1
To my surprise, I have received spam to an email address which I exclusively used with a mining pool that seems to be generally considered trustworthy and reliable.
The spam is bitcoin related and contains this text:
INVOICE #099425655
STATUS: Unpaid
GENERATE ON: 02/16/2015
(link text) hxxps://account.[censored].net/?invoice=ST-231550-[random looking characters]-passport.[censored].net
(actual link target) hxxp://russiancloud.esy.es/[censored].jar
Given that the email address I used to sign up to the pool is, with very high certaincy, globally unique and not easily generateable, it would appear the pool indeed leaked some user data.
However, googling for "[name of pool] leak" gave no related results at all.
How should I continue?
I'm not sure this problem is specific to Bitcoin and you might be able to find similar topics on security.stackexchange.com.
– Murch – 2016-07-27T06:15:10.217@Murch Yes, doubtlessly, there are similar topics on security SE - I was hoping for an answer more particular to the case, as it seems to me like the bitcoin ecosystem has its own dynamics consideration of which can improve the answer. I'm not sure, maybe that's not right. If the question is to be moved, it will probably be closed as a duplicate right away instead. – mafu – 2016-07-27T07:38:11.073
mafu: You could always try shaming the pool on reddit. Topics like that do get some following. – Murch – 2016-07-27T15:55:35.170