Data breach
-
As of 2017-04-03, I have started receiving spam emails to an e-mail address which has ONLY been used with WordPress.com.
I believe wordpress.com may have suffered a data breach.
-
Hi there,
There has not been any breaches on our end. Instead, it’s likely to have been caused by bots rather than a leak of your email address. The bots can target domains and try commonly used prefixes like info@, admin@, wordpress@, and also stuff like names or usernames that might appear on the site, or on a Twitter account that has the domain in the profile, etc. The bots can even just try random combinations until they get one where the email goes through.
Once that happens the spammer knows they have a valid email address, and from there they use a different bot to keep sending you spam at a regular interval. It’s all automated, so aside from programming the bot itself, this is all done with minimum effort on the spammer’s part. Actually trying to hack an encrypted database like ours are just too much work for a common spammer to do.
The only thing you can do is to mark those emails as spam so your email client’s spam filter can learn to automatically filter them out over time.
-
The prefix was not common or easy to guess. All prefixes on my domain are accepted (wildcard) – I use a specific address for each site.
Somehow, the e-mail address I have given to wordpress.com has been leaked.
- The topic ‘Data breach’ is closed to new replies.
WordPress.com Forums 