Not the SR page. I was talking about the forum. Since at least one person mentioned that their online status is disabled and they got the messages, this must have been a more sophisticated attack. The scammer may have crawled all profiles and looked for people who had logged in in the last day, or 3 days. It makes no sense to target people who haven't been around for a while. Also, unless there's a bug in SR that exposed account names, he would have to get the names from the forum. I don't know, maybe 80% of users have the same name on both accounts, so it wasn't that hard once he found the recently active ones. It's all guesswork, anyway.