Urgent: Spambot abuses P2PU, floods my learning circle and inbox

Ben_Companjen · July 2, 2021, 12:22pm

All of a sudden, I receive hundreds of obviously fake signups for my learning circle. I was hoping for a few more real people to sign up even after the first session, but this is not what I wanted. To prevent more fake signups, I closed the signup.

This issue is getting worse by the minute, because the automatic welcome messages include stolen email addresses and my email address. Automatic replies are now starting to come into my inbox.

Please stop sending out welcome messages right now!
Next, please implement a signup filter to prevent the use of P2PU as spam distribution, because this is going to hurt the organisation and facilitators.

Ben_Companjen · July 2, 2021, 12:43pm

Over 2000 “Welcome to your learning circle” messages have been sent in just a few minutes. That should not be allowed, especially when the name used to sign up is the same “HOT OLGA WANTS TO MEET YOU” followed by a URL. This stresses me out, because my name and email address are in the email – people have started responding to me already.

Ben_Companjen · July 2, 2021, 2:05pm

Given that 29 learning circles are still open for sign-up, possibly having the same issues, I felt I had to report the issue to Mailgun’s abuse address hoping that they can temporarily stop the flood of emails.

Between 13:51h and 14:07h CEST I received 2871 emails. So far I received 22 replies, mostly auto-replies, but some ‘learners’ are of course frustrated.

dirk · July 2, 2021, 2:22pm

Hi Ben,

Sorry for that horrible experience (and sorry to all the people who got volunteered for your learning circle).

I saw the activity and suspended the account + deleted the learning circle, so no more emails will be going out on your behalf. I’m currently investigating the issue and considering how to mitigate this issue.

I’ll be in contact.

Becky_Margraf · July 8, 2021, 9:50am

This issue has been now privately resolved via email.

The long and short of it: last Friday, we were subject to a spambot attack that used contact information unrelated to P2PU to register thousands of new accounts as well as participants to one learning circle. One P2PU facilitator was impacted, exposing his email address, but no other P2PU user data was compromised. We have now implemented multiple backstops to prevent automated spam attacks in the future.

Here is our incident report for anyone wanting more details about what happened and the actions we’ve taken to avoid it happening again.

Becky_Margraf · July 8, 2021, 9:51am

@Ben_Companjen Our absolute sincerest apologies to you for having to deal with the brunt of this random and unprecedented event!