Meetup.com emails compromised, users sent spam and malicious links
This past Monday, Geektime had received and verified several reports of compromised Meetup accounts being used to forward spam and other sorts of malicious messages to Meetup users.
In the screenshot above, a link, sent by an account belonging to a user’s contact, leads to a scammy/spammy article posing as a legitimate news piece – see below:
The article includes a call to action to join some shady “Online Income program,” and reap the same benefits as part time super-earner-lady mentioned in the headline.
Nothing to see here, move along
Geektime reached out to Meetup for comment and received an email response from Jenn Louie, Meetup Trust & Safety Manager. Loui claims that Meetup recently discovered the issue and has reset email passwords for the affected accounts. Loui went on to explain that there were no indications of Meetup.com itself having been successfully breached in any way and no user information was compromised, to their knowledge.
It remains unclear exactly how many users were effected. Loui remains vague on this point referring to only a segment of Meetup users being effected.
Loui further speculates that a common practice of re-purposing emails for multiple sites may be what lead to the issue, in which case user email passwords would have been retrieved through a breach of some other unrelated site.
Loui’s explanation is comforting, until one considers the fact that for the offered explanation to hold water, it must allow for the the assumption that this other breached site just so happened to be populated with a bunch of Meetup users who, as it stands, haven’t been complaining about services of theirs being compromised all over the place – only Meetup – at which point it becomes a little less comforting.
The good news is, we may have been inadvertently exposed to a method of making $90K working part time while doing absolutely nothing! Just think of all the Meetups we can go to with all that extra time.
The full text of Meetup’s response can be found below:
- Regularly update and change your passwords
- Use unique passwords for your different accounts
- Don’t use identical login information across multiple websites or services
- Don’t click on links you aren’t familiar with, especially in messages from individuals you don’t know