Fwiw, the heads up was here:
<https://mailarchive.ietf.org/arch/msg/ietf-announce/8M1CJw_XwuAOAfxSAbeINSyBjTs>
RjS
On 9/26/18 10:21 AM, tom petch wrote:
----- Original Message -----
Sent: Wednesday, September 26, 2018 2:34 PM
Hi Tom,
On 2018-09-26 13:47, Alexey Melnikov wrote:
Hi Tom,
On 26/09/2018 12:22, tom petch wrote:
Mmmm
I got an e-mail with this subject line, from the IETF Secretariat,
the
first in three years from them, saying that my personal information
would be deleted unless I gave consent to its ongoing use. The sort
of
e-mail used in phishing attacks. I would have expected there to be
some
announcement about this beforehand but ....
(I did get an e-mail about GPDR but that was four months ago, from
the
IETF Administrative Director, and made no mention of me being called
on
to do anything; other organisations did call on me to act, and to act
immediately).
See email with subject "Heads-up Regarding GDPR Consent Request
Emails"
on September 20th.
Note, this went out on ietf-announce; not on this list.
<tp>
Henrik
Thank you for the follow-up. I am subscribed to the ietf-announce list
but have no recollection of seeing such an e-mail. I do receive all
e-mail on that list and filer them into three folders but can see no
sign in any of them; and given that I am in Europe, references to GDPR
catch my eye. So, puzzlement remains except that my ESP has an
aggressive view of spam and tells me that its policy is confidential - I
find, for example, that it will expunge any e-mail I send that makes
reference to the 'IGP that is not OSPF', now serviced by the lsr working
group so aggressive filtering is my best explanation to date.
I think, too, that I was surprised to see what the datatracker held on
me; not much, nothing I would regard as risky, but I probably would not
have guessed that such information was being held. One up for GDPR:-)
Tom Petch
So I clicked on the link, entered userid and password to get a
message
that there had been a password leak and that I must reset my
password.
Mmm even more like a phishing attack
So I request a password reset, get an e-mail with a link, click on it
and enter a userid and a new password.
Anyone else been similarly 'targetted'?
I believe this is a legitimately sent email.
It is. In any case, if you're even slightly doubtful, just manually go
to the IETF datatracker, log in, look over your information, etc.
On the surface, it looks allright, but it seems poor security
practice
for this to come out of the blue, encouraging us to get into bad
habits.
I would agree. We did try, by sending out the heads-up, though ,:-}
Henrik
