I have an email address I use exclusively for ST
I have received this message 3x in the last little whole
We have detected unusual activity on your account xxxxxxxxx.ca, or believe your credentials are at risk.
For your security and to ensure only you have access to your account, we will ask you to “verify your identity” and “change your password”.
And of course it brings me to a “bad site”
Anyone else ?
C’mon man, we all learned not to click spam emails 20 years ago.
I was more interested on how someone got that email address, since it isn’t use anywhere else.
If I am the only one, that is one thing, if I am not, that’s another story
There’s about a billion different crawlers out there. Nothing on our end.
If the only person that knows this address is ST, how does a crawler get my email other than from ST ?
Do you share email lists with partners ?
Nope.
What most likely happened is that whoever owns the DNS records over on your website likely got picked up, which is how they checked all the MX records to try and ascertain the email addresses associated with your domain.
Interesting that of 30+ email addresses associated with the domain, only the slowtwitch one is being used.
It’s definitely a maga operation
Interesting.
It looks like some changes have recently occurred. When I first wrote, the discourse server was a version with known vulnerabilities. It seems it has been updated.
That’s a plausible theory. If they can scrape the domain and then run a dictionary attack or use a service that cross-references old leaks, they might have hit that specific alias. It’s just a massive coincidence that they picked the one address that was supposed to be a “silo” for this site.
Way back when….I ran the ethical hack and penetration testing group for a large software company. So I have a certain flair for when/why bad things are happening.
I look at a few things out there, such as software being used (open source), version, known vulnerabilities of that version…..I can get a feel for what may be.
And while I have not been in that field for 12+ years, nice to see the bad practices back then are still around 
No big deal, I was not hacked or anything like that. But I don’t think that email was detected from my DNS provider.
And it looks like there is a new version of Discourse running. Always good to be up to date.