Huge security breach by russian hackers make me think this is a phishing scam, is it from Windows F?

[Astrix]

Last week it was on a few news sites and I saw it on CCN that russians hacked many big sites, but none where named, Apparently there were major companies hit.

I have in the last few weeks had a big increase on numerous of my emails getting spammed so I can see a few must of got hit.

I got an email claiming to be from Windows forum, and that i to reply in order to see which emails bounce, I instantly though this was a phishing scam as they the hackers would have all this info if your site was hit.

Below is part of the email. Can I get a mod to speak on the authenticity of this please.

Subject: E-mail Bounce Detection

"Sorry to disturb you, Astrix. This e-mail is being sent to all Windows Forums (http://windowsforum.com) members to determine which e-mails bounce on deliver. For security reasons, these accounts will be required to re-authenticate their e-mail address, using our new e-mail authentication protocol. If you've received this message, you are currently registered. #####@me.com, user ID ######

To find out more about the changes taking place in our community, we encourage you to join us!

Looking to start a topic or get help your PC? One of our new features allows you to immediately find similar threads when you read a forum page on our website or begin to start your own.

A quick-run through of some new features can be found at: Link Removed

Have an Apple iPhone or tablet? We understand that you may use Apple devices and still need technical support when your Windows-based PC goes down. And we fought hard to make sure this app is always free and available. Take us on the go, with our latest updated app, published to the iTunes Store today, at Link Removed

Android and Kindle users can find our updated mobile app on the Google Play store and Kindle store.

Now that you've received this e-mail, your address continues to be verified and account is in good condition. Thanks for reading, and thank you for participating in our online community.

Kind regards,
Windows Forum Team

~~
Why did I get this e-mail? You have opted-in.
To stop receiving e-mail alerts from WindowsForum.com:

1. Sign in on windowsforum.com at Link Removed
2. Uncheck the box "Receive Site Mailings" to disable website e-mails.
3. Click on "Save Changes"
4. Expect the change to take place immediately.

Please note: We do not send out frequent e-mails, and we do not share your e-mail address with third parties. WindowsForum.com is an independent online community and is not affiliated, endorsed, sponsored, or owned by Microsoft Corporation, nor does it hold a claim on the company's trademarked and copyrighted works."

 

[Mike]

It is a legitimate e-mail and it has nothing to do with the Russians. It is from us, here at the forums. Particularly, we are testing some new code. Remember: We will never ask you for your username or password information in any correspondence.

 

[Astrix]

Ok that settles that, on the matter of that large hack that recently happened, have you heard anything or what was compromised. I haven't heard from any one company about security breaches.

 

[Astrix]

Just found this on BBC.com Source http://www.bbc.com/news/technology-28654613

"A Russian group has hacked 1.2 billion usernames and passwords belonging to more than 500 million email addresses, according to Hold Security - a US firm specialising in discovering breaches.

Hold Security described the hack as the "largest data breach known to date".

It claimed the stolen information came from more than 420,000 websites, including "many leaders in virtually all industries across the world".

Hold Security did not give details of the companies affected by the hack."

 

[Astrix]

Jesus anything important passwords to it must be immediately changed.

 

[Mike]

No compromise to our database has taken place. If that happened, we would be the first to mandatory reset all passwords. I suspect it is a lot of large corporations with a lot of information to be gleamed. With that being said, what that e-mail was about, was just identifying bounce back emails to determine if the e-mail address is still valid, so we could put a hold on the account. A lot of those accounts with fake e-mail addresses are related to spam.

But in that leak of passwords you are describing, that looks like a targeted attack of multiple multinational corporations. That is not something to shun away at. If is confirmed that many passwords were stolen, large companies, like financial institutions, or big retail stores, are not going to tell their customers, this time, like when it happened to Target. They will look to mitigate their responsibility. Often times, they are the victim of zero day exploits and stuff that should not be accessible online to begin with - like internal databases of customer information. In many cases in the past, these have been revealed to not even be encrypted, due to laziness. That is unbelievable, but that is the reality in security today. A lot of websites powered by a huge network of servers are still using out of date software and hardware, including old versions of Apache with known security issues, SQL servers that have open ports, and so on. Without this, many bot nets would not even exist.

 

[Astrix]

Ok I got it you guys are seeing what bounces.
On my mac I could bounce spam from in the Apple Mail app, is there a way to do it on Windows? I use eM Client, is there any software to do this and to hopefully cut down the amount of spam.

 

[Astrix]

I use 1password on my PC and iphone and it's pretty easy to change passwords automatically with the contextual menu and 1password extension on chrome. Right click on the mouse select 1password generate password and it fills both fields for you as you need to do it twice, then asks if you want to update your saved login. Best app ever! It was on sale because of the breach as well.

 

[Mike]

The best way to deal with spam these days is blackhole it and not bounce it. This means no replies at all. Most of the commercial spam is not even looking at if the e-mail bounces or not. They blackhole your bounced response.