24 {{ upvoteCount | shortNum }}
24 {{ upvoteCount | shortNum }}

Another large ESP cracked - watch for phishes, folks

by Paul Myers
18 replies
And the train just keeps on rolling.

Epsilon, one of (if not the) largest email service providers in the world has been cracked, resulting in the loss of customer email addresses (and in some cases, other data) for a lot of very large clients.

Affected companies are known to include LL Bean, Disney Destinations, Hilton Honors, Ameriprise, AbeBooks, Brookstone, Kroger's, Home Shopping Network, JP Morgan Chase, US Bank, Best Buy, ad nauseam. With over 2700 customers, the number could get quite large before the accounting is over.

Watch out for phishes and other spam to tagged addresses you gave to banks and other large companies, folks. Spams for fake Adobe and Skype software seem to be especially common.

For more details, Google: Epsilon data breach


Paul
#cracked #esp #folks #large #phishes #watch
  • Profile picture of the author thebitbotdotcom
    Wow. Email terrorism continues to reign...
    Signature
    Do Your Copywriting Skills Suck?

    Let Us Help You Develop Your Writing Skills!

    Submit Guest Posts With [ TheBitBot.Com ]
    {{ DiscussionBoard.errors[3647299].message }}
    • Profile picture of the author Steven Wagenheim
      As if I didn't have enough to worry about today.

      Thank you Paul for making us aware of this.

      Now if only someone would put these *******s away for life.
      Signature
      {{ DiscussionBoard.errors[3647308].message }}
  • Profile picture of the author developyourlife
    wow that's insane. hopefully they get everything sorted out soon.
    Signature
    Self Help Articles - Develop Your Life
    How to Forget your Ex
    How to Make Your Voice Deeper
    {{ DiscussionBoard.errors[3647317].message }}
  • Profile picture of the author Dan C. Rinnert
    You know, I think we're going to have to come full circle on eMail marketing.

    It used to be that you managed your own lists on your own server from your own website.

    Then spammers abused the system, and the industry gravitated toward eMail management services, who made arrangements with ISPs that eMail coming from them would be delivered, because they would assure them of permission-based marketing.

    Well, that hasn't made a dent in spam, but it has given hackers bigger targets to go after. Instead of targeting hundreds or thousands of individual websites, they can go after the big eMail management services, and, if successful, get the subscriber lists of dozens or hundreds of individual companies.

    So, maybe we'll have to revert back to the old days, for security purposes, and manage our own lists on our own servers.
    Signature

    Dan's content is irregularly read by handfuls of people. Join the elite few by reading his blog: dcrBlogs.com, following him on Twitter: dcrTweets.com or reading his fiction: dcrWrites.com but NOT by Clicking Here!

    Dan also writes content for hire, but you can't afford him anyway.
    {{ DiscussionBoard.errors[3647543].message }}
    • Profile picture of the author Paul Myers
      Dan,
      So, maybe we'll have to revert back to the old days, for security purposes, and manage our own lists on our own servers.
      That would take some big changes to the reputation systems the ISPs use to determine what gets blocked and what goes in the spam/bulk folder. Given the way spammers would be all over it if they made those changes, I don't see it happening any time soon.

      It's already possible to do that right, but you need to be really on top of your list hygiene and the rest. It's not something amateurs really want to mess with at the moment.


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[3650421].message }}
  • Profile picture of the author bobsstuff
    AND I got a notice from my bank saying they had been hacked-- or their email contractor had. I changed my email address. I guess it is about time I changed my password also.
    Signature
    Bob Hale
    {{ DiscussionBoard.errors[3651583].message }}
  • Profile picture of the author GarrieWilson
    Wonders if this is why I got about 20 DHL virus emails this am...

    With Amazons new mailing system, it might be smart for large companies as they would hold the data and not the ESP. Plus Amazon will work on the hard part - delivery.

    -g
    Signature
    Screw You, NameCheap!
    $1 Off NameSilo Domain Coupons:
    SAVEABUCKDOMAINS & DOLLARDOMAINSAVINGS
    {{ DiscussionBoard.errors[3651671].message }}
    • Profile picture of the author Alan Petersen
      I've received four notifications so far from big companies about the breach. Here is what I received from Best Buy:



      Interesting that they offer a link to their recommended six steps to keep your data safe when it's their 3rd party vendor that caused the issue.
      Signature
      {{ DiscussionBoard.errors[3651802].message }}
      • Profile picture of the author Tina Golden
        Add Chase Bank and Walgreen's to the list of databases that were breached. Both emails said the same thing, that it was only the emails that were compromised, not financial details.

        I don't think the DHL thing is connected - I've been getting those by the dozens since before news of this breach and on emails that have never been used with any companies like that.
        Signature
        Discover how to have fabulous, engaging content with
        Fast & Easy Content Creation
        ***Especially if you don't have enough time, money, or just plain HATE writing***
        {{ DiscussionBoard.errors[3652823].message }}
        • Profile picture of the author King Louie
          I have received several e-mails from DHL and Fedex recently. It's 100% spam but anyone would have fallen for these e-mails as they look legit (coming from dhl.com and fedex.com).
          {{ DiscussionBoard.errors[3653028].message }}
          • Profile picture of the author Richard Van
            Originally Posted by Content Winner View Post

            I have received several e-mails from DHL and Fedex recently. It's 100% spam but anyone would have fallen for these e-mails as they look legit (coming from dhl.com and fedex.com).
            In my office I get up to 10 spam dhl.com emails a day.

            I don't fall for them for a couple of reasons.

            One is the jdbfysc@ or some other random string of irrelevant letters and numbers before the @dhl.com, that changes everytime they send it and looks exactly like spam.

            Another reason is I haven't ordered anything to be delivered, especially not 10 times a day.

            Finally the numbskulls are so stupid they've yet to come up with a way of creating a new email, rather than sending me exactly the same one each time, or even an ingenious email address, like bob@ or deliveries@, I guess that would involve thinking though.
            Signature

            Wibble, bark, my old man's a mushroom etc...

            {{ DiscussionBoard.errors[3653072].message }}
      • Profile picture of the author Diane S
        Originally Posted by Alan Petersen View Post

        Interesting that they offer a link to their recommended six steps to keep your data safe when it's their 3rd party vendor that caused the issue.
        Ignorant is more like it... and that keeps many customers ignorant, as well.
        Signature
        KimW still needs our help DONATE DIRECTLY
        My First Kindle Book: Ten Days in the Land of Smile
        {{ DiscussionBoard.errors[3653301].message }}
  • Profile picture of the author Brian Alaway
    Most of these corporations simply don't want to spend the time or money on prevention. They operate mostly in reactive mode.

    One thing you can do to limit the damage is to employ one off email addresses.
    I've been telling my Facebook friends to do this for a while.
    Get a fresh email address, use it for your Facebook contact email and absolutely don't use it for anything else. Make sure you set Privacy to Custom>Only Me.
    You'll be able to spot those bogus FB notifications immediately by just noting the "To" email address.
    I do this on other accounts as well and also change the password and log on user id frequently.
    It's a hassle but worth it since we're pretty much at the mercy of these third parties.
    Signature
    How to Configure Secure FTP
    {{ DiscussionBoard.errors[3653432].message }}
  • Profile picture of the author kevinw1
    Air Miles in Canada too - I just got a notification from them this morning.
    {{ DiscussionBoard.errors[3654478].message }}
    • Profile picture of the author Paul Myers
      Homes,
      Shouldn't data security be Epsilsons and similar firms number 1 skill?
      Anything can be hacked, cracked, stolen, or socially engineered.

      I think the big problem is that people want things to be easy to use, and they're not willing to take the extra steps needed to go with a more secure system. That's hard to understand when you're talking about banks and retail giants.

      Alan,
      And the law suites will fly.
      Probably, but how many will be won? Against which companies? And on what grounds?

      Those addresses and the nature of their relationships with the various companies involved are out there for good now. There will probably be no way to tie the people who spam them to the ones who stole them.


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[3654900].message }}
      • Profile picture of the author thriftgirl62
        Alan,Probably, but how many will be won? Against which companies? And on what grounds?

        Those addresses and the nature of their relationships with the various companies involved are out there for good now. There will probably be no way to tie the people who spam them to the ones who stole them.

        Paul
        Lawsuits slowly climb up the ladder until they finally get to the top or run out of money. Some just give up after several months, sometimes years of red tape. The parent company Alliance Data of Dallas will have to clean up Epsilon's mess. Did you know they send out 40 BILLION emails every year?

        There must be someone out there suing for allowing hackers to break in. Maybe they'll sue the database software developer for negligence. Who knows but I wouldn't be surprised. Attorney's who take these kinds of cases figuring they'll get a settlement just for filing a few papers should be disbarred.

        Manufacturers get sued daily! Question: If you drop a gallon of Acid Based Wheel Brightener and the bottle breaks and splashes enough to get your sock wet, what do you do? [Go in your house, change your socks.]

        Wrong answer. Get in your truck and run your sales route for the day. Ignore any irritation after a couple of hours go by. Keep working all day. What happens? Get home and low and behold, the top of his foot is missing. Acid ate most of his foot for lunch.

        Guess who gets sued? The Manufacturer of both the Bottle and the Acid Wheel Cleaner. The guys wife had recently moved out, separated. She decided to move back in and sue for loss of love and companionship with her beloved husband during his hospital stay and recovery period. Took about 2 years before the insurance finally settled for somewhere in the lower 5 figures.
        Signature

        I retired in 2005 at 43 and now I give away websites like these for FREE [hosting excluded]

        When you make at least $100+ per month, we split the profit 80/20 and YOU get the 80% Until then, you keep 100% and I'll help you drive traffic, get backlinks and put the domain in your name too!
        {{ DiscussionBoard.errors[4061574].message }}

Trending Topics