I have received four emails in the last 24 hours from legitimate businesses (Tivo, Best Buy, Ameriprise) saying their "third party" company that sends emails to their customers was hacked and my name and/or email addresses have been "exposed". They suggest I be on the lookout for phishing attacks in the near future.

Damn thieves!

This is why I've created several email addresses, but it is still a pain in the ass.

Sounds like a major attack was successful, so just putting it out there for the rest of you to be careful. Double-check or just delete any suspicious looking emails asking for your specific information.

Well, these business shouldn't be trusting some third-party with that data. Even worse, these businesses then have the third-party e-mail folks send out surveys that, since they come from a third-party and not the original business, look like phishing attempts, so they never get my data from the survey.

My guess is, since this comes from the marketing side of business that has no real security experience or seemingly even a real care for it, was it didn't take much of an attack to get this stuff.

Here's the story:

US banks, companies issue warning after email hack

Computer hackers gained access to the email addresses of customers of several large US banks and other companies in a potentially huge data breach at US online marketing firm Epsilon.

Banking firms Citigroup, JPMorgan Chase and Capital One, retailers Best Buy and Kroger and home entertainment provider TiVo were among those informed by Epsilon that some customer email addresses had been compromised.

Epsilon, a marketing vendor used by 2,500 companies around the world to send more than 40 billion emails a year, said the hackers obtained email addresses and customer names but no other information.

"A subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system," the company said in a brief statement.

"The information that was obtained was limited to email addresses and/or customer names only," it said. "A rigorous assessment determined that no other personal identifiable information associated with those names was at risk."

Epsilon said it detected the breach on March 30 and that an investigation is underway.

Citi said it had been notified by Epsilon that "the information that was obtained was limited to the names and/or e-mail addresses of some customers of Citi's North American credit card businesses, and no account information or other information was compromised."

Capital One also said it had been told the compromised files did not include any personally identifiable or customer financial information.

JPMorgan Chase said it had been "advised by Epsilon that the files that were accessed did not include any customer financial information, but are actively investigating to confirm this."

Online travel site TripAdvisor said last month that hackers stole a portion of its email list of its members.

Well, these business shouldn't be trusting some third-party with that data.

You have just described the whole principle behind "Cloud Computing" which is being pushed as the next major evolution of computing. Soon everybody will be trusting everybody with crucial data, and it will be placed on servers by companies that provide the cheapest storage option (i.e. easist to hack).

This is the future, data security is a thing of the past with the Cloud......so everytime you see one of those Windows adverts saying "Lets go to the Cloud" feel free to cringe just like I do. :banghead:

Disney too. I got that email a couple days ago.

You have just described the whole principle behind "Cloud Computing" which is being pushed as the next major evolution of computing. Soon everybody will be trusting everybody with crucial data, and it will be placed on servers by companies that provide the cheapest storage option (i.e. easist to hack).

This is the future, data security is a thing of the past with the Cloud......so everytime you see one of those Windows adverts saying "Lets go to the Cloud" feel free to cringe just like I do. :banghead:

Cloud computing is like trusting sticks of dynamite with children.

Cloud computing is like trusting sticks of dynamite with children.

+1, you would think given the liability and potential cost to providing their customers that may have been hacked with free security/fraud detection services, which a lot of companies are doing would make them realize this is a bad business model.

On a funny note, I received an email from "Cox" indicating they were cleaning up inactive accounts and needed my information or they would close down my account. For comedy purposes I have copied and post the gem below. If you did look past the atrocious grammer, right clicking properties over "Cox" in the from field reveals a personal cox.net email address. Despite my temptation to fuck with this genius, I forwarded to the department at Cox that investigates phishing.

Would this fool anyone?


From: "Cox" <[email protected]>
Sent: Saturday, April 02, 2011 3:48 AM
Subject: Attention


We are bringing to your notice that our customer service will be damaging
down some email users in our database,due to the high number of different
emails that has been violated by our email policy, terms and conditions

Provide us with the below info :

Username:

Password:

Birth date:


Account owner that refuses to maintain his or her account after 3-4 working
days of this notification will lose account permanently from our site.

© 1998-2011
Cox Communications, Inc.

Looks legit to me.

US Bank & Home Shopping Network emails this morning, along with the one from Disney

Looks legit to me.

I don't know. If it was legit it'd be asking for a social as well.

definitely legit. see that symbol at the bottom? that's a copyright symbol.

That's what almost got me, cause I don't have on on my keyboard ;)

I don't know. If it was legit it'd be asking for a social as well.

Ah, that is true. Maybe they already have that info?

It's legit because they didn't ask for your Social Security Number. You should give it too them just in case.

Here's a longer list of the companies involved, fwiw

Among the affected companies are banks such as Capital One Financial Corp., Barclays Bank, U.S. Bancorp and Citigroup Inc., JPMorgan Chase & Co., and retailers including Best Buy Co., TiVo Inc., Walgreen Co. and Kroger Co.

The College Board, the not-for-profit organization that runs the SATs, also warned that a hacker may have obtained student email addresses.

Walt Disney Co.'s travel subsidiary, Disney Destinations, sent emails warning customers on Sunday.

It's amazing how often those things do fool people.

It's amazing how often those things do fool people.

I look at it as a form of internet Darwinism. If you aren't smart enough to realize that email from mrstephensmith @ yahoo.com isn't really from a displaced Nigerian prince, you probably don't deserve nice things like a computer and a bank account.

I look at it as a form of internet Darwinism.

In the case of most of the bank phishing emails though, the average user doesn't even realize that you can mouse over the link & have the address revealed.

It's legit because they didn't ask for your Social Security Number. You should give it too them just in case.

Even better, I emailed him the Social Security number of the CEO of Lifelock.

I always wondered why Nigerians live in shacks and in poverty when there's untold millions (possibly billions) sitting in their banks. Then I finally realized that is because they just can't access that money and need our help.

If you e-mail me your credit card #, I can investigate that Cox thing for you.

If you e-mail me your credit card #, I can investigate that Cox thing for you.

I can, but right now my credit card is being held as inheritance tax collateral on a 2 million dollar inheritance I have in a trust. If you can send me $5000.00 I can pay the inheritance tax, then I will send you my credit card number and $7500.00 for your troubles.

You ever have an email address get spoofed/hijacked and then get Viagra spam from yourself? Good times.

You ever have an email address get spoofed/hijacked and then get Viagra spam from yourself? Good times.

yep, but I want to know why I was only offering myself discounts between 50% and 75% - I should have got at least a 90% discount selling to myself :D

You have just described the whole principle behind "Cloud Computing" which is being pushed as the next major evolution of computing. Soon everybody will be trusting everybody with crucial data, and it will be placed on servers by companies that provide the cheapest storage option (i.e. easist to hack).

This is the future, data security is a thing of the past with the Cloud......so everytime you see one of those Windows adverts saying "Lets go to the Cloud" feel free to cringe just like I do. :banghead:

+a giant effing one

SI

I got the Epsilon warning because I had bought from Best Buy. The same day, my WoW account gets hacked for the first time since launch. Joy.

The guy apparently created a new character on a different server, spammed people and got the account locked up for 3 hours. I got the email and reset my account instantly. He didn't steal anything on the account at all.

You have just described the whole principle behind "Cloud Computing" which is being pushed as the next major evolution of computing. Soon everybody will be trusting everybody with crucial data, and it will be placed on servers by companies that provide the cheapest storage option (i.e. easist to hack).

This is the future, data security is a thing of the past with the Cloud......so everytime you see one of those Windows adverts saying "Lets go to the Cloud" feel free to cringe just like I do. :banghead:

Not necessarily. Most of the time the data would/should be kept private - outsourcing usernames, passwords, etc., is a major no-no and would be kept on premises and this would only be a concern if the cloud was public (like Amazon, or some other service provider). Many companies are keeping their clouds private for this very reason.

Also, that whole Microsoft "cloud" thing really isn't a cloud at all. Azure is - but the commercial they show of the couple in the airport is really ridiculous. It's just Microsoft trying to be the first one out there with this message to the public.

definitely legit. see that symbol at the bottom? that's a copyright symbol.

This post is pure gold

I've gotten 4 of these emails so far.

My wife's email was hacked last week, and I kept telling her not to use the same password for everything. Did she listen?




Nope.


:banghead: