KoolAid3
View Collection
Man named Rung Jones emails me believing I'm Consolevariations owner?
First part of email itself.
Name of email and account.
Second part of email.
That happened to another user here as well. I'm honestly not sure how in the world that's possible unless ConsoleVariation's is leaking user email addresses? As far as I know, I can't see your email, you can't see mine. So.......how are they getting it? I've run a whois on the domain which is the only place I could think of where and how they might be harvesting them from, but no, ConsoleVariation's is using namecheap to protect the registrar information, and I cannot even see them having access to personal email accounts of users here.
So, I can only conclude it's being leaked by a staff member, or the server is compromised? Because seriously, you, and another user/member had the SAME exact email, same wording and all (and I no longer can find their post, it was deleted?).
I hope an administrator can be fully transparent about this vs the "I'll look into it" that was given last time on the now-deleted post, because at this point, there's something more serious going on. Two users, this isn't an accident, something is flat out compromised.
I'm one of the users that commented on this. I found it very weird. Don't know why it happened.
I guess they never told you why it happened since you don't know why.
At this point they're gonna have to find out, because PII leakage is no joke, even email addresses that are not supposed to be visible to the public facing.
Hey
SuperLanden205
, I found out how the leak happened (and still is, despite Don's claim it's fixed), may I email you with the evidence and how to find it yourself via Archive.org?
Unfortunately I don't even need to ask for your email address, I have it (it's plain text!). But don't wish to bother you without permission since you were the affected user, but were never told.
We heard you and thank you for the feedback! The server has not compromised or any of us has leaked info, we can promise you that! The following has happend:
for more questions please contact us on Discord/email info@consolevariations.com
This post will be removed in 24hours
Don, I know how it happened now after auditing your server via Archive.org.
You have everyones email address in the code!!
Not cool man, you may not have been compromised, but you compromised yourself and chose to withold this, delete the post in 24 hours, and now you're caught.
And yes, because of your oopsie, now everyone's email address is publically compromised on Archive.org, and there to stay forever. I hope you send a takedown to Archive.org to protect your users?
Also Don, you have NOT audited your site in full. Go to the home page right now, right-click View Source, Ctrl+F and type email.
Do you not see MORE people's email addresses? I found:
(There's more, but I opted to only cherry pick 2.)
Censored the rest of their email because I have no choice now but to throw you under the bus. You refused to say how, I found out how. You claimed it's fixed, it is NOT fixed.
What the heck man? At this point, where's my bug bounty?