I use different email addresses for all mailinglists and services I use, therefore I knew that Dropbox, LinkedIn and Adobe had been hacked long before that was public knowledge. Since a couple of days I’m getting ‘lonely Russian girl’ spam on the email address I use exclusively for TidBits. I’ve looked at all my mail, and I discovered 1 other spam message on this address on April 12th, 2017, so this doesn’t have to be a recent breach, and I do know that there can be other explainations for this spam. But if my Mac was compromised, I would expect spam on other email addresses I use also, but this is not the case. However, this could very well be a false alarm, but I prefer to err on the side of caution. If there is no problem with TidBits then that will very soon be clear I expect.
If TidBits proper or TidBits Talk was compromised, I think there may be a plethora of people noting that their email was compromised. It also doesn’t mean that your Mac was compromised. What usually happens (in my experience) is that someone who has received an email with your address as the from, got hacked/farmed/phished and your email address ended up in the hand a spammer/scammer. This also happens when people have their contacts list compromised.
Previously (before the new TidBits using discourse) when we (TidBits users) replied to emails our email was exposed. That no longer seems to be the case.
To prevent that, I like you have unique email address’s, but not just for mailing lists & groups, for everyone. 99% of the business’s and individuals I communicate with via email get a computer generated, unique email address, which uses email redirection to get to me.
So in January when I started receiving spam on my Tidbits address, I just generated a new one, updated TidBits with the new one, and threw the old spammy one away. Problem solved.
For the 1% that don’t get the computer generated address, they get a manually generated address but it still uses re-direction, so if necessary I can create a new one for them and throw the old away also.
I have no reason to believe that there has been a breach in any way, and there have been no other reports of anything odd, so I’m inclined to agree with Richard.
As he says too, Discourse doesn’t reveal your address to email subscribers, unlike Mailman did, so if you change your address again to another unique one, that would be a good test.