plover writes:
Some Ars Technica members received phishing attempts purporting to be from SunTrust this morning. Here's the posting on the Ars forum explaining what happened.
It seems that many users received phishing attempts to Ars only email addresses this morning. We're working on it and will update this post when we find something out.
We believe that our previous forum provider has some exploit that allows people to send messages to private email addresses through their servers. Every report we've seen has originated at one of their web front ends. If we are correct, your email addresses have not been compromised. It's obviously pretty bad to be getting phishing attempts forwarded through someone else, but not quite as bad as if an email DB had been jacked or something.
We have emails out to them. There's a chance we won't hear back for a couple of hours since they're on pacific time, but we're doing what we can.
That's got to be one stupid phisherman to try phishing from the members of Ars Technica.