I think we now know how many of the strange emails from other collectors came to be generated. Google and read about Heartbleed on the web. I first learned of it from an article in the Wall Street Journal and a news spot on CNBC yesterday.
Anyone logging onto a web site that used a recent version of the server software that manages HTTPS, the "secure" HTTP communications protocol, could have had a password stolen by a malicious hacker. They don't get into your PC at all. Virus scans don't protect you at all. Changing your password at the site that provides your email service doesn't help at all until they fix their server software; it just gets stolen again. The bug was created about 2 years ago but was only recognized recently.
My email provider (Network Solutions) just turned off all email access. I changed password once a few days ago, but the volume of sent email in my user name was so great that they locked me out again. I never see any of this as the messages are sent from the email server, not from my PC. I would imagine that's true of other email providers as well.
This situation will settle out in a few weeks as every server gets software fixed and all users' email passwords are changed but until then, it's a big mess.
|