john_kale

I got the email. Both of the links in it point to "PhotoNet_Membeship_Premium_Info_Html.zip" which contains some obfuscated JavaScript. It really just looks like an amateurish attempt to get people to click on those links and run the scripts. Deceptive, crummy, and probably criminal, but also petty, inept, unambitious, and not necessarily very dangerous. A properly set up password system doesn't store the actual passwords at all. There's little or no reason to think anyone's password has been compromised. What's apparently been accessed is the info in your profile. Your email address matched up with your name and whatever else you've got in there. The greatest danger would come if 1) you've got a common or weak password here on photo.net that could be reverse-hashed and 2) you use that same password someplace else, someplace important, someplace guessable from your profile info. Even in that case, the danger isn't here, the danger is at that other site. For example, if you use the same password at photo.net and Facebook, and your Facebook is conveniently linked from your profile, the important danger is to your Facebook account, and it's your Facebook password you most need to change. The staff at photo.net should figure out how this happened and try to prevent it from happening again, sure. But with so many websites in the world, breaches like this are inevitable. It's a rotten situation, but it's almost always a waste of energy to get into high dudgeon at any one little site operator. Most of them are doing the best they can with the resources they have, and all of them are only human. These kinds of breaches have been happening for years, they will continue to happen in the future. Use a different password on every site, don't put excessive detail in your profile.