Spam using Plone sites

I'm not sure what the portal_memberdata directory on a site using the Plone CMS usually does, but one spammer is currently using it in a massive spam campaign. This seems to be an issue in Plone that has since been fixed, so all those sites have probably not been updated yet and he's simply abusing them. At least I would hope that, for example, the University of Toronto hasn't decided to start spamming the world for "cash strapped teens"[sic!].

In other words: Another case of Keep your scripts up to date!

Interestingly enough, I couldn't find a working link. I've only tried a few, admittedly, but they all gave an error message about not being able to find the file in question. Since I don't believe that all those dozens of sites from literally all over the world have now suddenly updated their sites, I wonder if the spammer made a mistake. It wouldn't be the first time that someone was spamming for broken links ...