EventBrite e-mail addresses compromised?

[security curmudgeon <jericho () attrition org>]

I used EventBrite in October 2010 to purchase an event ticket for a local 
scotch tasting. When creating the account, I used a custom alias specific 
to that site, that is not reasonably guessable (e.g., this was not 
received as a result of brute force). A couple weeks ago, I received a 
single spam/scam to the address (the sanitized mail is below).

I wonder if EventBrite (http://www.eventbrite.com/) has been compromised, 
or their e-mail address leaked via a third party. The nature of the mail 
could be coincidental, but also sign that it is a targeted attack given 
the wording and lack of additional spam to the address.

Anyone heard about this?


--

From: admin () nacha org
To: [custom email address used for 
EventBrite]
Date: Sat, 23 Apr 2011 00:47:55 +0900
Subject: ACH payment canceled

[nacha_logo.gif]

 

The ACH transaction (ID: 2316649336400), recently sent from your bank 
account (by you or any other person), was canceled by the Electronic 
Payments Association.

 


Canceled transfer

Transaction ID:
2316649336400
Reason of rejection
See details in the report below
Transaction Report
report_2316649336400.pdf.exe (self-extracting archive, Adobe PDF)

13450 Sunrise Valley Drive, Suite 100 Herndon, VA 20171 (703) 561-1100

2011 NACHA - The Electronic Payments Association

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/