Earlier this month my email provider, Libero Mail (part of Italiaonline), sent out an email to their users advising that the email account DB had been compromised and password digests stolen. They advised that for security reasons users should change their passwords but that only the secure hashed version of passwords had been stolen, which they contend is quite hard to brute-force.
Well, guess what? I have had reports today from people saying that somebody claiming to be “Luigi Di Fraia” is sending out malicious emails to my contacts. Obviously they are not sending emails from my own email account but from ad-hoc/spamming accounts all over the place.
I guess hackers were able to steal personal information (such as name and phone book) during their attack to Libero Mail, and not just the password digest as advised, or even set up a back-door for further illegal activity.
Stay vigilant people! Double check the sender if you get unsolicited emails apparently from me: as you know, I am not the kind of person sending out emails along the lines of “check out this fantastic stuff at the following link”…