so, name and email - could be used for gathering further information and correlating more user info across various sites - that in turn can lead to potential password resets of accounts.

I wonder if it is time to use email address randomisation as well as a password utility

That's actually what I've been doing for a while now... though it began more as an anti-spam measure. (I give each site an e-mail alias which can be revoked like an API key if it leaks and, because they're all unique, I can tell exactly who got compromised.)

I still haven't changed my password from last time...

vBulletin...

Sounds pretty bad on the surface, but if they're not lying about the passwords and were able to protect them by keeping them in a separate table and/or hashed with salts (pure hashes have been unsafe for years thanks to rainbow tables and GPU crackers) then it's not that big of a deal.

They use proprietary forum software instead of free open source forum software.

Then they get hacked. They should use free open source software and keep it updated.

I for one are running into alias limitations in Google Apps. Right now, I have 30 email aliases that do not have a plus. None of my aliases get spam except "gp" and I tend to delete it by the end of the year. If I try to add another alias, I get "this user already has the maximum number of aliases" and I'm stuck with that limit

I do NOT want spammers to figure out that they can take out the plus with the alias and figure out that I have a real email address. In Postfix in Zarafa server, I could specify a lot of aliases in /etc/aliases but I don't know what' the hard limit before I switch over to Google Apps for Work as my personal Google Apps account. I'm sure there are a lot of enthusiasts who have a personal domain name like I do.

Well anyway, I have not been using Ubuntu Forums for a long time now. I am running Arch Linux and Ubuntu Server and have not had any problems at all.

Update: I found an answer: https://productforums.google.com/for...ps/RHTzuOzlSPA

It's ten times the number of user accounts, so that makes it three users, which does not make sense. I use aliases as a means of anti-spam measure and I do not want to switch away from Google Apps for Work as I like to keep things centralized and that I have already invested in Google ecosystem.

You've been wondering all alone, I presume, Mr "Nomad".

Considering the volume of forum members they have, I bet there would be a greater chance of getting security issues fixed. At least if it was open source the forum members themselves would feel a sense of responsibility to fix it. But who is responsible in this case?

In that case Red Hat, Debian and CentOS users who run even older packages are doomed.