I have a user database with over 21000 id's. The users can post ads on the system. When a visitor views the ads PHP/MySQL displays the product information from table_product and contact information from table_users. There have been over 14,000 product listings in the past year. Just recently, one of the users who has never posted an ad complained that he was getting calls about product. I looked up the specific ad and saw user_1's name and phone number but a user_2's email address. It turns out user_2 has 18 ads. User_2's table_user information shows user_1's name and phone number. The system is completely automated.
I did recently discover that my unique email address routine was not working properly so I do have multiple user's having the same email address. It is likely that users can have the same telephone number. In table_users; name, emailaddress, area code, and phone number are four different columns. user_id is auto_increment unique.
Coincidently the ads were all added Feb 10. Both users logged in March 10 (yesterday). The day the "problem" was reported.
I am not sure if this is some kind of hack or deliberate spoof of user_1's name and phone number, or the beginning of a serious data corruption event.
Thanks for any thoughts or ideas.
TCP
