That was my immediate reaction upon seeing it as well, although in this case I noticed that it was sent to me+scribd@example.com, which was indeed the mail that I signed up with. Whilst it's mostly useful for filtering/labelling or figuring out which company sold you to a spam list, it's quite useful in this case as a basic 'yep, not just a scattershot phishing attempt' indicator.
Not foolproof, of course; the people who stole hashes & emails would be the obvious choice to attempt a quick phish, and they now have all the account emails. I wonder if I'll see an uptick in spam...
hehe, same here. My email address was completely randomized, and only used for scribd too (something like f9xl203js@mydomain.com), so I was very sure it was either scribd, or it fell into the wrong hands. When the email ends up in the spam folder and mark as potential phishing as well - my gut feeling was therefore that my email was indeed leaked.
The irony is that the email itself was generated by scribd itself, and not by any spammers.
Not foolproof, of course; the people who stole hashes & emails would be the obvious choice to attempt a quick phish, and they now have all the account emails. I wonder if I'll see an uptick in spam...