Have AWeber Been Compromised Again???

126 replies
Let me start off by saying that I'm a massive fan
of AWeber and recommend them highly to others.

However...

It seems that their systems may have been compromised
again.

You may remember the previous AWeber compromise
back in December 2009 when subscriber data was
accessed by spammers.

Here's the Warrior Thread from that time:

http://www.warriorforum.com/main-int...mpromised.html

And here was AWeber's response back then:

How We’ve Addressed The Recent Data Compromise

Since that time, I've been hyper-paranoid about
giving out my e-mails to any lists I join - regardless
of what autoresponder service provider is used.

If I sign-up for a list, I always create a unique
e-mail address for the particular list that I only
use to subscribe to that list.

For example, if I join Joe Blogs newsletter, I'll
create a unique e-mail address of joeblogs@example.com
in my cpanel and then subscribe with that.

Well, this morning, I've been inundated with spam
to e-mail addresses that I have only used to join
lists managed by AWeber or AWeber Private Labels.

Some of these e-mail addresses were only created
in the past month and have only been used with
AWeber or AWeber Private Label managed lists.

Here's the typical subject lines of the spam:

Your Federal Tax Payment ID 0103574805 is rejected. Urgent Report.
We Decline Your Federal Tax Payment ID: 0103761189.
Your Federal Tax Payment has been rejetced in system.


And the supposed sender e-mails end in @eftps.gov

Again, these are only being received to e-mail
addresses uniquely created and housed within
AWeber and AWeber Private Label servers.

Anyone else experiencing this too?

P.S. My sites are well protected and I use passwords
with at least 14 characters generated by RoboForm
so I don't think it's my systems.

The reason I think it's AWeber is because only the
unique e-mail addresses created specifically for the
AWeber managed lists are receiving spam.

I'm open to being wrong which is why I'm asking the
question if AWeber have been compromised again.

Dedicated to your success,

Shaun
#aweber #compromised
  • Profile picture of the author Alfred Shelver
    Oh no... It seem to be a reason for the warning given in this thread http://www.warriorforum.com/main-int...ml#post2739893
    {{ DiscussionBoard.errors[2739908].message }}
    • Profile picture of the author Shaun OReilly
      I've just done some deeper research into the 32 e-mail
      addresses suddenly receiving spam, and here's what I've
      found:

      All 32 of the e-mail addresses are housed within AWeber
      or their Private Labels.

      26 of the e-mail addresses are unique and were only used
      to subscribe to the AWeber managed lists.

      The other 6 e-mail addresses are housed within AWeber
      and have also been used elsewhere.

      Anyone else finding this too?

      Dedicated to your success,

      Shaun
      Signature

      .

      {{ DiscussionBoard.errors[2740026].message }}
  • Profile picture of the author globalpro
    Hmm, let's see.

    I have an email address from an obscure domain that I only use for testing a sales process that includes only Aweber as the AR service, and now (today) I get this specific spam email multiple times...

    Yes, it looks like the 'think tank' has let it happen again.

    Very distressing.

    Thanks,

    John
    {{ DiscussionBoard.errors[2740010].message }}
  • Profile picture of the author globalpro
    Shaun,

    I didn't have to look that far. The address I am getting that specific spam mail to is ONLY used for testing a sales process that is using Aweber as part of it. Not used anywhere else. I set up the address just for this purpose, so yes, I think you are on to something. And, it just started this morning.

    At least I can dump mine and set up another one.

    Thanks,

    John
    {{ DiscussionBoard.errors[2740077].message }}
    • Profile picture of the author Shaun OReilly
      Originally Posted by globalpro View Post

      Shaun,

      I didn't have to look that far. The address I am getting that specific spam mail to is ONLY used for testing a sales process that is using Aweber as part of it. Not used anywhere else. I set up the address just for this purpose, so yes, I think you are on to something. And, it just started this morning.

      At least I can dump mine and set up another one.

      Thanks,

      John
      Same here.

      I create a unique e-mail address each time and then
      forward it to GMail. Fortunately, GMail is filtering all
      of these e-mails into spam.

      But the audit track is there because unique e-mail
      addresses have been used.

      I've sent a support ticket into AWeber alerting them
      of the findings.

      Dedicated to your success,

      Shaun
      Signature

      .

      {{ DiscussionBoard.errors[2740098].message }}
  • Profile picture of the author Joshua Bretag
    Hey Shaun

    Yep I just sent out a warning email to all my subscribers. I am pretty sure that aweber has been hit again and whoever did it must of been really good! Because aweber have some pretty tight security from all regards according to a ethical hacker blog that I read often. How bad has it hit you Shaun?

    Josh

    The Crazy Email Professor
    Signature
    Blueprint Solutions - Looking For People to Resell our Services, Clients pay double the price to our resellers.
    {{ DiscussionBoard.errors[2740086].message }}
    • Profile picture of the author Shaun OReilly
      Originally Posted by Joshua Bretag View Post

      Hey Shaun

      Yep I just sent out a warning email to all my subscribers. I am pretty sure that aweber has been hit again and whoever did it must of been really good! Because aweber have some pretty tight security from all regards according to a ethical hacker blog that I read often. How bad has it hit you Shaun?

      Josh

      The Crazy Email Professor
      Because I use unique e-mail addresses for each new
      subscription, I can simply delete the unique e-mail
      address and then create a new unique address that
      forwards to my main address. Or, just let GMail filter
      them into spam.

      However, my main concern is for my own subscribers for
      lists that are housed within AWeber as many people use
      their main e-mail address for many subscriptions.

      I don't know how widespread the compromise is as of yet.
      Hopefully it's only a small percentage of AWeber lists and
      list owners that are affected.

      Dedidcated to your success,

      Shaun
      Signature

      .

      {{ DiscussionBoard.errors[2740117].message }}
  • Profile picture of the author Joshua Bretag
    Hey Shaun

    I have sent in a ticket as well and notified my agent there and she said they are getting right on it and looking into it

    Josh
    The Crazy Email Marketing Professor
    Signature
    Blueprint Solutions - Looking For People to Resell our Services, Clients pay double the price to our resellers.
    {{ DiscussionBoard.errors[2740110].message }}
  • Profile picture of the author Fernando Veloso
    Those are really bad news. If this gets confirmed, how can Aweber expect us to trust them?

    This can bring them down.
    Signature
    People make good money selling to the rich. But the rich got rich selling to the masses.
    {{ DiscussionBoard.errors[2740129].message }}
    • Profile picture of the author KarlWarren
      Originally Posted by Fernando Veloso View Post

      Those are really bad news. If this gets confirmed, how can Aweber expect us to trust them?

      This can bring them down.
      Everyone and anyone can get hacked - sadly, it's a fact of life.

      There are things that can be done to prevent it, but, if you're putting your customer's email addresses in the hands of a third party - there is always a risk of a breach.

      In the same way that there's always a risk that the mailman could steal your mail, the checkout girl could swipe your credit card through a cloning machine etc.

      The only way to protect your customer data 100% is not to collect any at all.

      I'm sure Aweber are doing everything they can to ensure their systems are safe - but they can only guard against known exploits, hackers will always develop new exploits.

      Ever heard of a WP site being hacked? Does that mean you'll never use WP again?
      Signature
      eCoverNinja - Sales Page Graphics & Layout Specialist
      {{ DiscussionBoard.errors[2740201].message }}
  • Profile picture of the author Fukuko
    I also use unique email addresses and can confirm that I have just started receiving spam today on about 6 different emails addresses.

    There has certainly been a compromise.
    {{ DiscussionBoard.errors[2740140].message }}
  • Profile picture of the author Joshua Bretag
    Hey Shaun

    Yeah I do know what you mean.

    I have quite a loyal list and they notified me that they have been recieving alot of spam of late as I send out a broadcast about how much spam I recieve daily. I was alarmed when I saw my survey stats come back that in the last week people where getting 20 more spam messages per day. Than the week before, that was my first alarm, the second was my account that now is getting over 100+ spam emails which my VA is having a field day sorting through and finding out exactly which email it came from. As I have a similar system to your own Shaun after the first time aweber got targeted.

    I have sent out some free gifts to my list and notified them of the "Possible" out break of spam and how they can filter it.

    Also I hope you are correct and that it is only a small percentage and hopefully they are targeting the bigger lists as they would have been smart enough to take the precautions we have in case this happened again.

    @Fernando Veloso I doubt this will break aweber as they have been through it before and I am sure they will survive it again. Without out really anyone knowing in the public. The scary fact is that this could happen to any autoresponder company and not just aweber. Because there are so very smart hackers out there, that are unstoppable.

    I would be interested though to see how it does affect the brand.

    Josh

    The Crazy Email Marketing Professor
    Signature
    Blueprint Solutions - Looking For People to Resell our Services, Clients pay double the price to our resellers.
    {{ DiscussionBoard.errors[2740154].message }}
  • Profile picture of the author David Allen
    Not sure it's related but I have noticed lots of Viagra spam this morning to addys that don't normally get spam.

    Used for Aweber sign ups but not uniquely.

    Hope it's not true.

    David
    {{ DiscussionBoard.errors[2740186].message }}
  • Profile picture of the author Steven Wagenheim
    Yes Shaun, getting them too. Whether or not it's Aweber, I have no idea.

    But if it looks like a duck and quacks like a duck...well...you know.

    PS - I love Aweber too but sheesh.
    {{ DiscussionBoard.errors[2740188].message }}
  • Profile picture of the author redfoxseo
    Not again..... This is not good for Aweber.
    Signature

    A great place to get Coupon Inserts

    {{ DiscussionBoard.errors[2740219].message }}
    • Profile picture of the author Paul Myers
      Hmmm... This is odd.

      I haven't gotten any to tagged addresses yet, but I had about 60 of the EFTPS spams, and in the past hour it seems to have all changed to pharma spam. The strange thing is the volume. It's way more copies than one would expect to any single address normally.

      It's coming in now at the rate of about 3 or 4 per minute. All from a botnet. That's NOT normal.


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[2740322].message }}
  • Profile picture of the author winebuddy
    Now that you mention it - something else with aweber...

    For the last week or so my number of optins has dropped off about 25%. All of my subscribers come from PPC ads. The ads are in the same positions, the bids are the same and yet the number of subscribers/day has dropped off 25% to 30% per day.

    I don't know if it's related but could be that ALL of the confirm messages are going to SPAM box now?

    Just a thought...
    Signature
    birminghamshootingrange.comfor sale |"Knowledge is NOT power... ACTION on Knowledge is power"
    {{ DiscussionBoard.errors[2740318].message }}
    • Profile picture of the author entrepreneurjay
      Originally Posted by winebuddy View Post

      Now that you mention it - something else with aweber...

      For the last week or so my number of optins has dropped off about 25%. All of my subscribers come from PPC ads. The ads are in the same positions, the bids are the same and yet the number of subscribers/day has dropped off 25% to 30% per day.

      I don't know if it's related but could be that ALL of the confirm messages are going to SPAM box now?

      Just a thought...
      I have noticed the same thing my opt-ins have dropped slightly also I hope its not related.
      {{ DiscussionBoard.errors[2761797].message }}
  • Profile picture of the author Paul Myers
    Back to EFTPS, and a lot faster than I had thought. Like 45 of the same email in the past minute. This isn't a normal spam run.

    Assuming this does involve a compromise at Aweber, two things seem most likely. It's being done with a badly broken bot or it's a direct attack with them in mind.

    Still nothing to tagged addresses, so I'm not convinced yet.


    Paul
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[2740378].message }}
  • Profile picture of the author Paul Myers
    Folks, do me a favor? If you're getting this stuff to tagged addresses, PM me the URLs where you signed up, or the names of the lists you used the addresses for?

    Got a hunch. It could be wrong, so I don't want to say anything publicly yet.


    Paul
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[2740391].message }}
    • Profile picture of the author pjpawley
      Originally Posted by Paul Myers View Post

      Folks, do me a favor? If you're getting this stuff to tagged addresses, PM me the URLs where you signed up, or the names of the lists you used the addresses for?

      Got a hunch. It could be wrong, so I don't want to say anything publicly yet.
      Paul
      Paul, do you still need this now that we know Aweber did get hacked? I've got a fair few newly-spammed one aweber sub only addresses. I'll sort 'em if it's still useful but won't bother if it's not.
      {{ DiscussionBoard.errors[2746019].message }}
  • Profile picture of the author winebuddy
    I just started getting the pharm emails - about 1 a minute
    Signature
    birminghamshootingrange.comfor sale |"Knowledge is NOT power... ACTION on Knowledge is power"
    {{ DiscussionBoard.errors[2740392].message }}
    • Profile picture of the author Tina Golden
      I'm getting the badly misspelled tax payment delayed emails and lots of Viagra spam to one email that I rarely use to sign up for any lists. I'm scared to go look at the other two that I specifically use to sign up for emails...lol.

      I don't know what the "tagged" means, but on this email, the spam is all addressed to one of my PayPal emails.

      Tina
      Signature
      Discover how to have fabulous, engaging content with
      Fast & Easy Content Creation
      ***Especially if you don't have enough time, money, or just plain HATE writing***
      {{ DiscussionBoard.errors[2740403].message }}
      • Profile picture of the author Shaun OReilly
        Originally Posted by TMG Enterprises View Post

        I'm getting the badly misspelled tax payment delayed emails and lots of Viagra spam to one email that I rarely use to sign up for any lists. I'm scared to go look at the other two that I specifically use to sign up for emails...lol.

        I don't know what the "tagged" means, but on this email, the spam is all addressed to one of my PayPal emails.

        Tina
        Tagged basically means an e-mail address that contains
        an identifier of some form so you can tag it to the original
        source.

        For example, if I joined your list, I'd use tmgenterprises@example.com

        If I was using GMail, I might use example+tmgenterprises@gmail.com

        It's just a good way of tracking the source of e-mails and
        being able to do something afterwards.

        I prefer to create a unique e-mail address on my domain
        so that I can delete it if it receives spam or the list owner
        sells my details on or ignores unsubscribe requests, etc.

        (With GMail, you'd need to create a filter instead to deal
        with rogue e-mailers).

        I hope this helps.

        Dedicated to your success,

        Shaun
        Signature

        .

        {{ DiscussionBoard.errors[2740418].message }}
      • Profile picture of the author jbpatlanta
        I did not have any tagged email addresses.

        I subscribe to my own lists so that I can ensure that everything goes out smoothly. I noticed today a huge increase in spam and I usually never get spam.

        In the last few minutes it has started with the pharm mail

        But since I am getting I know that my subscribers are getting it too. I guess I need to send out an email warning them

        JBP
        Signature

        "DO or DO NOT. There is NO try!" -- Yoda

        {{ DiscussionBoard.errors[2740435].message }}
  • Profile picture of the author Hugh
    Look out! Not just Aweber. I am getting the "Your Federal Tax Payment ID 010...."
    emails and the addy used was not hacked from Aweber.

    Hugh
    Signature

    "Never make someone a priority in your life who makes you an option in theirs." Anon.
    "Some see private enterprise as a predatory target to be shot, others as a cow to be milked, but few are those who see it as a sturdy horse pulling the wagon." -- Winston Churchill

    {{ DiscussionBoard.errors[2740494].message }}
    • Profile picture of the author Shaun OReilly
      Originally Posted by Hugh View Post

      Look out! Not just Aweber. I am getting the "Your Federal Tax Payment ID 010...."
      emails and the addy used was not hacked from Aweber.

      Hugh
      Is that to a totally unique e-mail address that's not been
      used anywhere else?

      If so, where did you use the e-mail address?

      Of the 32 of mine getting spam, 26 are totally unique and
      only used in AWeber. The other 6 are not unique but have
      been used in AWeber and elsewhere.

      Dedicated to your success,

      Shaun
      Signature

      .

      {{ DiscussionBoard.errors[2740533].message }}
  • Profile picture of the author KarlWarren
    You mean Katya, 21 y.o doesn't actually want a man to have a strong family?

    I'm truly disappointed. lol.

    Over the last 5 days I've been getting the cycle between the tax, pharma and katya emails - unfortunately I haven't used tagged emails - but I think I'm going to start using them for subs. At least that way I can ditch them when the spam begins.

    Good idea.
    Signature
    eCoverNinja - Sales Page Graphics & Layout Specialist
    {{ DiscussionBoard.errors[2740609].message }}
  • Profile picture of the author Paul Myers
    The tagged addresses most of you are talking about are easily guessed. I have gotten two spams so far to an address that's NOT easily guessed and exists only on my newsletter list.

    I am now convinced.


    Paul
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[2740633].message }}
    • Profile picture of the author Fukuko
      My emails are certainly not guessable, they look like a34JK23Lw1@snkemail.com - The email service sneakemail.com allows you to generate random email addresses for each service and tag each one with the name of the service. When you receive an email, the display name is shown as the service so you can always see who sent the email.

      There is zero doubt that awebers database has been compromised.
      {{ DiscussionBoard.errors[2740729].message }}
      • Profile picture of the author thebitbotdotcom
        This can happen to ANY company. It's very similar to the Microsoft OS. It has always had the biggest bulls-eye on it's back because it has the largest market-share.
        Signature
        Do Your Copywriting Skills Suck?

        Let Us Help You Develop Your Writing Skills!

        Submit Guest Posts With [ TheBitBot.Com ]
        {{ DiscussionBoard.errors[2740800].message }}
  • Profile picture of the author Joshua Bretag
    I just got the tax spammed message to my own list tagged email. Something is going on here. Hope Aweber can get on top of it soon
    Signature
    Blueprint Solutions - Looking For People to Resell our Services, Clients pay double the price to our resellers.
    {{ DiscussionBoard.errors[2740725].message }}
  • Profile picture of the author Midas3 Consulting
    Yes, getting deluged with those to our test e-mail we use
    to seed an Aweber list.

    That and pharma stuff, both to aweber seeding e-mails.
    {{ DiscussionBoard.errors[2740810].message }}
  • Profile picture of the author Steve Holmes
    I have had about 12 of those emails today alone sent to 1 email address.

    I would be surprised if they were unaware of the problem and can fix it however, these spammers ALREADY have my email address. If they wanted to sell it on, I'm sure they could.

    How can they FIX that..? Perhaps most of the damage has been done.
    Signature
    "Live like you'll die tomorrow, Learn like you'll live forever" - M. Ghandi
    {{ DiscussionBoard.errors[2740826].message }}
  • Profile picture of the author DeborahDera
    This is pretty discouraging news. I JUST moved my list from Constant Contact to AWeber ...

    Originally Posted by Shaun OReilly View Post

    Let me start off by saying that I'm a massive fan
    of AWeber and recommend them highly to others.

    However...

    It seems that their systems may have been compromised
    again.

    You may remember the previous AWeber compromise
    back in December 2009 when subscriber data was
    accessed by spammers.

    Here's the Warrior Thread from that time:

    http://www.warriorforum.com/main-int...mpromised.html

    And here was AWeber's response back then:

    How We've Addressed The Recent Data Compromise

    Since that time, I've been hyper-paranoid about
    giving out my e-mails to any lists I join - regardless
    of what autoresponder service provider is used.

    If I sign-up for a list, I always create a unique
    e-mail address for the particular list that I only
    use to subscribe to that list.

    For example, if I join Joe Blogs newsletter, I'll
    create a unique e-mail address of joeblogs@example.com
    in my cpanel and then subscribe with that.

    Well, this morning, I've been inundated with spam
    to e-mail addresses that I have only used to join
    lists managed by AWeber or AWeber Private Labels.

    Some of these e-mail addresses were only created
    in the past month and have only been used with
    AWeber or AWeber Private Label managed lists.

    Here's the typical subject lines of the spam:

    Your Federal Tax Payment ID 0103574805 is rejected. Urgent Report.
    We Decline Your Federal Tax Payment ID: 0103761189.
    Your Federal Tax Payment has been rejetced in system.


    And the supposed sender e-mails end in @eftps.gov

    Again, these are only being received to e-mail
    addresses uniquely created and housed within
    AWeber and AWeber Private Label servers.

    Anyone else experiencing this too?

    P.S. My sites are well protected and I use passwords
    with at least 14 characters generated by RoboForm
    so I don't think it's my systems.

    The reason I think it's AWeber is because only the
    unique e-mail addresses created specifically for the
    AWeber managed lists are receiving spam.

    I'm open to being wrong which is why I'm asking the
    question if AWeber have been compromised again.

    Dedicated to your success,

    Shaun
    {{ DiscussionBoard.errors[2740862].message }}
  • Profile picture of the author DaveDaveDave
    Have AWeber Been Compromised Again??? YES. I can confirm that many (17 approx) of the new unique addresses I created to replace addresses compromised in Dec09 have been spammed starting on the 18th with the Tax Payment Spam and "Girls will be happy!" and "it would be super!" At first glance this spam does not seem to have gone to any addresses that weren't created to replace the compromised AWeber ones. They are crap at security then? I'm not a list owner, just signed up to various lists that AWeber hosts. Great pity we can't get compensation for the aggravation caused, they didn't seem very bothered last time (not even a mention on the front page of their web site).
    {{ DiscussionBoard.errors[2740895].message }}
    • Profile picture of the author Sir Dancelot
      Yep, I've been getting spam to 10 different tagged addresses given to 10 different aweber customers.
      {{ DiscussionBoard.errors[2741003].message }}
  • Profile picture of the author mikebrooks
    I am getting loads of those emails too. But I am 99.9% sure some of those email addresses have never been entered into an aweber list by me.

    I use Infusion and some of the email addresses they are coming to are only used there.

    I wonder if this is more than aweber. It could either be Infusion or my host as well.
    Signature

    Mike Brooks
    Affiliate/JV Manager for Job Crusher
    IMPartnerPro.com

    {{ DiscussionBoard.errors[2741056].message }}
    • Profile picture of the author Paul Myers
      Okay. This is weird.

      I've gotten hundreds of those to one address. I've gotten two each to a couple of addresses that are only one one list (mine). I'm wondering now if this isn't going to be one of each spam for each subscription.

      The EFTPS stuff started around the first week of October, in preparation for the last day to file taxes for folks who'd filed under an extension. Got small amounts then, but only to the usual addresses. That part of the spam load was normal.

      The tagged stuff happened today for the first time, and it's all part of one big flood.

      Nothing yet at the Yahoo or Hotmail boxes I use for testing. And only a small handful at the Gmail address at which I get a lot of my subscriptions. Looks like the content filters will have gotten it figured out, and the DNSBLs are still behind, which is to be expected with bot spam like this.


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[2741178].message }}
      • Profile picture of the author Crew Chief
        Houston, we have a problem!

        I've been busy racing to complete some deadlines and had not checked my email accounts since I logged in early this morning.

        After seeing the thread posted by Shaun, I checked and yes they hammered me with over 100 Pharma and EFTPS Tax Payment spams between 3:21am to 10:07am EST on a couple of email addresses, [each].

        The email addresses that were hit have four distinct characteristics:
        1. I created all of them with weird unique names, (i.e., zu_m1ayabre3due@yourdomain.com)
        2. I attached a even weirder first and last name to each email address, (i.e., Sl1jknuhs Blkrusenohben)
        3. I used those email addesses to subscribe and the subscriptions were through AWeber
        4. I only use each email address for "1" subscription
        If an email comes to any of those email addresses, I know where it originated from. If a person can guess some of the names and emails I created, they have a better future playing the lottery!

        IMHO, AWeber definitely has a issue and hopefull they will address it in a professional and timely manner.

        Giles, the Crew Chief

        Originally Posted by Shaun OReilly View Post

        Because I use unique e-mail addresses for each new
        subscription, I can simply delete the unique e-mail
        address and then create a new unique address that
        forwards to my main address. Or, just let GMail filter
        them into spam.

        However, my main concern is for my own subscribers for
        lists that are housed within AWeber as many people use
        their main e-mail address for many subscriptions.

        I don't know how widespread the compromise is as of yet.
        Hopefully it's only a small percentage of AWeber lists and
        list owners that are affected.

        Dedidcated to your success,

        Shaun
        Signature
        Tools, Strategies and Tactics Used By Savvy Internet Marketers and SEO Pros:

        SEO G.O.L.D. = Genuine Overall Link Diversity
        {{ DiscussionBoard.errors[2741362].message }}
        • Profile picture of the author LB
          Originally Posted by Crew Chief View Post


          IMHO, AWeber definitely has a issue and hopefull they will address it in a professional and timely manner.
          Last time this happened aweber didn't even notify their members.

          They made a blog post about it with comments disabled.

          I left them then, but am still getting spam to the previously compromised addresses.

          IF this happened again, it's truly inexcusable.
          Signature
          Tired of Article Marketing, Backlink Spamming and Other Crusty Old Traffic Methods?

          Click Here.
          {{ DiscussionBoard.errors[2741413].message }}
          • Profile picture of the author Tim Franklin
            Originally Posted by LB View Post

            Last time this happened aweber didn't even notify their members.

            They made a blog post about it with comments disabled.

            I left them then, but am still getting spam to the previously compromised addresses.

            IF this happened again, it's truly inexcusable.
            Amazing, stuff, I know I am sick of the spam already...
            Signature
            Software Development | Applications | OSX | iOS | Android | Cloud Software Engineering |
            {{ DiscussionBoard.errors[2741431].message }}
            • Profile picture of the author LB
              This is what I'm looking at.

              This is coming across on addresses that were used to test aweber sign-up forms.
              Signature
              Tired of Article Marketing, Backlink Spamming and Other Crusty Old Traffic Methods?

              Click Here.
              {{ DiscussionBoard.errors[2741451].message }}
            • Profile picture of the author Crew Chief
              Originally Posted by LB View Post

              Last time this happened aweber didn't even notify their members. They made a blog post about it with comments disabled.

              I left them then, but am still getting spam to the previously compromised addresses.

              IF this happened again, it's truly inexcusable.
              My quandary is; do I fire old reliable because some Spammer on methadone laced crack found a breach in their system?

              I'd rather put in place measures to catch this person and go after them with the same vim and vigor the system went after Christopher Smith. See: Spammer gets 30 years in the slammer ? The Register

              Giles, the Crew Chief
              Signature
              Tools, Strategies and Tactics Used By Savvy Internet Marketers and SEO Pros:

              SEO G.O.L.D. = Genuine Overall Link Diversity
              {{ DiscussionBoard.errors[2741469].message }}
  • Profile picture of the author MChriston
    Yep, tidal wave of spam today... I had deleted a few hundred by lunchtime!

    One factor in common - All of the email addresses hit have been used on Aweber. I'm absolutely certain that is the root as this includes addresses we only use for testing our Aweber webforms.

    The problem is compounded by multiple copies of the same spam email being sent. So as a temporary measure I have set our server to delete all known spam emails upon receipt at server...

    The joy of it all!

    M
    Signature
    DECLARE W.A.A.R ON YOUR COMPETITION!
    ...and beat Google in the process!
    www.declarewaar.com
    {{ DiscussionBoard.errors[2741139].message }}
  • Profile picture of the author Tim Franklin
    Yes, I was wondering who to blame this on good thing I read this I was about to give someone a phone call, and rain down hell on them, would have been an opps moment, but now I can see where this is definitely coming from because the only connection to the spam was that both email accounts were at one time associated with that vendor mentioned earlier, (allegedly):
    Signature
    Software Development | Applications | OSX | iOS | Android | Cloud Software Engineering |
    {{ DiscussionBoard.errors[2741198].message }}
  • Profile picture of the author Paul Myers
    Giles,
    AWeber definitely has a issue and hopefull they will address it in a professional and timely manner.
    It won't make any difference to a lot of people how Aweber responds, because they're set in their thinking on the issue already. For example, LB described it as "inexcusable."

    It's a problem, definitely. The question, at least to me, is could it have been avoided by reasonable precautions that weren't taken, or was it beyond the ability of a serious security audit to prevent? Without knowing how it happened, there's no way to sensibly answer that question.

    When this happened last year, it was followed fairly closely by a similar issue with another ESP. These were on the heels of security breaches at the DoD, the CIA, Google, and a number of other large IT firms. In very recent news, a chunk of Microsoft IP space was being used to provide nameservice for a bunch of phishing domains.

    There is no such thing as perfect security.


    Paul
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[2741479].message }}
  • Profile picture of the author JayXtreme
    Oh FFS...

    Just what I need. This is a tremendous cock up right now. I'm not blamin' AWeber.. I could just do without this crap, my current workload is enough to make me want a 9 - 5....

    It's gonna be a LOOOONG night.

    It's times like this that I wish I didn't have so many ******* segmented lists.. gonna have to check/mail to them all... and it's one day of mailing that is guaranteed to lose me money instead of making more..


    grrrrr ¬¬¬¬¬!Wewivlnlwrvinqe;vkhq;ovwl.vinwlr;iv rhvo;qiwgov;qjig !!!!!!!
    Signature

    Bare Murkage.........

    {{ DiscussionBoard.errors[2741570].message }}
  • Profile picture of the author JayXtreme
    p.s.

    Anyone who is blindly pointing the finger at AWeber.. needs to take a running jump... Safety and security of information is an illusion, it can and does happen to anyone. Regardless of size.
    Signature

    Bare Murkage.........

    {{ DiscussionBoard.errors[2741579].message }}
    • Profile picture of the author Sandor Verebi
      Originally Posted by JayXtreme View Post

      p.s.

      Anyone who is blindly pointing the finger at AWeber.. needs to take a running jump... Safety and security of information is an illusion, it can and does happen to anyone. Regardless of size.
      Unfortunately, you are right, Yay.

      Already the fourth day that I get such messages (tax, viagra, watches, pharma, just name a few kind). First day I got 13, next 29, yesterday 69, and today 116 arrived into a certain email address.

      It's weird and annoying. I will to cancel that email address today and put up a new one. Nothing else I can do about it, unfortunately.

      Let's make something productive.

      All the best,

      Sandor
      Signature

      {{ DiscussionBoard.errors[2749476].message }}
  • {{ DiscussionBoard.errors[2741586].message }}
  • Profile picture of the author good2go4
    I deleted over a hundred of the pharma ones this morning - all filtered out by Gmail, but annoying none the less. Thought I had just got snagged by a spammer, but looks like I had better check my lists - thanks for the heads-up
    {{ DiscussionBoard.errors[2741639].message }}
    • Profile picture of the author jeffogden
      Yep! Me too. Hundreds of Pharma Spam and the tax spam, all from my awber email address. Damn! What a mess. Should I leave Aweber or not, that now becomes the question.
      {{ DiscussionBoard.errors[2764263].message }}
    • Profile picture of the author bobsstuff
      I hate ME TOO posts, but ME TOO!

      11 of 20 email addresses I use for IM email got this same spam. I am off to delete those addresses.

      Maybe this is a good way to par down the number of newsletters I get.
      Signature
      Bob Hale
      {{ DiscussionBoard.errors[2823257].message }}
  • Profile picture of the author mosstrooper
    Thanks for this. I didn't know about the earlier breach in Dec09 and when I started getting loads of spam to unique email addresses on my spamarrest.com account I assumed I had been careless somehow on facebook or Gmail and had been hacked. Today I started getting the spam on just 2 unique email addresses used for subscribing to email lists. Now I know its not my fault! Thanks.
    Signature

    Chris

    {{ DiscussionBoard.errors[2741709].message }}
  • Profile picture of the author JustinPremick
    Hi all,

    We're looking into a possible data compromise and will be sharing any findings after we complete our investigation.

    I'll return here to post, but you may also want to subscribe to our blog or follow us on Twitter to stay in the loop.
    {{ DiscussionBoard.errors[2742059].message }}
  • Profile picture of the author JVManna
    Our email guys have a catch all account they use to monitor for abuse. They noticed a very significant spike in pharma spam being sent to email addresses specifically signed up on Aweber addresses.

    Security is a top concern at all ESPs including Aweber. I know Justin will confirm the details that everyone is buzzing about. It's important to remember that security is a moving target and no company or service is completely immune to attack.

    Hope this wasn't as severe as the previous one. Thanks for your rapid response, Justin.
    Signature
    Joseph Manna
    Community Manager | Infusionsoft
    joseph.manna@infusionsoft.com

    I don't check PMs. Let me know if you have any questions or concerns about Infusionsoft via email.
    {{ DiscussionBoard.errors[2742612].message }}
  • Profile picture of the author suppan99
    Yes, I am new internet marketing and I have 150 subscribers in my list.

    I have 3 addresses of my own and I got the same email 3 or 4 of them today.
    {{ DiscussionBoard.errors[2742632].message }}
    • Profile picture of the author Marc Rodill
      Yeah. 8 or 9 pharma spam for me too. But I delete spam all the time without thinking about it. I don't see the big deal. But that's just me, of course. Woo gMail.

      But since I'm paranoid. I blame it on the Gov. They want email to be unsafe so they can ban it. Just kidding. I'm a joker. Really. No kidding.
      Signature
      Long Lost Warriors! The Secret Sales System! Act Now! Buy Now! Right Now!
      {{ DiscussionBoard.errors[2742883].message }}
  • Profile picture of the author Joshua Bretag
    Had a chat with my Rep at Aweber and they said they are getting onto it and looking into it, Have not heard anything back yet but when I do I will be the first to post here.
    Signature
    Blueprint Solutions - Looking For People to Resell our Services, Clients pay double the price to our resellers.
    {{ DiscussionBoard.errors[2743052].message }}
  • Profile picture of the author JustinPremick
    Hi all,

    We've just posted about this on our blog:

    Email Subscriber Data Accessed; What We're Doing About It

    If you have any questions, please give us a call or an email:

    877-AWEBER-1 or +1 215-825-2196
    http://www.aweber.com/contact-us.htm

    Thanks for your patience while we investigated the issue. I'm sorry this occurred.
    {{ DiscussionBoard.errors[2745664].message }}
    • Profile picture of the author Shaun OReilly
      Originally Posted by JustinPremick View Post

      Hi all,

      We've just posted about this on our blog:

      Email Subscriber Data Accessed; What We’re Doing About It

      If you have any questions, please give us a call or an email:

      877-AWEBER-1 or +1 215-825-2196
      http://www.aweber.com/contact-us.htm

      Thanks for your patience while we investigated the issue. I'm sorry this occurred.
      Thanks for dealing with this issue so promptly and openly (with
      Warriors anyways).

      Remember that a data compromise can happen to any company
      online - even banks.

      I think that this time, AWeber have responded more swiftly
      than the last intrusion, and they've also posted on this thread
      to keep Warriors informed.

      Sometimes, these un-intended mistakes happen in business.
      What's important is how a company responds to challenges
      like this.

      Dedicated to your success,

      Shaun
      Signature

      .

      {{ DiscussionBoard.errors[2745774].message }}
      • Profile picture of the author Bill Farnham
        Well, if there's a plus to this situation now at least I know how many lists I'm subscribed to through Aweber.

        Apparently I'm getting the same spam message from each list instance...

        And this is a lot better than the old days when I was younger. All that Morse Code noise continually clicking in the background used to drive me nuts.

        ~Bill
        Signature
        {{ DiscussionBoard.errors[2745826].message }}
        • Profile picture of the author MichaelHiles
          Originally Posted by Bill Farnham View Post

          Well, if there's a plus to this situation now at least I know how many lists I'm subscribed to through Aweber.

          Apparently I'm getting the same spam message from each list instance...

          And this is a lot better than the old days when I was younger. All that Morse Code noise continually clicking in the background used to drive me nuts.

          ~Bill
          Actually, I'm not subscribed to very many Aweber lists anymore. Your email address seems to stay in their database even though you've unsub. It appears that I am getting a spam message for every single Aweber list that I have ever subscribed to in the history of the internet.



          I am such a huge UN-fan. I'm to the point of not even subscribing to someone's list if I see a stock Aweber form builder.

          I will grant that they have been a smidgen more professional and responsive about this breach though.
          {{ DiscussionBoard.errors[2745839].message }}
          • Profile picture of the author Bill Farnham
            Originally Posted by MichaelHiles View Post

            It appears that I am getting a spam message for every single Aweber list that I have ever subscribed to in the history of the internet.
            I think there could be a correlation between the number of lists/spam messages.

            Today it's sombody spamming 'watches'.

            If tomorrow it's "O'Donnell Does Dallas" videos I'll be subscribing to a few more lists...

            ~Bill
            Signature
            {{ DiscussionBoard.errors[2745881].message }}
            • Profile picture of the author Martin Luxton
              Don't worry AWeber.

              In the next week or two, Google, Paypal or Godaddy will royally piss somebody off and this security breach will become old news.

              Martin
              {{ DiscussionBoard.errors[2746000].message }}
  • Profile picture of the author MChriston
    Justin,

    Sometimes, these un-intended mistakes happen in business. What's important is how a company responds to challenges like this.
    I agree with Shaun, however...

    Though I appreciate that you have responded and apologised on your blog and via this forum, as an Aweber customer I would respectfully suggest that you have not been as open as you could be.

    ...yet.

    Yes, via the control panel of Aweber a user can see the blog posts... but I'm wondering how many users actually notice that. And of course, not all Aweber users are WF readers...

    May I suggest an email to customers and/or a more obvious statement on the control panel.

    I realise this revelation of data theft could be a major blow when considering your relationship with your customers... but the theft of data (even if only with the intention to spam people) is a very serious issue.

    Mistakes and problems do happen for all businesses ...but it is times like these that the truly great suppliers have a chance to shine, should they choose to act beyond the call of duty.

    Just a thought,

    Michael
    Signature
    DECLARE W.A.A.R ON YOUR COMPETITION!
    ...and beat Google in the process!
    www.declarewaar.com
    {{ DiscussionBoard.errors[2746043].message }}
    • Profile picture of the author netkid
      Hey Shaun,

      I too, received "ET tax" and "pharma" spams too, but not only through Aweber subscribed lists but I also see it coming through my Hostgator Cpanel emails...my resller customers are getting them too. So, it's not specific to Aweber, I'm afraid.

      Funny that my Yahoo, Google and Hotmail email accounts haven't been affected yet.

      I'm not going to "freak" this time and keep Aweber and just keep going. It's a fact of life I'm afraid.
      {{ DiscussionBoard.errors[2746135].message }}
  • Profile picture of the author LB
    So once again your customers have not been contacted about this directly and you've disabled comments on that blog post. (of course you'd just not approve them anyway...which is what happened anytime I politely offered an alternative view to one of them)

    Man up Aweber.

    I guarantee you (based on my own experience) that right now your customers are getting cussed out and threatened with lawsuits by people who have had their emails stolen. Many people use emails like listname.name@domain.com so they know exactly which email was the problem and they are used once per list.

    It's not fair that you don't even have the decency to notify your customers directly via email and expect them to look at your blog.
    Signature
    Tired of Article Marketing, Backlink Spamming and Other Crusty Old Traffic Methods?

    Click Here.
    {{ DiscussionBoard.errors[2746184].message }}
    • Profile picture of the author Michael Lee
      It says on the aweber blog:

      "While most of them (referring to subscribers) will not notice any changes to their inboxes as a result of this incident, we take that trust, and what has happened, seriously."

      Does this mean business as usual? Am I in the "minority" who are receiving dozens of Watches spam emails?

      On the contrary, my yahoo email subscribed to aweber doesn't seem to get much of those spam emails.

      Would be great to know if yahoo, gmail, hotmail or any other email accounts have been spared from the attack.

      Thanks!
      {{ DiscussionBoard.errors[2746312].message }}
      • Profile picture of the author Bryan O'Neil
        I, for one, have been discussing this issue with my lawyer and we're planning on filing a class action lawsuit - or already preparing one rather.

        Contrary to many people in this thread who don't seem to care a whole lot about what happens with not only their own but with their subscribers' email addresses (and thus with the list owner's reputation), I take this issue as a VERY serious one.

        Sure, a formal apology and being open about the issue is nice. (Even though it's highly debatable whether aWeber has indeed been open enough about this - as someone pointed out above, the blog post reaches a very small percentage of LIST OWNERS, and only a very, very tiny fraction of SUBSCRIBERS - who are the ones that are the actual victims.) That said, a mere apology simply doesn't "cut it", so to speak - and statements such as "things like this happen even to the best of us" can hardly be taken seriously in this situation.

        To those who need an illustration: Let's say that I borrow a large amount of cash from you. I now go ahead and walk home with the cash in my back pocket. It gets stolen. I still owe you the cash, right? The question is not whether "things like this happen" or not, but rather whether I should've walked around with all this cash in the first place or taken a taxi instead.

        It seems as though many (those who seem to take the whole thing rather lightly) don't understand the true scope of the situation. We're talking about tens (if not hundreds) of MILLIONS of e-mail addresses that had been trusted to the hands of one of the most respected service providers in the industry - and are now in the hands of spammers.

        Furthermore, while I stayed relatively calm the last time the very same thing happened (less than a year ago), two times is simply outrageous and clearly shows that something is very, very wrong over there.

        I will inform you guys about the lawsuit and how to participate once we reach this stage - although I'm rather sure you'll get to read about it through media as well.

        Bryan

        P.S. The fact that aWeber didn't take this to the authorities last time it happened (or didn't inform us about it at least) isn't very comforting either. From the looks of it (I'm not accusing anybody - simply thinking out loud as I've dealt with large mailing/customer lists myself before) it might as well be an "inside job", i.e. a current or former employee who has access to the databases running with them. Just a thought
        Signature
        Buying a website but don't want to get scammed? - Centurica's Website Due Diligence
        {{ DiscussionBoard.errors[2747058].message }}
        • Profile picture of the author Bill Farnham
          Originally Posted by Bryan O'Neil View Post

          I, for one, have been discussing this issue with my lawyer and we're planning on filing a class action lawsuit - or already preparing one rather.
          Right. Maybe you can put the victim out of business and save us all a lot of trouble by not having lists anymore.

          Tell your lawyer to find another ambulance to chase.

          ~Bill
          Signature
          {{ DiscussionBoard.errors[2747103].message }}
        • Profile picture of the author kindsvater
          Originally Posted by Bryan O'Neil View Post

          I, for one, have been discussing this issue with my lawyer and we're planning on filing a class action lawsuit - or already preparing one rather.
          Awesome. Another class action lawsuit where the lawyers seek tons of fees for accomplishing nothing and the class members (everyone with an AWeber account) gets .. um, what would we get?

          Probably a promise that AWeber has incorporated some new and better security system that THEY WOULD BE LOOKING TO DO ANYWAY.

          Hey? What I am saying? I'm personal friends with class action lawyers and I've been involved in some myself.

          Time to get on the phone?

          Nahh. I'll pass. Real Warriors don't jump for glee about trying to be the first to file a class action against another Warrior.

          O'Neil - be forewarned that due to your post your deposition could prove to be very interesting.

          And when you devise an impenetrable computer system let us, the government, Microsoft, Apple, Google, and everyone else on the planet know.

          Thanks.
          {{ DiscussionBoard.errors[2748291].message }}
          • Profile picture of the author LB
            Originally Posted by kindsvater View Post

            Awesome. Another class action lawsuit where the lawyers seek tons of fees for accomplishing nothing and the class members (everyone with an AWeber account) gets .. um, what would we get?

            Probably a promise that AWeber has incorporated some new and better security system that THEY WOULD BE LOOKING TO DO ANYWAY.

            Hey? What I am saying? I'm personal friends with class action lawyers and I've been involved in some myself.

            Time to get on the phone?

            Nahh. I'll pass. Real Warriors don't jump for glee about trying to be the first to file a class action against another Warrior.

            O'Neil - be forewarned that due to your post your deposition could prove to be very interesting.

            And when you devise an impenetrable computer system let us, the government, Microsoft, Apple, Google, and everyone else on the planet know.

            Thanks.
            Serious question...what happens if one of aweber's customers is sued because someone on their list had their email compromised and wants to pursue it?

            As mentioned above plenty of people use unique identifiers so it's easy to track.
            Signature
            Tired of Article Marketing, Backlink Spamming and Other Crusty Old Traffic Methods?

            Click Here.
            {{ DiscussionBoard.errors[2748341].message }}
          • Profile picture of the author Midas3 Consulting
            Originally Posted by kindsvater View Post

            And when you devise an impenetrable computer system let us, the government, Microsoft, Apple, Google, and everyone else on the planet know.

            Thanks.
            It should be noted that I have not had the same issues with:

            InfusionSoft or Icontact.

            Twice in the last 6 months , Aweber has been seriously compromised.

            It's an appalling situation when your customers contact you complaining
            of spam to e-mail addresses they specifically used to sign up to your services.

            I appreciate the guys at Aweber taking the time to be up front and
            also apologize via the blog but it doesn't detract from the fact that
            a very short period of time after the last disaster we have yet another.

            Hacking is part of life but the core competency of Aweber is
            the storage and deliver-ability of e-mail, they need to work
            harder and or smarter to stop this.

            How long until the next occurrence, and the next and the next. ?

            Are we simply meant to doff our hats and accept this as part of
            doing business with Aweber, that every few months our customers
            will receive a torrent of spam ?

            I'm a big fan of Aweber as a company, their support is fantastic,
            their prices competitive, the backend functionality at this price
            is above average, but this "oh dear, we got hacked again, sorry folks"
            routine has to come to an end, it can't simply be the price of
            doing business with them.

            I don't understand either why legal action hasn't been taken.

            It's easy enough to track the sender of the pharma e-mails presumably
            by going to the company the spam links to , who else would be the
            culprit but the company selling the pharma products or one of their
            affiliates, it's doable to determine the cause here.

            Ok , back to work.
            {{ DiscussionBoard.errors[2749593].message }}
            • Profile picture of the author Shaun OReilly
              Originally Posted by SimonHarrison View Post

              It should be noted that I have not had the same issues with:

              InfusionSoft or Icontact.
              Actually, iContact had a security breach back in January
              of this year:

              iContact Internal Investigation of Spam Emails: Updated | Uncategorized | iContact-Blog

              NO autoresponder system, third-party or otherwise, is
              safe from determined hackers.

              I use iContact, AWeber, Infusionsoft and other providers
              for my own business and those of my offline clients.

              I would say that whilst AWeber have posted a response
              here, via Twitter and on their blog, I would like to see them
              pro-actively contact those list owners whose subscriber
              data they know has been compromised.

              That's what I'd like to see happen but I doubt they would
              do that.

              Dedicated to your success,

              Shaun
              Signature

              .

              {{ DiscussionBoard.errors[2749635].message }}
              • Profile picture of the author Midas3 Consulting
                Originally Posted by Shaun OReilly View Post


                NO autoresponder system, third-party or otherwise, is
                safe from determined hackers.

                Shaun
                Goes without saying, my point was that there has to be
                an end game here, it can't be a continual, hack-apologize
                scenario.

                In regards Icontact, I can only comment on my experience.
                {{ DiscussionBoard.errors[2749648].message }}
                • Profile picture of the author DavidMaddux
                  Yesterday I had over 150 Spam emails from "Pharma", "Watches", etc. And, they arrived at approximately 3 minute intervals, i.e. very structured.

                  That number was kind of high, and they all appeared to be uniformly created from the same template. So, after reading this thread, I assumed I had been "victimized" too.

                  After 5 - 6 mouse clicks, my Spam folder was empty. This morning, I have around 12 spam emails from a variety of sources, not all uniform like yesterday.

                  Did I miss something? What's the big deal again? A class action lawsuit?

                  Best wishes.
                  Signature
                  {{ DiscussionBoard.errors[2749955].message }}
                  • Profile picture of the author Shaun OReilly
                    Originally Posted by DavidMaddux View Post

                    Yesterday I had over 150 Spam emails from "Pharma", "Watches", etc. And, they arrived at approximately 3 minute intervals, i.e. very structured.

                    That number was kind of high, and they all appeared to be uniformly created from the same template. So, after reading this thread, I assumed I had been "victimized" too.

                    After 5 - 6 mouse clicks, my Spam folder was empty. This morning, I have around 12 spam emails from a variety of sources, not all uniform like yesterday.

                    Did I miss something? What's the big deal again? A class action lawsuit?

                    Best wishes.
                    I'm not one advocating a lawsuit or anything like that.

                    However, this is a serious situation.

                    It doesn't just involve my e-mail address or the e-mail
                    addresses of a few Warriors.

                    I'm on 32 AWeber- managed lists that I know have been
                    breached in the recent data compromise. How many people
                    on those lists have similarly had their e-mails compromised?

                    More importantly...

                    This affects my own offline clients who are using AWeber to
                    manage their lists.

                    Some of their e-mail subscriber and customer e-mails have
                    been accessed by spammers in this data compromise.

                    I'm fortunate that I've got systems set-up to automatically
                    filter out the spam to my own e-mails and manage the
                    problem.

                    However, many of the subscribers of AWeber customers do
                    not have that luxury.

                    After the previous AWeber data compromise back in December
                    2009, I began to migrate some of my lists to other providers
                    such as Infusionsoft and am currently migrating some lists
                    over to iContact.

                    There's no need for a lawsuit but I wouldn't brush it off as no
                    big deal either.

                    Dedicated to your success,

                    Shaun
                    Signature

                    .

                    {{ DiscussionBoard.errors[2750030].message }}
                  • Profile picture of the author Midas3 Consulting
                    Originally Posted by DavidMaddux View Post

                    Yesterday I had over 150 Spam emails from "Pharma", "Watches", etc. And, they arrived at approximately 3 minute intervals, i.e. very structured.

                    That number was kind of high, and they all appeared to be uniformly created from the same template. So, after reading this thread, I assumed I had been "victimized" too.

                    After 5 - 6 mouse clicks, my Spam folder was empty. This morning, I have around 12 spam emails from a variety of sources, not all uniform like yesterday.

                    Did I miss something? What's the big deal again? A class action lawsuit?

                    Best wishes.
                    It's a big deal, when it's a big deal.

                    Having your customers details hacked and then spam sent to them
                    is a big deal, even if , as you mention you're happy deleting them
                    personally.

                    This isn't about individuals, the issue is far greater than that.

                    Whether a law suit is of any value is entirely a different scenario.
                    {{ DiscussionBoard.errors[2750047].message }}
                    • Profile picture of the author DavidMaddux
                      Thanks for the answers guys

                      According to Aweber:
                      "It's also important in a situation like this to take stock of what information was not accessed.
                      The attackers did not gain access to credit card numbers, customers' email or postal addresses, affiliates' tax IDs nor any other contact information about AWeber customers or affiliates."
                      I'm only asking to try and understand, I'm not being sarcastic or anything, but we're still just talking about unwanted spam, right?

                      Is there a bigger picture?

                      Best wishes.
                      Signature
                      {{ DiscussionBoard.errors[2750092].message }}
                      • Profile picture of the author Midas3 Consulting
                        Originally Posted by DavidMaddux View Post

                        Thanks for the answers guys

                        According to Aweber:
                        "It's also important in a situation like this to take stock of what information was not accessed.
                        The attackers did not gain access to credit card numbers, customers' email or postal addresses, affiliates' tax IDs nor any other contact information about AWeber customers or affiliates."
                        I'm only asking to try and understand, I'm not being sarcastic or anything, but we're still just talking about unwanted spam, right?

                        Is there a bigger picture?

                        Best wishes.
                        We can boil it down to "just spam" David yes, that's true but it doesn't
                        exist in a vacuum in any real sense.

                        The argument, that on the plus side, they didn't get my credit card details
                        sort of falls a bit flat to my mind.

                        Fortunately for me I now have less than 50k with Aweber, so it's not life or
                        death for me but I really don't want to see people who put their faith in my
                        services and products then deluged with spam as a result.

                        If you view the situation as purely a case of deleting some spam, that's dandy
                        but understand that becomes a major issue on a large scale when you're seeded
                        into multiple lists, when your e-mails are hooked to AR series, when your
                        spam filters need searching for real e-mails, etc etc.

                        Right, seriously work.
                        {{ DiscussionBoard.errors[2750160].message }}
                        • Profile picture of the author DavidMaddux
                          Originally Posted by SimonHarrison View Post

                          We can boil it down to "just spam" David yes, that's true but it doesn't
                          exist in a vacuum in any real sense.

                          The argument, that on the plus side, they didn't get my credit card details
                          sort of falls a bit flat to my mind.

                          Fortunately for me I now have less than 50k with Aweber, so it's not life or
                          death for me but I really don't want to see people who put their faith in my
                          services and products then deluged with spam as a result.

                          If you view the situation as purely a case of deleting some spam, that's dandy
                          but understand that becomes a major issue on a large scale when you're seeded
                          into multiple lists, when your e-mails are hooked to AR series, when your
                          spam filters need searching for real e-mails, etc etc.

                          Right, seriously work.

                          Thank you

                          I can see where having multiple lists would create multiple headaches, exponentially in fact.

                          While I was trying to think "outside the box", the box was actually WAY bigger than I realized.

                          Best wishes.
                          Signature
                          {{ DiscussionBoard.errors[2750224].message }}
        • Profile picture of the author davezan
          Originally Posted by Bryan O'Neil View Post

          To those who need an illustration: Let's say that I borrow a large amount of cash from you. I now go ahead and walk home with the cash in my back pocket. It gets stolen. I still owe you the cash, right? The question is not whether "things like this happen" or not, but rather whether I should've walked around with all this cash in the first place or taken a taxi instead.
          Well, you could get robbed in a taxi too. If the one you borrowed money from
          says he understands and no rush to repay him, consider yourself fortunate.

          If anything, AWeber can probably offer a free month or so for what happened.
          If you feel that's not enough, then do whatever you see fit and good luck.

          (edit: just saw Brian posting and answered anyway.)
          Signature

          David

          {{ DiscussionBoard.errors[2748411].message }}
        • Profile picture of the author goldliger
          Originally Posted by Bryan O'Neil View Post

          I, for one, have been discussing this issue with my lawyer and we're planning on filing a class action lawsuit - or already preparing one rather.

          Contrary to many people in this thread who don't seem to care a whole lot about what happens with not only their own but with their subscribers' email addresses (and thus with the list owner's reputation), I take this issue as a VERY serious one.

          Sure, a formal apology and being open about the issue is nice. (Even though it's highly debatable whether aWeber has indeed been open enough about this - as someone pointed out above, the blog post reaches a very small percentage of LIST OWNERS, and only a very, very tiny fraction of SUBSCRIBERS - who are the ones that are the actual victims.) That said, a mere apology simply doesn't "cut it", so to speak - and statements such as "things like this happen even to the best of us" can hardly be taken seriously in this situation.

          To those who need an illustration: Let's say that I borrow a large amount of cash from you. I now go ahead and walk home with the cash in my back pocket. It gets stolen. I still owe you the cash, right? The question is not whether "things like this happen" or not, but rather whether I should've walked around with all this cash in the first place or taken a taxi instead.

          It seems as though many (those who seem to take the whole thing rather lightly) don't understand the true scope of the situation. We're talking about tens (if not hundreds) of MILLIONS of e-mail addresses that had been trusted to the hands of one of the most respected service providers in the industry - and are now in the hands of spammers.

          Furthermore, while I stayed relatively calm the last time the very same thing happened (less than a year ago), two times is simply outrageous and clearly shows that something is very, very wrong over there.

          I will inform you guys about the lawsuit and how to participate once we reach this stage - although I'm rather sure you'll get to read about it through media as well.

          Bryan

          P.S. The fact that aWeber didn't take this to the authorities last time it happened (or didn't inform us about it at least) isn't very comforting either. From the looks of it (I'm not accusing anybody - simply thinking out loud as I've dealt with large mailing/customer lists myself before) it might as well be an "inside job", i.e. a current or former employee who has access to the databases running with them. Just a thought
          I for one won't be on board. A lawsuit isn't going to benefit anybody.

          In fact, I think threatening a lawsuit over something Aweber clearly takes very seriously, and takes strong measures to prevent, calls your character into question much more so than theirs.
          {{ DiscussionBoard.errors[2748417].message }}
        • Profile picture of the author Martin Avis
          Originally Posted by Bryan O'Neil View Post

          I, for one, have been discussing this issue with my lawyer and we're planning on filing a class action lawsuit - or already preparing one rather.
          Sounds like your lawyer needs something to do - have you mentioned to him that MacDonalds serve hot coffee? Or that the saturated fat in burgers contributes to heart disease?

          Go ahead, keep yourselves busy. The rest of us have better things to do.
          Signature
          Martin Avis publishes Kickstart Newsletter - Subscribe free at http://kickstartnewsletter.com
          {{ DiscussionBoard.errors[2748806].message }}
        • Profile picture of the author Martin Luxton
          Originally Posted by Bryan O'Neil View Post

          I, for one, have been discussing this issue with my lawyer and we're planning on filing a class action lawsuit - or already preparing one rather.

          So should we all start a class action against Microsoft for 'allowing' all those nasty viruses to attack our computers?

          Like Microsoft, AWeber is under constant attack because it is a very big player in the market. The Pentagon (who should never 'allow' this to happen) has had its computer system hacked as well.

          There was a link from Paul Myers a while back to a piece about how it appears certain governments might be (in diplomatic language 'might be' = 'we're pretty damn sure') putting a lot of money into hacking teams.

          The security guys will always be one step behind the hackers. All the good guys can do is what home security consultants recommend - make your house as difficult to break into as you can so burglars look for easier targets. Of course, the downside to this advice is that hackers love a challenge

          Yes, maybe AWeber could have done more to prevent this problem and been more proactive/open in its response. Then again, without taking the time to establish the true facts they could have been left with even more egg on their face by publishing incomplete and/or misleading information.

          FYI: I'm not a customer or affiliate or AWeber, nor am I a relative or business associate of any of its employees. I'm just doomed always to see more than one side to a story.


          Martin
          {{ DiscussionBoard.errors[2749021].message }}
        • Profile picture of the author Joshua Bretag
          Originally Posted by Bryan O'Neil View Post

          I, for one, have been discussing this issue with my lawyer and we're planning on filing a class action lawsuit - or already preparing one rather.
          Seriously mate! are you really serious wasting time trying to file a class action suit against a company that does not kill people, does not scam people and above all is probably one of the most honest autoresponders out there.

          Now I am not saying that aweber is perfect, it's far from it just like every autoresponder service out there. Thats why I use 7 different autoresponder services for my lists. I understand that the situation really needs to be taken seriously and aweber really need to look into beefing up their security, but what is going to come about beneficial for the customers of a class action law suit. Yeah you might get them to increase their security but won't they be doing that already as stated by another warrior. What will the customers really get???

          You would be better to take on the corporate giants that create a monoploy in there markets in which they are kicking the little local guys out.

          I also believe that shaun has a great point that aweber should give some reasonable compensation for the damage that has been caused are we going to see this I don't know, but I hope we do for aweber's benefit and the benefit of it's customers.

          Now if you have read this far I don't agree with a class action law suit, nor do I agree that this issue should be taken lightly. So if you have any questions about anything to do with aweber shot them through to me via PM as I will be interviewing Justin from aweber in the coming weeks to have his say on the whole issue. I hope you can tune in.

          Joshua
          The crazy email marketing professor
          Signature
          Blueprint Solutions - Looking For People to Resell our Services, Clients pay double the price to our resellers.
          {{ DiscussionBoard.errors[2750161].message }}
          • Profile picture of the author Shaun OReilly
            Originally Posted by Joshua Bretag View Post

            I also believe that shaun has a great point that aweber should give some reasonable compensation for the damage that has been caused are we going to see this I don't know, but I hope we do for aweber's benefit and the benefit of it's customers.
            Just to clarify...

            I did NOT say that AWeber should give compensation.

            What I did say is that they should pro-actively contact
            the list owners who they know have had their e-mail
            databases compromised - to make them aware of the
            situation.

            (Hardly any of them visit here, use Twitter or read the
            AWeber blog).

            Dedicated to your success,

            Shaun
            Signature

            .

            {{ DiscussionBoard.errors[2750192].message }}
            • Profile picture of the author Joshua Bretag
              Originally Posted by Shaun OReilly View Post

              Just to clarify...

              I did NOT say that AWeber should give compensation.

              What I did say is that they should pro-actively contact
              the list owners who they know have had their e-mail
              databases compromised - to make them aware of the
              situation.

              (Hardly any of them visit here, use Twitter or read the
              AWeber blog).

              Dedicated to your success,

              Shaun
              I apologise Shaun, 1am coffee must not of kicked in yet.
              I agree with that point and also believe that for the
              benefit of the company and it's customers. That aweber
              should give some form of compensation to those that
              have been affected.

              What are your thoughts???

              Josh
              The Email Marketing Professor
              Signature
              Blueprint Solutions - Looking For People to Resell our Services, Clients pay double the price to our resellers.
              {{ DiscussionBoard.errors[2750228].message }}
  • Profile picture of the author lancasterjoeradio
    That's quite hilarious (well, not really!) but I searched for some info pertaining to the use of Aweber, and you just described what I received in the way of email, to a Tee! I just received about 20 of these in the last 24 or 48 hours. The only thing I could think is I just installed a new Microsoft Office 2007, and the Outlook is not yet setup like my old email program with its set of "no-no" words and phrases!

    And yes, I have been using my common email address in Aweber, which I'll change.
    {{ DiscussionBoard.errors[2747290].message }}
    • Profile picture of the author Jeff Henshaw
      I have received substantially more 'watches and Pharma' emails to virtually all of my email addresses over the last week or so, particularly over the last 48 hours. Some were directed to accounts associated with my Aweber account, the majority were not and were received in other of my email accounts.

      I am not suggesting that there is or is not a problem with Aweber, but I do feel that the classic human failure of mass hysteria may be starting to surface in some areas of the thread.

      All problems can be solved and resolved.

      Just my thoughts,

      Jeff.
      {{ DiscussionBoard.errors[2747663].message }}
  • Profile picture of the author Tim Franklin
    Rough situation for everyone, I have had about 10 to 15 offers for nice rolex watches today, anyone want a great deal on a rolex...

    It is frustrating, when your a victim of data that is not in your direct control it is a risk you take when you use a hosted service, still, on the positive side, at least they have posted about the issue, that is at least something...
    Signature
    Software Development | Applications | OSX | iOS | Android | Cloud Software Engineering |
    {{ DiscussionBoard.errors[2747704].message }}
  • I know that many have suggested the same thing, but I use a 'dummy' email acct when I fill out optin forms that I am just 'curious' about. Sometimes, if you sign up to just get the free info,software,or tip you will get emails from that person for a lifetime., and some will email you every 3 days. Now imagine if you filled out a couple of boxes just cause you were curious. I use a secondary email setup and then I can pick and choose what I read and care about. I know that you can also 'unsubscribe' to the emails, but sometimes that gets forgotten.
    Signature

    Solving Multimedia Expectations. AppleCreekMedia

    {{ DiscussionBoard.errors[2748087].message }}
  • Profile picture of the author Steve Sanchez
    I had that same email spamming me also. I also get the Viagra one regularly also. My filter doesn't even seem to block them.

    At least I feel like someone loves me!

    Thanks for the heads up though. I've been too busy to even give it a second thought.
    {{ DiscussionBoard.errors[2748111].message }}
  • Profile picture of the author Coby
    I got the same type email as it seems many others have too. It was def spam. I never realized this was a possibility. However, I was unaware of the previous compromise.
    {{ DiscussionBoard.errors[2748777].message }}
  • Profile picture of the author MichaelHiles
    A lawsuit?

    That's pretty retarded.

    I'm not happy about this either, and I stopped giving my business to them after the last go round. Raising prices, failing to acknowledge and respond to the problem, plus me losing subscribers and getting my azz handed to me because of something far outside of my control... well suffice it to say that it was certainly a customer service issue that bore consequences for them. They failed to even acknowledge that they had put every list owner in a terrible position with their subscribers, and nary a "hey we've got a free month for you" or some effort to provide some sort of gesture.

    So, I voted with my wallet, and I am open about my experience with them.

    But a class action lawsuit? Please.

    If you're itching for a class action lawsuit, do it somewhere productive... like medical healthcare providers and health insurance underwriters for failing to disclose the prices of medical services. Help to change an industry, don't pile on a company just because they've dropped the ball on customer service issues and give some law firm even MORE money to send to the Trial Lawyer's Association.
    {{ DiscussionBoard.errors[2749130].message }}
  • Profile picture of the author Chris Worner
    Out of curiosity Michael what provider/s do you use atm?

    Chris
    Signature

    {{ DiscussionBoard.errors[2749278].message }}
  • Profile picture of the author JamesJeffery
    Oh great! I just started building a nice list, getting about 200 subscribers a day and now due to Aweber's security a chunk of my subscribers will now not trust any emails from me!
    Signature

    I'm just a regular guy doing my thing.

    {{ DiscussionBoard.errors[2749292].message }}
  • Profile picture of the author tacoverhoef
    Does this mean everybody who has a list in Aweber will get infected, I seem to have the same problem since a few day's. Does this also infect my subscribers? Anybody got an idea about that?
    Signature
    The Action Taker
    {{ DiscussionBoard.errors[2749387].message }}
    • Profile picture of the author Shaun OReilly
      Originally Posted by tacoverhoef View Post

      Does this mean everybody who has a list in Aweber will get infected, I seem to have the same problem since a few day's. Does this also infect my subscribers? Anybody got an idea about that?
      I don't know how deep the compromise went - only AWeber
      can answer that for you definitively.

      I don't know if it will affect your specific subscribers either.

      What I do know, is that I joined some people's AWeber-managed
      lists (as recently as the 8th October) and those unique e-mail
      addresses are now receiving the specific spam that I've outlined.

      At least 36 AWeber-managed lists that I'm on were compromised.

      Only AWeber can let you know if your specific e-mail lists and
      subscriber e-mails have been accessed.

      Dedicated to your success,

      Shaun
      Signature

      .

      {{ DiscussionBoard.errors[2749409].message }}
  • Profile picture of the author LB
    Does anyone know if icontact notified their customers directy?

    It does say they went to the FBI.

    If aweber has not contacted law enforcement TWICE now then that is total negligence as far as I'm concerned.

    It's like a bank keeps getting robbed and they never call the cops.
    Signature
    Tired of Article Marketing, Backlink Spamming and Other Crusty Old Traffic Methods?

    Click Here.
    {{ DiscussionBoard.errors[2750212].message }}
    • Profile picture of the author Tim Franklin
      Originally Posted by LB View Post

      Does anyone know if icontact notified their customers directy?

      It does say they went to the FBI.

      If aweber has not contacted law enforcement TWICE now then that is total negligence as far as I'm concerned.

      It's like a bank keeps getting robbed and they never call the cops.
      When I read this I got a real laugh, but you know what, most Law Enforcement Officers, think about this type of issue, when it comes up that if its not reported chances are its an internal issue, (inside job)

      no one wants to have its employees investigated for this type of crime and it is a crime, make no mistake about it,

      but we really dont know what the facts are, and so should not throw rocks in this case we just know that today, I am getting tons of Viagra and other offers, on emails that I only use for internal business, now that is significant, because I use other emails, for opt ins and routine business and expect to get spammed, yes that sadly is part of doing business, but when you have an internal email, that is (not) subscribed to lists but is used as business only contacts, or except as a user account, then that is an entirely different matter, that makes it very inconvenient.

      Because I monitor those accounts every 10 min, for support and sales related activity, or if a client has a server or programming support issue, I do not like receiving spam on that account, because I often tie it to my cell phone so I can support my clients even when I am away from my computer.

      I agree that it is very frustrating, that anyone would not take the necessary steps to preserve a clients privacy, more so when that company makes claims about the services they provide, but I do not think that you should hang them by the nearest tree either.
      Signature
      Software Development | Applications | OSX | iOS | Android | Cloud Software Engineering |
      {{ DiscussionBoard.errors[2750272].message }}
  • Profile picture of the author blindedodin
    I am also receiving the spam in all 8 of my email addresses uniquely generated to individual aweber lists.

    Except for copious misspellings, it was a pretty good ruse by the spammers. the link sent people to an actual site, which, lol has the message:

    "Remember! EFTPS values your privacy and security and will never attempt to contact you via e-mail. If you ever receive an e-mail that claims to be from EFTPS or from a sender you do not recognize that mentions a payment made through EFTPS, forward the e-mail to ** or call the Treasury Inspector General for Tax Administration at 1.800.366.4484."
    Signature

    Boy am I grateful...

    {{ DiscussionBoard.errors[2751056].message }}
  • Profile picture of the author Steve Solem
    What a shame. Having left Aweber after the first breach, I was starting to think about maybe using them again because I generally like the features they offer, and I thought "They've been hit once, what are the odds of this happening again? Surely they've beefed up security after the first breach"

    So much for that theory! I know nobody guarantees anything or takes full responsibility for things like this these days and yeah, companies get hacked all the time...but when your clients and their clients trust you with their personal information, I would think no expense would be spared to safeguard that info.

    Yes, it's great that no credit card or other info was accessed this time and kudos to Aweber for being a little bit more proactive this time around, but after two exploits in a year, I don't think they'll get my business again.
    {{ DiscussionBoard.errors[2751490].message }}
    • Profile picture of the author kindsvater
      I clicked one of the spam to a unique email addresses stolen from Aweber that promptly advertised "male power" with a link to pilldoctorce17.com to see where it would go.

      It appears pilldoctorce17.com was recently registered (registration info oddly not coming up) and the source code shows it is pulling its data from bonvenon.com. The site appears to be a Canadian pharmacy.

      I say "appears" because when you get to an order page the source code has this ironic comment:

      FAKE_FORM

      Suggesting this is really a phishing scheme and not someone trying to sell Viagra or whatever.

      This fake order form is on a domain called payquickonline.com. Again, an odd problem pulling up its registration info.

      The domain registrar is ELB Group at retailstudio.com. Didn't see much on that domain, but the registration comes back for a French company.

      That French company should have some information about who registered the domains that is responsible for the spam and criminal hack of AWeber. Of course, the payment info used could be stolen, but who knows until you actually follow-up and see what is there.
      {{ DiscussionBoard.errors[2755611].message }}
  • Profile picture of the author toppito
    I've also been getting the spam to unique e-mail addresses used exclusively for the lists of Aweber clients. I recall I had to spend hours logging into Cpanel to turn off the hundreds of e-mail addresses I had created when signing up to lists hosted by Aweber.
    {{ DiscussionBoard.errors[2759915].message }}
    • Profile picture of the author A Bary
      Well...in the last 2 days I have been reporting these spam messages to SpamCop.net ..it was a tedious job and it seems useless..however..after 2 days of frustration, it looks like it finally worked.

      Spam volume significantly reduced...few of them still coming....but much less than the whole horrible week.

      What I noticed is that:

      -Most of these spam emails originated from certain countries (Philippines, Brazil, Russia, and France)..

      -The links directing to newly registered domains, obviously registered by specific entities with a clear sole purpose of spamming...and they created them in order:
      pharmacyyg31.com, pharmacyyg32.com....pharmacyyg40.com....pharmacyyg 51.com..and so on..it never ends....this suspicious behavior raises big red flags that this is not just a spam attack, it's an obvious criminal plot...


      Finally, it doesn't seem to be exclusive to Aweber lists, I received these messages on private addresses I NEVER USED to sign up for any kind of list...
      {{ DiscussionBoard.errors[2761764].message }}
  • Profile picture of the author Trent Brownrigg
    I've also noticed an unusual amount of spam over the past few days to at least one of my email addresses that I typically use to sign up for lists. And all of the new spam messages are very similar to each other.

    My subscriber rates have also dropped in the past week or so and I don't see anything that has changed on my end that would explain it. And I use Aweber.
    Signature

    You can find internet marketing strategies, SEO consulting, and tons of business advice at BAM!

    {{ DiscussionBoard.errors[2764357].message }}
  • Profile picture of the author Wolster
    I don't know if they have been got at again Shaun, but thanks for the heads up on using a unique email address for each mailing list.

    Very useful.
    {{ DiscussionBoard.errors[2764649].message }}
    • Profile picture of the author 67-17454
      Thanks for the discussion. I have been looking all over for others who have had this problem.

      I also use unique e-mail accounts for everything I sign up for. It sometimes shows those who promise "we never share" not living up to it and I can always turn off the e-mail address.

      One of the weirder of the spam e-mails I got from this set was an e-mail and the "To:" part had all of my e-mails (and only my e-mails) that had been compromised, so it made it easier to get a complete list. But I sure don't know how they did that. Unfortunately, some of these e-mail addresses I don't want to turn off.

      I do wish that those who have had their lists compromised would send out a "sorry about that" e-mail. Then there would at least be some tiny bit of recognition of the hassle it caused.

      Mark.
      {{ DiscussionBoard.errors[2765153].message }}
      • Profile picture of the author Tim Franklin
        Yes, I agree, you can tell who spams you and who respects you, I do this as well, and you know most of the time, 9 out of 10 respect your privacy, a few dont,


        Originally Posted by 67-17454 View Post

        Thanks for the discussion. I have been looking all over for others who have had this problem.

        I also use unique e-mail accounts for everything I sign up for. It sometimes shows those who promise "we never share" not living up to it and I can always turn off the e-mail address.

        One of the weirder of the spam e-mails I got from this set was an e-mail and the "To:" part had all of my e-mails (and only my e-mails) that had been compromised, so it made it easier to get a complete list. But I sure don't know how they did that. Unfortunately, some of these e-mail addresses I don't want to turn off.

        I do wish that those who have had their lists compromised would send out a "sorry about that" e-mail. Then there would at least be some tiny bit of recognition of the hassle it caused.

        Mark.
        Signature
        Software Development | Applications | OSX | iOS | Android | Cloud Software Engineering |
        {{ DiscussionBoard.errors[2784850].message }}
        • Profile picture of the author BillM
          I have always thought aweber was the best until today when they purposely deleted list I have built for years. When I called in their reason was that if they decide they do not like the programs you're promoting, that they will delete your list and deactivate as well.

          It's sick that a company that has been paid every month for years can cause me hell like this. I am contacting my lawyer in the morning. The owner want to play judge and take the money for years and now screw good customers. I have never had one complaint.
          {{ DiscussionBoard.errors[2785092].message }}
          • Profile picture of the author oneplusone
            Originally Posted by BillM View Post

            I have always thought aweber was the best until today when they purposely deleted list I have built for years. When I called in their reason was that if they decide they do not like the programs you're promoting, that they will delete your list and deactivate as well.

            It's sick that a company that has been paid every month for years can cause me hell like this. I am contacting my lawyer in the morning. The owner want to play judge and take the money for years and now screw good customers. I have never had one complaint.
            Why didn't you backup your list?

            You can export your list(s) at any time.
            Signature
            'If you hear a voice within you say "you cannot paint," then by all means paint and that voice will be silenced.' Vincent Van Gogh.
            {{ DiscussionBoard.errors[2785228].message }}
  • Profile picture of the author Quatrel
    Hotmail is eating 100% of this spam on my side.
    {{ DiscussionBoard.errors[2784729].message }}
  • Profile picture of the author MWGrubb58
    Has anyone noticed whether or not the problem is just with Aweber or with some other providers like Constant Contact, etc.?
    {{ DiscussionBoard.errors[2785248].message }}
    • Profile picture of the author Josh Anderson
      Originally Posted by MWGrubb58 View Post

      Has anyone noticed whether or not the problem is just with Aweber or with some other providers like Constant Contact, etc.?
      iContact also had a breach back in January which was just after the first Aweber breach.
      Signature
      {{ DiscussionBoard.errors[2789383].message }}
      • Profile picture of the author Krieger
        I don't mail very often and would never sell or give away email addresses, so when a subscriber contacted me first, I kind of brushed her off (politely) suggesting that she "lost" her email herself somehow. Then I got another email. And started taking another look. Found this post AWeber Database Hacked, Email Addresses Stolen. Again. | BustSpammers.com and then this thread here.

        Now I feel like a complete ass and can't believe how AWeber is dealing with this.
        Originally Posted by goldliger

        In fact, I think threatening a lawsuit over something Aweber clearly takes very seriously, and takes strong measures to prevent, calls your character into question much more so than theirs.
        I read the whole thread and this has to be the most absurd comment. Sorry, no offense meant, but how in the world can you call it "taking very seriously" when they didn't even feel the need to inform list owners?

        Taking very seriously = a small blog post that quickly gets bumped off the screen by a rapid succession of feel-good fluff stories? (Anyone care about their halloween party?)

        Just read this statement from their blog again:
        Your subscribers trust you with their email address, and trust that you will treat that address and their permission to be emailed with the utmost care. While most of them will not notice any changes to their inboxes as a result of this incident...
        Translation:
        "Subscribers will not find out it was our failure that they're getting spammed to death and so for us, the issue will just fade away. As a business owner you put your own reputation on the line when customers trust you with their email, so we'll let you deal with the PR nightmare."


        And then there's the lucrative affiliate program, of course, that gives people, including lots of "warriors", strong incentive to keep pushing the service and suppress negative info. "Taking very seriously"? Seriously??

        And what about "takes strong measures to prevent"? You mean like last time, when they promised
        "We have taken extra steps beyond fixing the problem to ensure that such a breach cannot occur again."
        yet here we are with the same mess all over again just a few months later. Strong measures, my {behind}!

        I'm done with Aweber. There are other services that are just as good or better, folks: Campaigner, Constant Contact, iContact, Infusionsoft, Mad Mimi, Mail Chimp. And they all have affiliate programs.
        {{ DiscussionBoard.errors[2822712].message }}
  • Profile picture of the author Adam Sussman
    To be compromised once is one of those things, but twice in a year is borderline stupidity.

    What bothers me most is AWebers pathetic response. Not to inform the list owners is cowardly. Their blog post is taking the piss.

    Aweber kindly state on their blog (which very few people read)
    The attackers did not gain access to credit card numbers, customers' email or postal addresses, affiliates' tax IDs nor any other contact information about AWeber customers or affiliates.
    I do believe they should have added "....yet" at the end of the paragraph.

    Adam
    Signature
    "He elicits the same kind of admiration one would feel for a streaker at Queen Victorias funeral."

    {{ DiscussionBoard.errors[2824804].message }}
    • Profile picture of the author Krieger
      Originally Posted by Adam Sussman View Post

      What bothers me most is AWebers pathetic response. Not to inform the list owners is cowardly. Their blog post is taking the piss.
      The attackers did not gain access to credit card numbers, customers’ email or postal addresses, affiliates’ tax IDs nor any other contact information about AWeber customers or affiliates.
      And that's really just scraping the bottom of the barrel anyway to come up with stuff to downplay the severity if this incident. If I was the hacker/spammer I wouldn't give a damn about affiliates’ tax ID either. The email list along with interests (from what they are subscribed to) - THAT'S the gold mine.

      And they got it.
      {{ DiscussionBoard.errors[2826233].message }}
  • Profile picture of the author garyv
    I have about 20 different email addresses dedicated to testing my aweber lists, and then a few more for signing up to other people's lists. I'm now getting spam in those email boxes up the yinyang! Yesterday I sent out a broadcast email to my list. It was the first email I had sent out in over a month. And yet I had a huge chunk of the list unsubscribe because they claim they're receiving too much spam.

    Do I think we should be compensated? - You're damn right! I know that Allen gets annoyed w/ these kind of posts, (Sorry Allen) but we've been paying increasing fees to this company. By the way I still haven't figure out their math - where a person that unsubscribes can be tallied again w/ those that subscribe - but that's a different problem. My lists that I've spent several years building has just lost major credibility. And this gaffe will probably cost me thousands upon thousands of dollars in the future. They should at LEAST offer up a little bit of compensation. Like maybe a few months of free service. That is the LEAST they should do. JMFO!
    {{ DiscussionBoard.errors[2825036].message }}

Trending Topics