Note, I sent this email on January 24, 2018 to everyone subscribed to our site, but still got some questions about this so I'm reposting here. – Jeff
Yesterday, we had our first incident where someone registered at SocialHIker.net solely for the purpose of sending an unsolicited, unwanted and (very likely) untrue private message to other members.
Thankfully, many of you alerted me to the issue (thank you!) and we were able to delete the offending user fairly quickly. Here's what happened, and what we are doing to make sure it doesn't happen again.
A spammer registered for SocialHiker.net. Obviously we had no way of knowing they were a spammer, but that is clearly what they were. They did not hack our site, or access any private information. In fact, we never see nor store your credit card information (that's all handled by our credit card processor, Stripe).
What they did is use the built-in private messaging functionality that lets members send private messages to each other. When you get a private message, you'll see a notification when you login to the website, but you'll also get an automated email notification with the text of the message. This is what alarmed most people — the automated email “looks” like an official SocialHiker.net email, but it's just a notice of the private message that another member sent you.
The offending user (“Moureen Max”) sent a message with a plea for money for an orphanage in Australia. DO NOT SEND HER MONEY. We have deleted “Moureen” but you may still see a private message in your inbox on the site from a “deleted user”. You can delete the message or ignore.
The Good News
On the bright side, it forced us to take a look at our private message system and tighten things up to give YOU more control. I didn't expect spammers to sign up and misuse the system, but it happened. Here's what we've done to give you control.
First, we made a change to the private message system so that by default, only your friends can send you private messages. If you haven't added anyone on the site as a friend, you won't get any private messages, with exception of our site admin (i.e. me).
Second, you can configure who can send you messages yourself via your profile. Here's a screenshot showing you how to get to those settings. You can even block specific members.
This isn't 100% foolproof, but it should do a pretty good job. And if you see another suspicious message, thanks in advance for letting me know.
Thanks again for being part of the SocialHiker community.