Exactly my question! It looks like the scam is a little more involved than just having attained an email list of users. Either they attained the "email list" && found a way to counterfeit the metadata || they accessed the DNS directly ---> right?
We understand your concern. Based on our investigation so far, this is the same person who got the list several years ago. No players with accounts under 2 years old have reported the email. We have been checking vigilantly and will let you know if/when more information develops.