses, snooping traffic will also work.

Mark

User avatar
Richard Russell
Posts: 1715
Joined: Sun Feb 27, 2011 10:35 am
Location: Downham Market, Norfolk
Contact:

Re: Stardot possibly hacked?

Post by Richard Russell » Sat Nov 21, 2020 10:11 am

jms2 wrote:
Fri Nov 20, 2020 4:30 pm
Robin is a pretty unusual name though isn't it.
Number 865 in the 2020 chart of boys' names but much more common in the past I would say; I have known several Robins and there have been plenty in the public eye. Quite commonly a girl's name in the US of course.
I am suffering from 'cognitive decline' and depression. If you have a comment about the style or tone of this message please report it to the moderators by clicking the exclamation mark icon, rather than complaining on the public forum.

User avatar
SimonSideburns
Posts: 576
Joined: Mon Aug 26, 2013 9:09 pm
Location: Purbrook, Hampshire
Contact:

Re: Stardot possibly hacked?

Post by SimonSideburns » Sat Nov 21, 2020 11:59 am

I also receive email from random unknown email addresses with a from address containing the name of someone I know (and a few of those people are dead), so every time I receive one I mark it as spam and block the sender. A couple of clicks and a minor inconvenience, but should be worth it in the long run.
Just remember kids, Beeb spelled backwards is Beeb!

User avatar
BeebMaster
Posts: 3734
Joined: Sun Aug 02, 2009 5:59 pm
Location: Lost in the BeebVault!
Contact:

Re: Stardot possibly hacked?

Post by BeebMaster » Sat Nov 21, 2020 12:27 pm

E-mail isn't secure, it's a good job nobody is conducting confidential business using it...

I get junk mail occasionally from familiar names, I suppose it's not that difficult to do if you're in the business of making people's inboxes a nightmare to manage. Also certain topics in messages seem to generate junk on a similar topic. If I'm talking about jobs, work etc. then I tend to get "earn £5000 a day just from operating your keyboard" type nonsense. More recently where I've been getting lots of e-mails about parcel consignments, I now get junk mail about courier services.

Last week I got 5 identical messages to the same address, which was one I use for business purposes rather than hobbying, telling me that I had been recorded doing unspeakable things on Zoom (which I've never used, and never likely to) and unless I sent some bits of coins along it would be "distributed". I was a bit surprised that this message had got to the mail account it did, but if you know the domain name it's easy enough to guess a valid address with a brute-force attack. Sometimes the nuisance mailers get lazy or careless and will send a message to mutliple recipients, and you can see that you're just part of an alphanumeric try-on that they're processing.

Much of this is my own fault, because I had "spoof" e-mail addresses on my website for a few years where you could contact me at an address related to the topic, and they all went to a catch-all account. I stopped all that probably getting on for 10 years ago, but I still get the odd one showing up.
Image

User avatar
*TAPE
Posts: 12
Joined: Sat Nov 14, 2020 9:01 pm
Location: Sheffield, Yorkshire
Contact:

Re: Stardot possibly hacked?

Post by *TAPE » Sat Nov 21, 2020 11:11 pm

It's hard to prevent spam, but it's very easy to trace the origin..... buy your own domain name, and set up a catch all.

To explain....
I have my own .uk domain name, and I have a server behind it.
The mail server has just one email inbox, but it is configured as a 'catch all' for inbound mail.
Any email sent to absolutely any address at my domain ends up in my one inbox.

Every time I give out or enter my details to a new company or website, I enter/provide one which is unique to that entity only.
These email addresses then only exist in one place on the planet, the database of said entity.
They do not exist on any devices I own.
If any company emails me, they will send it to the unique address they hold in their database.
Worker ants at said company do not know this, they are unaware.
That email then lands in my inbox.

e.g.
lloyds@<domain> ...bank
esure@<domain> ....car insurance
rac@<domain> ....breakdown cover
stardot@<domain ....stardot forum
paypal@<domain> ....paypal
npowerareinept@<domain> ....energy supplier

.....yes, you have the option of including insults in your email addresses!
Which you then have to read aloud to authenticate your identity when you speak to the worker ants, who then either take it as a very personal insult, or laugh along with you.
You occasionally get the odd one who thinks your actually actually a staff member.... because you have their company name in your address!

When it comes to spam, by merely looking at the recipient address you know instantly who has either passed on your details, or suffered a data breach.
And this "evidence" is irrefutable.
That email address only exists in one place.

Doing this makes the task at the ICO so much easier when I report offenders. They never have to re-ask questions or check the legitimacy of my claims.


•Insurance companies used to pass on details.
•Hotel companies used to be repeat offenders, not so much now.
•It is 100% fact that Ebay sellers flog on your email address. The surge of 'new' spam I get to my Paypal address every time I buy something proves this.
•Spam to an address held by EBluey was a little alarming! (Armed forces <--> civvy communications)
•Earlier this year I had to inform a telecine company I had received spam from an address only they had. Turns out they had a database breach.
•Two months back I caught out a UK sporting body who played fast and loose with email addresses given to them purely for the purposes of covid screening.


If anyone wishes to buy their own domain name, it is my (humble) opinion that you should avoid buying through 123-reg.co.uk at all costs. They have an outage about once a month, which then stops domains from working, or users making changes to domain records.


As for phpbb forum leaks.... I used to run a phpbb forum a long time ago.
A long time ago phpbb forums were where it was at, and all of the data. The attacks to gain entry to the databases were unceasing.

Then some Russian l33t group wrote this utility script which contained every tool for gaining entry to any version of phpbb.
The script is huge, impressive, well written, and (to say it was written by a Russian group) exceptionally well documented in English!!
So many phpbb forums went offline very quickly.
....And then that college boy got everyone to willingly give him all of their personal information.

User avatar
davidb
Posts: 2907
Joined: Sun Nov 11, 2007 10:11 pm
Contact:

Re: Stardot possibly hacked?

Post by davidb » Sat Nov 21, 2020 11:59 pm

*TAPE wrote:
Sat Nov 21, 2020 11:11 pm
Doing this makes the task at the ICO so much easier when I report offenders. They never have to re-ask questions or check the legitimacy of my claims.
It's a good plan, and I'm pleased that someone (else) takes this sort of thing seriously. :)

ICO should have the power to meaningfully sanction companies for serious, intentional data misuse, especially for those that re-offend. Some of the companies they have fined probably see the fines as minor business expenses. :(

User avatar
*TAPE
Posts: 12
Joined: Sat Nov 14, 2020 9:01 pm
Location: Sheffield, Yorkshire
Contact:

Re: Stardot possibly hacked?

Post by *TAPE » Sun Nov 22, 2020 12:28 am

True. It's just that governments still don't understand the whole problem of 'data' enough to grant the ICO sufficient powers.

You also have to bear in mind that to some organisations (e.g. the telecine company I mentioned above), good security is just way above their capabilities, and, "the internet" is in the 'medieval period' of armour and weaponry.
That is......Invent better armour (security), then someone invents a better tin opener. And repeat, monthly.

User avatar
Richard Russell
Posts: 1715
Joined: Sun Feb 27, 2011 10:35 am
Location: Downham Market, Norfolk
Contact:

Re: Stardot possibly hacked?

Post by Richard Russell » Sun Nov 22, 2020 12:32 am

*TAPE wrote:
Sat Nov 21, 2020 11:11 pm
it is my (humble) opinion that you should avoid buying through 123-reg.co.uk at all costs. They have an outage about once a month, which then stops domains from working, or users making changes to domain records.
I buy domains through 123-reg but typically I then change the nameservers, so an outage at 123-reg won't affect availability of my domain at all. With that precaution, I have never had any issues with them.
I am suffering from 'cognitive decline' and depression. If you have a comment about the style or tone of this message please report it to the moderators by clicking the exclamation mark icon, rather than complaining on the public forum.

guesser
Posts: 493
Joined: Mon Jun 26, 2006 10:21 pm
Contact:

Re: Stardot possibly hacked?

Post by guesser » Sun Nov 22, 2020 2:58 pm

*TAPE wrote:
Sat Nov 21, 2020 11:11 pm
.....yes, you have the option of including insults in your email addresses!
Which you then have to read aloud to authenticate your identity when you speak to the worker ants, who then either take it as a very personal insult, or laugh along with you.
I was playing with the settings on my mail server a few weeks ago... You can now reach me at 💩@zxnet.co.uk
I'm now imagining confirming that with someone over the phone "no, not 'p' 'o' 'o', an actual pile of poo" :lol:
A web based teletext editor which can export as Mode 7 screen memory: https://zxnet.co.uk/teletext/editor
Join the Teletext Discord for teletext chat.

User avatar
*TAPE
Posts: 12
Joined: Sat Nov 14, 2020 9:01 pm
Location: Sheffield, Yorkshire
Contact:

Re: Stardot possibly hacked?

Post by *TAPE » Sun Nov 22, 2020 8:00 pm

Good thinking
Thats a single unicode character.
Can see some mail handlers falling over with that though.

guesser
Posts: 493
Joined: Mon Jun 26, 2006 10:21 pm
Contact:

Re: Stardot possibly hacked?

Post by guesser » Sun Nov 22, 2020 9:41 pm

Yeah, I don't expect it'd work in a lot of sign up pages and stuff. I can't even send mails to it using my email client as it's still not supported.

It was just to amuse myself really :)
A web based teletext editor which can export as Mode 7 screen memory: https://zxnet.co.uk/teletext/editor
Join the Teletext Discord for teletext chat.

User avatar
JasonStonier
Posts: 358
Joined: Mon Dec 10, 2018 8:10 pm
Location: Dorset
Contact:

Re: Stardot possibly hacked?

Post by JasonStonier » Mon Nov 23, 2020 10:31 am

guesser wrote:
Sun Nov 22, 2020 9:41 pm
It was just to amuse myself really :)
Get your laughs where you can, I suppose.

I found it funny...but we are all a self-selected bunch of geeks here.

Post Reply

Return to “general”