Possible Email/Data Leak
I am using a tagged email address for my appleinsider subscription and just received spam to the email address given to apple insider. It was highly targeted with trying to sell electronics, including apple computers. See text below:
Honorable sir or ms: if you need Electronics please contact us: {www : omRcmR . com E-mail: OMRCMR @ 188.com} 882
now i introduce a good site to you. A week ago, I bought this site Apple laptops,. Amazing, it's genuine and new and as good as expected,but the price much lower .They also run mobile phones, television sets, Camera and so on. 87A
Looking forward to your contact and long cooperation with us! 9U
The spam was sent from a hotmail account out of china- X-Originating-IP: [115.49.95.119]
You might want to check your logs for any breaches.
Honorable sir or ms: if you need Electronics please contact us: {www : omRcmR . com E-mail: OMRCMR @ 188.com} 882
now i introduce a good site to you. A week ago, I bought this site Apple laptops,. Amazing, it's genuine and new and as good as expected,but the price much lower .They also run mobile phones, television sets, Camera and so on. 87A
Looking forward to your contact and long cooperation with us! 9U
The spam was sent from a hotmail account out of china- X-Originating-IP: [115.49.95.119]
You might want to check your logs for any breaches.
Comments
\tFrom: \tmazammal mahmood <anoptimist_11@hotmail.com>
\tSubject: \tHey 24
\tDate: \tMay 17, 2010 5:07:16 AM EDT
\tTo: \t__f@thisisnotmyrealemail.com
\tReceived: \tfrom col0-omc2-s9.col0.hotmail.com ([65.55.34.83]) by anti-spam.org with MailEnable ESMTP; Mon, 17 May 2010 05:08:15 -0400
\tReceived: \tfrom COL114-W54 ([65.55.34.72]) by col0-omc2-s9.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 17 May 2010 02:07:16 -0700
\tX-Rcpt-To: \t<{removed for posting in this forum}>
Hey: if you need Electronics please contact us.: www : omRcmR . com E-mail: omRcmR @ 188.com
We are an electronic products wholesale .Our products are of high quality and low price. If you want to do business , we can offer you the most reasonable discount to make you get more profits. (www . omrcmr . com) We are expecting for your business.
Hotmail: Free, trusted and rich email service. Get it now.
E-mail to abuse@appleinsider.com bounces because they have no abuse address as is required. The e-mail that I sent to the various published appleinsider.com contact addresses has not been answered.
i use a unique-to-ai email address for ai related stuff. quite literally the only place that email address has been disclosed is to ai, and you'd have to be darn good guesser to figure out my email address naming scheme.
yesterday i received the aforementioned email regarding electronics.
this morning i received something along the lines of
From: mo alqallaf <??????@hotmail.com>
To: <someone else's AI email address>
Subject: Friend 8
Date: Tue, 18 May 2010 10:57:40 +0000
Hey, friend Looking forward to your contact and long cooperation with us! Our mainly products such the phones, PSP, display TV, notebook, video, computers, Mp4, GPS, xbox 360, digital cameras and so on.Welcome to visit our website! 31Z
If you need electronic products, please contact us: (www : OmrCmr . com E-mail: omRcmR @ 188.com) 76q
sucks.
http://www.rfc-ignorant.org/tools/lo...pleinsider.com
appleinsider.com is legally obligated to inform consumers about this leak and breach of the published privacy policy. Failure to do so can lead to significant fines.
P.S. Changing the e-mail address doesn't stop spammers from hammering my domain trying to send to the address that I gave appleinsider.com.
You have received a new private message at AppleInsider from pavelalexandruciprian, entitled "CHECK OUT THIS LEGIT FAKE ID SITE I JUST FOUND!".
To read the original version, respond to, or delete this message, you must log in here:
http://forums.appleinsider.com/private.php
This is the message that was sent:
***************
http://www.idchief.com I got my card in 6 days lol
***************
Again, please do not reply to this email. You must go to the following page to reply to this private message:
http://forums.appleinsider.com/private.php
All the best,
AppleInsider
Maybe it's related?
P.S. Changing the e-mail address doesn't stop spammers from hammering my domain trying to send to the address that I gave appleinsider.com.
I realize what you are saying. I use the email for my own internal blocking and tuning of my spamassassin setup.
I actually changed the email address on purpose to see if their database is actively being stolen or if it was a one-off event.
I actually did the same thing with Ameritrade (TDAmeritrade) during the time when their databases were being actively stolen by hackers sending out penny stock scams/spams. I went through 5-7 email addresses, with each successive email address using more random letter/number combinations and increasing length of the email addresses each time.
Their standard corporate reply during this whole mess was that I had a virus, security issues, used the email somewhere else, the email was too easy to guess, etc. I am ***STILL*** waiting for a reply from Ameritrade when I asked them to name **ANY** virus for the Macintosh.
It finally took a class action lawsuit filed in California to get Ameritrade to 'own up' to their data loss. I received 12 months of identity theft 'service' and 100 free trades. Ameritrade waited up to a day before the lawsuit was to be heard in court to put out a press release.
I actually did the same thing with Ameritrade (TDAmeritrade) during the time when their databases were being actively stolen by hackers sending out penny stock scams/spams. I went through 5-7 email addresses, with each successive email address using more random letter/number combinations and increasing length of the email addresses each time.
Their standard corporate reply during this whole mess was that I had a virus, security issues, used the email somewhere else, the email was too easy to guess, etc. I am ***STILL*** waiting for a reply from Ameritrade when I asked them to name **ANY** virus for the Macintosh.
I was one of the very first people to report this issue to Ameritrade and I got the same runaround. I badgered them for almost two years. Yes, I really am that much of an ***hole when I'm lied to. Here's what I sent to them in December of 2005:
Kim,
It appears that either a hacker has penetrated Ameritrade?s systems or an Ameritrade employee is selling customer information.
I was directed to e-mail the enclosed spam, with headers, to you. You can see that the spam was sent to {custom address I gave them}. Note the leading underscore. I only gave that address to Ameritrade (I use such addresses to track how companies use my e-mail addresses). The spam is a stock pump-and-dump spam and the only place that the spammer could have gotten the address was from Ameritrade or an Ameritrade employee. Here?s why:
- I have given that address to no person or company other than Ameritrade.
- That address is not listed in any online directory.
- I have sent no mail using that as the ?from:? or ?reply-to:? address. In fact, my mail client has never been configured to use that address.
- Mail sent to that address goes to a ?catch-all? address and there is no record of that address on my mail server. Even if someone had broken into my mail server (something which has never happened), they could not have found any record of that address. I control my mail server and it is five feet away from me in my home. No one else has administrator access.
- It wasn?t a dictionary attack. My server received a single copy of the pump & dump at the ?{deleted for privacy}? address. Server logs show that no other addresses were tried.
- I have received only one other e-mail at that address. It was from Ameritrade on 9/16/2002 at 11:15PM and was entitled ?Ameritrade New Features and Commissions.? Theoretically, someone at an ISP could have captured the traffic between our servers and harvested the address. But it seems unbelievable that a spammer would have mounted a man-in-the-middle attack to intercept that one message over three years ago and only now sent spam to the address that they captured.
As I own the domain anti-spam.org, I?m very familiar with spam and, frankly, stock pump & dump is something that I don?t normally see in spam. The person who sent this clearly knew that the e-mail address to which they sent was somehow related to stock trading.Please know that I?m not concerned about the spam itself, but rather that my personal data (and presumably that of other customers) has leaked out of Ameritrade. While I know that most of your customers would just hit the delete key, they typically have one e-mail address for everything and wouldn?t recognize where the spammer got the address. So if, as one of you telephone reps suggested, Ameritrade waited for a pattern of complaints, such a pattern of complaints would probably not occur.
I look forward to your reply.
I got the runaround for almost two years before they admitted that there had been a leak. So I sent the following:
The enclosed e-mails were part of an exchange we had regarding spam e-mail I received on my Ameritrade-only e-mail account in December of 2005.
I was given explanations by you and the Ameritrade tech support staff that insulted my intelligence and technical competence. They included:
The spammer "guessed" the address {deleted for privacy} (in one single guess since no other addresses on my mail server were tried).
My mail server must have been compromised and the spammer got the address from there.
Maybe I gave the address to someone other than Ameritrade and forgot that I had done so.
Maybe I had been sending e-mail from that address and the spammer got it that way.
Maybe I listed it in an online directory and the spammer got it from there.
One of your replies included this gem:
"We have no reason to believe that any of our systems have been compromised. Ameritrade deploys state of the art firewalls, intrusion detection, anti-virus software as well as employs a full time staff of employees dedicated strictly to Information Security and protecting Ameritrade's systems from unauthorized access."
Yes, you did have a reason to believe that your sytsems had been compromised: Because I told you that they had. I provided compelling, almost irrefutable, evidence that the spammers had gotten the e-mail addresses from Ameritrade's systems and that multiple people had been complaining of this happening with accounts that they gave solely to Ameritrade. I talked at length, leaving no doubt as to my technical competence and expertise in this matter. And now, almost two years later, Ameritrade has finally acknowledged and dealt with the information security leak that lead to these e-mails.
I would like to know:
1. What has changed at Ameritrade so that future reports of this nature result in immediate and thorough investigations rather than months (or years) of stonewalling.
2. What punitive actions have been taken against Ameritrade employees responsible for the delays in responding to these complaints.
3. When the independent technical firms were finally hired to look into the problem.
4. How long it took them to discover the source of the leak.
5. Whether Ameritrade has determined the identity of those responsible for installing the software used to obtain the addresses.
6. What, if any, criminal actions have resulted from this process.
I look forward to your reply.
Hopefully, AppleInsider.com will respond to these concerns in a more satisfactory manner than did Ameritrade. If not, I have time.
I've now received multiple emails from "large wholesale companies" that offer products "from original famous manufacturers with complete warranty".
These emails are sent to an address that is used exclusively for access to the AppleInsider forum and never listed anywhere else.
It sounds like the vBulletin database has been compromised based on the reports in this thread...
I've now received multiple emails from "large wholesale companies" that offer products "from original famous manufacturers with complete warranty".
Same here, e.g. this rubbish arrived yesterday:
Hey, friend: Looking forward to your contact and long cooperation with us! Our mainly products such the phones, PSP, display TV, notebook, video, computers, Mp4, GPS, xbox 360, digital cameras and so on.Welcome to visit our website!
514T www : kimbor . com E-mail: kimbor @ 188.com
These emails are sent to an address that is used exclusively for access to the AppleInsider forum and never listed anywhere else.
Same here. I've changed it this morning.
It sounds like the vBulletin database has been compromised based on the reports in this thread...
Reminds me of the recent Ars Technica incident, which their staff posted about in:
Phishing attempts to private email addresses (Update: Social Strata server hacked)
? and also mailed an explanation.
So, where's AppleInsider's comparable public statement??
is a complete scam a complete fraud. I purchased a mixer for 70 EURO and sent them bank transfer. They said they shipped it. When I asked for receipt I was told that shipment had been blocked by China customs and that I had to pay an additional 40 EURO or buy two more items. They refuse to refund payment or ship the item.
STAY AWAY FROM THEM - YOU WILL LOSE ANY MONEY YOU SEND THEM
Please don't take this wrong, but I would never buy from anyone who spams me or anyone who spams a stolen email address.