I also received the above spoofed email...and another, worded as follows:
Dear Mt.Gox user,
Our database has been compromised, including your email. We are working on a
quick resolution and to begin with, your password has been disabled as a
security measure (and you will need to reset it to login again on Mt.Gox).
If you were using the same password on Mt.Gox and other places (email, etc),
you should change this password as soon as possible.
For more details, please see this:
The informations there will be updated as our investigation progresses.
Please accept our apologies for the troubles caused, and be certain we will do
everything we can to keep the funds entrusted with us as secure as possible.
The leaked data includes the following:
- Account number
- Account login
- Email address
- Encrypted password
While the password is encrypted, it is possible to bruteforce most passwords
with time, and it is likely bad people are working on this right now.
Any unauthorized access done to any account you own (email, mtgox, etc) should
be reported to the appropriate authorities in your country.
The Mt.Gox team
The link in the email has been sanitized. It leads to a PHP script of somekind.
Obviously, everyone knows better than to click links in emails, right?
And hey, let's be careful out there.