There is a reported incidence from several years ago where a couple of members using unique email addresses reported they'd received spam. At that time I had an excellent line of communication with my web hosts (who unfortunately have since sold out) and they too got involved checking to see if the forum database could have been breached and their conclusion was that it had not. I spent a considerable amount of time and can confidently say that it does not appear that the forum database has been breached.
I use a unique email address for my kitz forum login which is clean and never rec'd any spam. Most members reported they had no spam. However I took the report seriously and spent an awful amount of time looking into the report and drew a blank. I don't believe many forum owners would have spent as much time investigating as I did for an unconfirmed spam attack. There are lots of forum regs whose accounts had been open for many years who joined in the conversation saying they hadn't received any spam.
What I did find out during that time is that using a unique forum username and password is no longer a way of completely protecting against spam. There is one particular bot that specifically targets unique email addresses. All it takes is for you to have been involved in one of the many known larger breaches such as say myspace.
Firstly the bot checks the list of the breached myspace accounts specifically looking for email addresses that have used the format '
myspace@mydomain'. It assumes that any accounts using the alias 'myspace' (or some variation of 'myspace
#eg MySpc) in the email address has their own domain name and are using unique references for email. The bot then sets off trawling the Internet looking for accounts elsewhere in use using the same forum username and assumes a match. Even better if you are using the same av or some other public info. If you use your domain name to create email addresses for forum mail, this is no longer a way to keep all your mail spam free.
iirc a couple of users said they suddenly received spam mail, yet 100's of others didnt. Both users were using their domain names with the site as an alias. My web hosts confirmed there was absolutely no sign of a forum breach of data and all logins to the forum database were from my IP. There was no sign of any other database activity. Because there is only me who has access to the database then it was easy for them to check that there were no other accesses to the server except from either me or one of their IPs.
I do however suspect we may have been trawled by bots looking for matches. Unfortunately there is absolutely nothing I can do about this and its a risk we all take when we partake in activity on the Internet. I get spam to an email address linked to ISP usergroup forum from which there has been no breach. I am guilty of using my domain name with unique sites as the alias and there are no several that routinely get spam, just a couple of weeks ago I was surprised to see a spam mail come in on an address I use for shopping. I doubt theve been hacked or I'd be seeing something about it. Over the past few years I've had spam to unique addresses that have been compromised. These addresses have nothing to do with the site and use a different mail name. I also get plenty of spam to email address names that have never been used
---
TLDR;
1) There is no evidence of this site data having been breached.
2) Link to discussion July 2017
here3) Using unique email addresses are no longer protection against spam - especially if one of your aliases has been compromised in one of the big name hacks. Unique addresses are now being targetted without there ever having been a compromise on that server. There's several in-depth articles for more info.