Possible Email/Data Leak

\tFrom: \tmazammal mahmood <anoptimist_11@hotmail.com>
\tSubject: \tHey 24
\tDate: \tMay 17, 2010 5:07:16 AM EDT
\tTo: \t__f@thisisnotmyrealemail.com
\tReceived: \tfrom col0-omc2-s9.col0.hotmail.com ([65.55.34.83]) by anti-spam.org with MailEnable ESMTP; Mon, 17 May 2010 05:08:15 -0400
\tReceived: \tfrom COL114-W54 ([65.55.34.72]) by col0-omc2-s9.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 17 May 2010 02:07:16 -0700
\tX-Rcpt-To: \t<{removed for posting in this forum}>

Hey: if you need Electronics please contact us.: www : omRcmR . com E-mail: omRcmR @ 188.com
We are an electronic products wholesale .Our products are of high quality and low price. If you want to do business , we can offer you the most reasonable discount to make you get more profits. (www . omrcmr . com) We are expecting for your business.

Hotmail: Free, trusted and rich email service. Get it now.

From: mo alqallaf <??????@hotmail.com>
To: <someone else's AI email address>
Subject: Friend 8
Date: Tue, 18 May 2010 10:57:40 +0000



Hey, friend Looking forward to your contact and long cooperation with us! Our mainly products such the phones, PSP, display TV, notebook, video, computers, Mp4, GPS, xbox 360, digital cameras and so on.Welcome to visit our website! 31Z
If you need electronic products, please contact us: (www : OmrCmr . com E-mail: omRcmR @ 188.com) 76q

Originally Posted by zehspoon

I actually did the same thing with Ameritrade (TDAmeritrade) during the time when their databases were being actively stolen by hackers sending out penny stock scams/spams. I went through 5-7 email addresses, with each successive email address using more random letter/number combinations and increasing length of the email addresses each time.

Their standard corporate reply during this whole mess was that I had a virus, security issues, used the email somewhere else, the email was too easy to guess, etc. I am ***STILL*** waiting for a reply from Ameritrade when I asked them to name **ANY** virus for the Macintosh.

Kim,

It appears that either a hacker has penetrated Ameritrades systems or an Ameritrade employee is selling customer information.

I was directed to e-mail the enclosed spam, with headers, to you. You can see that the spam was sent to {custom address I gave them}. Note the leading underscore. I only gave that address to Ameritrade (I use such addresses to track how companies use my e-mail addresses). The spam is a stock pump-and-dump spam and the only place that the spammer could have gotten the address was from Ameritrade or an Ameritrade employee. Heres why:

• I have given that address to no person or company other than Ameritrade.
• That address is not listed in any online directory.
• I have sent no mail using that as the from: or reply-to: address. In fact, my mail client has never been configured to use that address.
• Mail sent to that address goes to a catch-all address and there is no record of that address on my mail server. Even if someone had broken into my mail server (something which has never happened), they could not have found any record of that address. I control my mail server and it is five feet away from me in my home. No one else has administrator access.
• It wasnt a dictionary attack. My server received a single copy of the pump & dump at the {deleted for privacy} address. Server logs show that no other addresses were tried.
• I have received only one other e-mail at that address. It was from Ameritrade on 9/16/2002 at 11:15PM and was entitled Ameritrade New Features and Commissions. Theoretically, someone at an ISP could have captured the traffic between our servers and harvested the address. But it seems unbelievable that a spammer would have mounted a man-in-the-middle attack to intercept that one message over three years ago and only now sent spam to the address that they captured.

As I own the domain anti-spam.org, Im very familiar with spam and, frankly, stock pump & dump is something that I dont normally see in spam. The person who sent this clearly knew that the e-mail address to which they sent was somehow related to stock trading.

Please know that Im not concerned about the spam itself, but rather that my personal data (and presumably that of other customers) has leaked out of Ameritrade. While I know that most of your customers would just hit the delete key, they typically have one e-mail address for everything and wouldnt recognize where the spammer got the address. So if, as one of you telephone reps suggested, Ameritrade waited for a pattern of complaints, such a pattern of complaints would probably not occur.

I look forward to your reply.

The enclosed e-mails were part of an exchange we had regarding spam e-mail I received on my Ameritrade-only e-mail account in December of 2005.

I was given explanations by you and the Ameritrade tech support staff that insulted my intelligence and technical competence. They included:

The spammer "guessed" the address {deleted for privacy} (in one single guess since no other addresses on my mail server were tried).
My mail server must have been compromised and the spammer got the address from there.
Maybe I gave the address to someone other than Ameritrade and forgot that I had done so.
Maybe I had been sending e-mail from that address and the spammer got it that way.
Maybe I listed it in an online directory and the spammer got it from there.

One of your replies included this gem:

"We have no reason to believe that any of our systems have been compromised. Ameritrade deploys state of the art firewalls, intrusion detection, anti-virus software as well as employs a full time staff of employees dedicated strictly to Information Security and protecting Ameritrade's systems from unauthorized access."

Yes, you did have a reason to believe that your sytsems had been compromised: Because I told you that they had. I provided compelling, almost irrefutable, evidence that the spammers had gotten the e-mail addresses from Ameritrade's systems and that multiple people had been complaining of this happening with accounts that they gave solely to Ameritrade. I talked at length, leaving no doubt as to my technical competence and expertise in this matter. And now, almost two years later, Ameritrade has finally acknowledged and dealt with the information security leak that lead to these e-mails.

I would like to know:

1. What has changed at Ameritrade so that future reports of this nature result in immediate and thorough investigations rather than months (or years) of stonewalling.
2. What punitive actions have been taken against Ameritrade employees responsible for the delays in responding to these complaints.
3. When the independent technical firms were finally hired to look into the problem.
4. How long it took them to discover the source of the leak.
5. Whether Ameritrade has determined the identity of those responsible for installing the software used to obtain the addresses.
6. What, if any, criminal actions have resulted from this process.

I look forward to your reply.

Originally Posted by Buzz Lightyear

I've now received multiple emails from "large wholesale companies" that offer products "from original famous manufacturers with complete warranty".

These emails are sent to an address that is used exclusively for access to the AppleInsider forum and never listed anywhere else.

It sounds like the vBulletin database has been compromised based on the reports in this thread...