(unsure where to post this one properly, mods please move to the most appropriate location.)
Here's an example of how not to deal with security breaches with an online forum. I've told one forum they have a security problem and their reaction was to permaban me.
I use specific and separate email addresses for each web forum I sign up to. This allows me to segregate my email, and a side effect is that I get to see when a third party gets access to the email address.
Sometimes it's because the forum owners have sold the email list. Most often though it's an indication that the forum has had a security breach and the details of the users has been leaked to third parties. Selling the lists doesn't happen that much anymore, but happened a few times with my college email address back over a decade ago. Third parties that take advantage of security vulnerabilities to get the email list often get other useful information such as passwords or hashes of passwords, which could allow access to other accounts that the users have access to, if they use the same username and password across many web forums. It's bad practice but most people don't understand why it's bad.
I signed up to astronomyforum.net back in 2009, but I wasn't an active member as I spend too much time on here, and on CN, and on Stargazers Lounge. This morning I started receiving spam mails being sent to the email address that I used to sign up to the astronomyforum.net forums. So like any good net citizen I posted up on that forum warning them that it appeared that their user's email list was leaked to a third party. My posting was not the only posting noting that the forum-specific emails were being used to spam the users.
The moderators choice of how to deal with this? Permanent banning.
"You have been banned for the following reason:
supposed email problems
Date the ban will be lifted: Never"
Way to go to show that they support their users, if they ban anyone trying to help them to see that there is an issue. Personally, I'm not that bothered as I was a lurker on the site, but I think that a lot of people could be affected.
So, if you have an account on astronomyforum.net *please* go and change your password, and if you use that password on any other web forums, change those too. Please pass the message on in case others do not know that the user database has most likely been breached.