Attack Report: SPAM emails (June 04, 2022)
Today, after we released the new version of Vemto, we realized that we had suffered a recent attack on our registration page, which, due to a bug, was not working properly with Throttle (to prevent multiple users from being registered in sequence).
Because of this, thousands of SPAM emails were sent through our email firstname.lastname@example.org
If you have received one of these emails, please ignore them.
The title of the email is "Vemto now supports Nova 4 🔥" and the content is similar to the image below, but may contain meaningless names, links and phrases in the welcome message.
If the email you received contains any links other than the common Vemto download button, DO NOT CLICK ON IT!
If the message is exactly like the image below, with only your name, version description, and the "Download latest version" button, IT IS SECURE and you can click on it without problems.
We have already taken steps to prevent this from happening again:
- We've tightened the validation so it doesn't allow usernames with links
- We fixed the bug in Throttle so that the registration page can be accessed a maximum of 5 times per minute
- Added Anti-SPAM validation
- We sent emails to everyone who received the wrong emails
- We deleted the emails from the attack from our database
Thank you for your understanding and we will be happy to answer any questions you may have.