Just started getting spam E-mail sent to the unique E-mail address only your accounting and forum should have. Most likely either your account database or forum database has been compromised by someone.
I’m going to update the E-mail address (since they’re linked I won’t be able to put unique E-mail addresses in each location) and I’ll update the status if I see SPAM coming to the new address.
I’ve added the compromise info here: http://bit.ly/1cymiwO
At a minimum it’s an E-mail address compromise, don’t know if accounting system is compromised or not.
The old forum was hacked back in 2015. Any emails or such that was included in that breach will be bound to end up in a spam sendout.
As I’m sure you’re aware, the old forum was hacked a couple years ago and a portion of the email address database were taken. It was a big deal. The forum was moved, in total, to a new provider using a different base forum software.
What is being seen now, throughout the forums and on several web sites, including the fake “Plex + MySafeVPN” announcement emails is someone trying to capitalize on recent laws in the US. They are trying to lure people into a service which is not real. If you follow the conversations on twitter and reddit, you’ll see just how bad the scam is and how defensive those perpetrators are.
Looking at the dialog you’ll see they started with their HQ in Canada (at some restaurant) and, at last look, were located at some car rental place in florida.
Action is already being taken. It appears one of these domains has been taken down by the domain issuer.
If you wish to follow the ‘action’ and participate with the reporting to your ISP, please search for the ‘mysafevpn’ threads. You’ll find a number of links to help shut down any remnants with ISPs.
Here’s a great post about the entire dodgy mysafevpn thing.
Weird, in searching E-mail history this was the first time I got spam to the E-mail address that Plex had. This wasn’t advertising any VPN service, just a standard spam bayesian fuzzing block of text and link.
Well, since the E-mail has been reset with a unique as of now, we’ll definitely know if there’s another compromise moving forward. Thx for the info 
