ShowZ/Gundamit - Possible Customer Email Address Leak?

[PrimalxConvoy]

I wanted to know if it's a good idea to share the following warning/message at this site. Please could you let me know and/or help me to implement it in the best way (if you think it's important)? Thanks in advance.

Message is in quotation tags.

Dear fellow collectors,

Firstly, I'm very sorry to bring the following subject up and I'm not sure if I've overreacted by writing this. If I have, then PLEASE let me know.

I just got a (possibly unsolicited) email, supposedly from ShowZ/Gundamit, asking me to follow a link to sign-in and get free points.

The email sent to me contained a long list of other people's email addresses and/or associated names in the "To" field of the email. These email addresses might possibly belong to customers/users of the Gundamit/ShowZ websites and/or associated services, sites, etc.

I've included an edited copy of a screenshot of part of the email, plus an edited screenshot of the full list of email addresses/associated names too. In both cases, the internet domain/email service (e.g., "gmailDØTcóm", etc) have been removed as due diligence. However, the full email addresses were included in the email sent to me.

Please feel free to check the supplied edited screenshots and take and necessary security precautions or actions as you deem appropriate.

I hope this is useful for you all. My apologies for any negative feelings or stress that this might cause, especially if this isn't an issue. For me, I'm rather worried that security relating to my email address is at risk and I'm worried other people's might be too.

Regards,

Primal.

 

[CoffeeHorse]

This definitely looks sketchy. I would not advise clicking the login link, but I'm curious what the link looks like.

I checked their site and it looks like the free points are real. Apparently this is an annual thing they do. The email is weird though.

 

[PrimalxConvoy]

This definitely looks sketchy. I would not advise clicking the login link, but I'm curious what the link looks like.

I checked their site and it looks like the free points are real. Apparently this is an annual thing they do. The email is weird though.

It wasn't the promotion. Prior to this, they sent me an email recently, asking me to write reviews for their KO Lego sets and that they would give me extra points after they checked the reviews. This was on top of the usual points given for anyone posting comments or reviews at the site. It seemed like "payment for good reviews" so I told them to stop sending me emails like this.

My main concern is that they included the email addresses of seemingly all their customers in the email. Instead of using a "CC", they added everyone via the "to" section. This means that I (and potentially anyone else that received the email) now have the email addresses and/or associated names of customers who use ShowZ or Gundamit.

That's sketchy, right?

 

[PrimalxConvoy]

I received two emails from ShowZ/Gundamit regarding this.

So yes, this does seem to be an error on their part, and customer email addresses were leaked.

Should we alert the Allspark's community about this?

 

[CoffeeHorse]

Maybe. I'm not sure there's anything affected customers actually need to do about this, as it's not passwords or credit card information.

 

[PrimalxConvoy]

Maybe. I'm not sure there's anything affected customers actually need to do about this, as it's not passwords or credit card information.

Some of the email addresses seem to have associated names and/or addressees can be harvested for spam mail, identify theft, etc later. I wasn't happy that my email address was possibly shared with other people and I thought it would be useful that other customers are aware of this issue too.