BreachExchange mailing list archives
New (or old) e-mail provider breach?
From: security curmudgeon <jericho () attrition org>
Date: Thu, 18 Aug 2011 00:27:21 -0500 (CDT)
While clearing out my spam folder and quickly verifying mail didn't land there on accident, I noticed a very odd pattern of spam. Spam from the same "Max Gentleman" advertising a site on a Russian domain, sent to a wide variety of unique e-mail addresses that should not receive spam at all. For many services or sites, I sign up using a unique alias that helps track down if the address is leaked or sold. In this case, I noticed several. A few facts about what I saw to hopefully help someone figure out where the leak originated, and if it involves Epsilon or a similar provider. 1. The spam hit all the usual suspects; jericho@, errata@ and other addresses we still have on our web pages (standard harvesting). 2. Spam to an alias set up for Tastes Wine Bar in Denver, CO. This is the second alias specified to them that received spam, so I know they have had their addresses leaked before. The spam was the same as the rest, but included more addresses this time. (Previous mail to them asking went unanswered, I have stopped frequenting their Uptown location and it has since shut down.) 3. My address used for Event Brite registration, which has received spam before. I posted to the list regarding this: http://lists.osvdb.org/pipermail/dataloss/2011-May/002850.html Note that on the previous time, I received spam to the Event Brite address, but not an alias I set up on the Scotch site. This time, I got it to both; Event Brite *and* Macallan (celebratethemacallan.com). 4. The most disturbing one, I receved the same spam to an alias I set up for a one time purchase on order.store.yahoo.net. All of the spam came in within 4 days of each other. To me, that suggests that one provider that handles e-mail services for all four (Tastes, Event Brite, Macallan and Yahoo) was compromised. As I mentioned, this could be fallout from Epsilon, but their name hasn't come up for me lately and I figure it would if there was an uptick in spam volume related to those addresses. Anyone else receive spam such as this, to unique aliases? Jericho _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- New (or old) e-mail provider breach? security curmudgeon (Aug 17)