Was the TDI Club forum hacked?

jstn

Veteran Member
Joined
Feb 7, 2009
Location
norton, ma
TDI
gone to the dark side :)
I was combing through some spam email and found an email sent to my TDI Club email alias on November 23, with the subject "tdiclub.justin@mydomain.com has been hacked! Change your password immediately!"

The email subject contained the specific email alias I use for TDIClub (tdiclub.justin@mydomain.com) and also had my exact forum password (which is NOT the password I use for my email, because it's an alias and can't even be used to access my email account).

Any explanation?

Justin
 

unitacx

Veteran Member
Joined
Apr 7, 2006
Location
Alexandria, VA
TDI
2002 golf
Yes.

I got 2 "extortion" spams dated 22-Nov-18. Both used the spamgourmet address used for TDI club and both showed the then-current password. (I never changed that password, so in theory, this could have dated back to 8-2009.)

Pro-tip for scammers: If you purchased a list of accounts and passwords to scam people, don't use Bitcoin. Bitcoin is anonymous and has caché, but you've just limited your target to people who are at least knowledgeable enough to set up a Bitcoin account. And try to stay away from accounts with spamgourmet addresses for obvious reasons.

Oh, it always helps to use accounts from a list where everyone on the list is going to have a basic knowledge of how the internet works (and therefore won't be inclined to go along with the scam).

Comments specific to the attack:

1. The account information was apparently purchased by the scammer(s) from whomever broke into the server.

2. The general format of the emails are the same, but the specific wording varies (at least in the two I received). This is probably to address spam filter issues. My guess is the dual mailing was an error.

3. The scammer made no attempt to mung or block my user account. That could be because, in the typical case, munging the TDIClub account would be a dead giveaway as to which list was compromised.
 
Last edited:

unitacx

Veteran Member
Joined
Apr 7, 2006
Location
Alexandria, VA
TDI
2002 golf
This should be obvious, but users should be advised to identify any account with the same or a similar password. It's not difficult to find the identity of anyone here unless they took special precautions to remain in "deep cover", and so it's just a matter of time before this scammer or another purchaser of the account list will use the information to try to break into any other accounts on the web.

For most of us, this will force some long-delayed housecleaning of web signin data.
 

Jetta_Pilot

Top Post Dawg
Joined
Apr 14, 2005
Location
West Hill, Ont.
TDI
2015 Passat Highline TDI Candy White (SEL Premium) long gone 2002 Jetta TDI
Have you guys considered that YOUR own email account has been compromised?
What you're getting may have absolutely connection to TDI club.

One thing that ticks me off royally is people forwarding emails including several previous senders email addresses instead of sending BCC. That's one certain way email addresses get to Spammers.
 

unitacx

Veteran Member
Joined
Apr 7, 2006
Location
Alexandria, VA
TDI
2002 golf
Have you guys considered that YOUR own email account has been compromised?
Not likely in this case, for a number of reasons.

That email to 50 closest friends thing, with a email addresses visible is ... well, I'm sure I've put several people off by asking that they don't do that. It's an invitation for the email address to be harvested by the first email virus to be opened by one of those 50 people.
 
Last edited:
Top