user emails have leaked

Case number:699969-2002683
Opened by:Anonymous
Opened on:Friday, August 12, 2016 - 15:06
Last modified:Thursday, August 18, 2016 - 13:27

The email address I am using for foldit is unique. Today I received spam on it - if the emails are really never published, it could mean your email database has been compromised.

(Fri, 08/12/2016 - 15:06  |  5 comments)

jflat06's picture
User offline. Last seen 3 hours 34 min ago. Offline
Joined: 09/29/2010
Groups: Window Group

While it is always possible that account emails have leaked, a more probable explanation is that spammers are brute forcing email addresses, as described in this article:

Joined: 09/19/2011
Groups: None

Emails have leaked. I also have a unique email created for which is complicated enough to be immune to normal dictionary attack (using a forwarding service). I have not used the email, nor logged in to since 2011. And I started getting spam to that email address on August 10.

Joined: 04/24/2014
Groups: None

I have forwarded the matter to the team for investigation, thanks for reporting it.

Joined: 04/24/2014
Groups: None

Update, as I've been talking with the team about this one. Thank you so much for these reports.

As a result of the reports we are taking pre-emptive measures over here while we investigate and continue to monitor the situation. We take security very seriously around here, and encourage our users to do the same.

I encourage everyone to take a look at the article linked above, as well as our general advice for picking usernames ( We also encourage people to change passwords regularly, and pick strong passwords when they do so!

Again, thanks a lot for the report.

Joined: 05/19/2009
Groups: Contenders

Just my observation; the recent request for authorship for puzzle 1152 had an originating and return address at, Google is notorious for scanning the content of email messages, and everything in it will be abused to personalize advertising linked to your e-mail account, which Google also links to your IP, your copy of Windows, your machine identifyable characteristics, your browsing history and so on.

This linking of your identity also takes place when you visit websites that carry a google plus logo (or 'sign in or share with your facebook account' logo for that matter)

A privacy pest so to speak. This ia why I try not to communicate to or from anyone with a gmail address.

The outgoing message came from the gmail account, so now Google has a list of all these private e-mail addresses.

I urge you to read:


Developed by: UW Center for Game Science, UW Institute for Protein Design, Northeastern University, Vanderbilt University Meiler Lab, UC Davis
Supported by: DARPA, NSF, NIH, HHMI, Amazon, Microsoft, Adobe, RosettaCommons