14 {{ upvoteCount | shortNum }}
14 {{ upvoteCount | shortNum }}

So, now icontact got compromised as well?

by RobJones
12 replies
UPDATE: As outlined in one of my posts below the problems seems to be with the icontact system only.
So, Infusionsoft is NOT compromised.
================

Well, I've got evidence that (after aweber: http://www.warriorforum.com/main-int...mpromised.html )
now icontact and Infusionsoft got compromised too.

So far only one email address used in the Infusionsoft system, but still.
Other recently compromised email addresses were used for icontact forms.

But the funny thing is:
While emails sent by icontact's system have a "manage your subscription" link (i.e. allow to change the email address) the only option with the Infusionsoft system is to unsubscribe...
#compromised #icontact #infusionsoft
  • Profile picture of the author RobJones
    >> got compromised too

    By that I mean that unique email addresses (created specifically for each of the opt-in forms) have been exposed to spammers (who are very happy to get quality email addresses and will therefore spam these emails to death).
    {{ DiscussionBoard.errors[1678892].message }}
  • Profile picture of the author RobJones
    Correction!
    At least one email that is used in the icontact system has been *originally entered* into an Aweber form!

    Checking the code of other forms now...
    {{ DiscussionBoard.errors[1678916].message }}
  • Profile picture of the author Neil Morgan
    I was just reading a blog post at iContact about that.

    iContact - Email Marketing Simplified - The iContact Blog

    Cheers,

    Neil
    Signature

    Easy email marketing automation without moving your lists.

    {{ DiscussionBoard.errors[1678964].message }}
  • Profile picture of the author RobJones
    Yes, so far I could only find *one* email address that has been *originally entered* into an Aweber form and later the marketer used the icontact system to actually send emails.
    Other compromised emails have been originally entered into icontact forms.

    And regarding Infusionsoft: I entered the compromised email on the infusionsoft.com website directly. So, logically it was an infusionsoft form.
    {{ DiscussionBoard.errors[1679000].message }}
    • Profile picture of the author JVManna
      Thanks for sharing this with the community. At Infusionsoft, we take security very seriously and openly welcome anyone to contact us regardless of their relationship to us.

      We have not received any reports of any alleged compromise. We regularly perform third-party penetration testing on all of our facilities (at all hours of the day) and have passed all the time. The security audit firm is highly regarded in the PCI-DSS industry and they are always trying unique attack vectors to ensure our systems -- and customers -- are safe. We are certified PCI-Compliant and you can view our certificate at http://www.infusionsoft.com/images/s...tificate09.pdf (PDF).

      Again, we have had zero reports aside from this one elevated in the forum. Likewise, if we receive a report of a suspected compromise we will thoroughly investigate it and let you as well as all our customers know about promptly.

      The only plausible (meaning MythBuster's kind of "plausible") theory I have is if a customer had co-registered your email between Aweber and Infusionsoft without your knowledge or consent. In light of the recent Aweber compromise, this may be the only supporting theory based on fact that could have led to your email address possibly getting into the hands of spammers.

      That said, we still have an open mind and are very conscious to the importance and risks in security. Please do not hesitate to forward any reports of security issues to us. For the sake of simplicity, please email these reports to community@infusionsoft.com. I receive and check my email at all hours of the day and night and will be happily in touch with the right people to investigate.

      The Infusionsoft Status - Currently Known Issues and Resolutions site is a great place to check our current status on known issues impacting all users. Again, as I stated earlier, there is no evidence giving any validity to these claims. For those who know me or our company, we are incredibly transparent on our Twitter, Facebook and Blog and I post any issues we become aware of them.

      Thanks again and let me know if I can be of any help.

      ~joe
      {{ DiscussionBoard.errors[1679642].message }}
      • Profile picture of the author RobJones
        Originally Posted by JVManna View Post

        we have had zero reports aside from this one
        This happened just recently (1-2 days ago).
        So, I'm sure there will more reports soon.

        So far only one of my unique email addresses that I used for opt-ins
        got compromised in the Infusionsoft system.
        But this could be because I'm just on 2 or 3 infusionsoft managed lists.
        As mentioned above I used the compromised email to get on Infusionsoft's own list!
        The email address was used exclusively for that one opt-in.
        So, that's pretty hard evidence.

        Or had Infusionsoft "co-registered" my email "between Aweber and Infusionsoft" without my knowledge or consent?
        {{ DiscussionBoard.errors[1679711].message }}
        • Profile picture of the author JVManna
          Rob,

          Please contact me to discuss this. We will look into it - but I need to have some data to look at.

          My number is 480-389-5859.

          Thanks,
          Joe
          {{ DiscussionBoard.errors[1679727].message }}
  • Profile picture of the author RobJones
    @JVManna
    I apologize!
    I've just double checked and for some stupid reason I used that special email not only for opting in to an Infusionsoft list but also to an icontact list!
    (I normally use one unique email for each opt-in)

    So, most likely the email has been compromised in the icontact system and not in the Infusionsoft system.
    (because almost all emails used for icontact lists are compromised)

    So, again, I apologize! It looks like only icontact is to blame in this case.
    {{ DiscussionBoard.errors[1679775].message }}
    • Profile picture of the author JVManna
      Rob,

      No problem. It's a relief to hear that we don't have a security issue. I would probably recommend getting in contact with iContact to report the data you have so they can investigate and properly address it. Their phone number is (877) 968-3996.

      I hope this helps. Also, as to not alarm people unnecessarily could you or a moderator here update the thread title?

      Thanks,
      Joe
      {{ DiscussionBoard.errors[1679842].message }}
  • Profile picture of the author Dexx
    Might want to edit your post title then =)
    {{ DiscussionBoard.errors[1679781].message }}
  • Profile picture of the author DogScout
    I like the title as it is
    Signature
    {{ DiscussionBoard.errors[1679830].message }}
  • Profile picture of the author RobJones
    Hi, I changed the title and added an update to the first post.
    {{ DiscussionBoard.errors[1680089].message }}

Trending Topics