From what it says on the link from reddit all it takes is a bot to have your username and password from a another previously compromised forum eg
User
Password
email:- ForumOne@yourdomain
Using the compromised User and Password the bot then crawls lots of other forums on the internet looking to see if those details allow it to log in anywhere else. If it finds it can log in, then it will take any relevant info from that forum too.
So now its starting to build up a profile of the user
User
Password
emails :- ForumOne@yourdomain, ForumTwo@yourdomain, ForumThree@yourdomain
Owners of the bot are then selling this new information on the darknet. This info has 2 possible outcomes.
1) A new list of emails that can be resold for spamming purposes.
2) The list of new info can then easily be further filtered and this I suspect is what oiulkjmnb1 is referring to when he says expensive and exclusive lists. They can identify a list of people who use their domain name with a different prefix for each forum.
If the prefix matches up in some part with the forum name its obvious what the user is doing and a list of those domains can be identified for the purpose of further ill gains such as
- dictionary type spam attacks on the domain name
- Using the domain name to spoof a load of spam mails to avoid blacklists
- Someone even mentioned they could be used for
spear phising?
What it does mean, is that even if you use a specific prefix with a specific forum that you can not say without doubt that the forum is the source of the breach.
I have investigated everything I can - and probably gone to a heck of a lot more trouble than most forums would - but I can hand on heart say that I cannot see anything to suggest there has been a breach of our database.
If anything I suspect this may have come as a second wave attack from a breach of data elsewhere using one of the above methods on the back of same username. I do admit that its highly likely that a bot has visited this forum specifically looking for info, but the original breach has come from elsewhere and there is nothing I or any other forum owner can do to prevent this other than suggest you change your password and ensure separate passwords are used for different sites.