Home   Help Search Groups Login Register  
You are not logged in. To get the full experience of these forums, we recommend you log in or register
Plusnet Usergroup » All Users - The Open Forum » Plusnet Network and Technical Issues » Spam being recieved on Private e-mail addy
Pages: 1 ... 4 5 [6] 7 8 ... 20
  Print  
Author Topic: Spam being recieved on Private e-mail addy  (Read 162557 times)
mikeb

Posts: 657


« Reply #75 on: May 14, 2007, 11:54:27 pm »

Hmmmmmmmmmmmm, OK, so I'm now officially annoyed angry

A whole bunch of spam received today much as described in earlier posts (i.e. all related to 'performance' enhancement various) so obviously from the same [Censored]. Grrrrrrrrr. This time I got some to my main e-mail address My_Name@My_PN_Account.plus.com as the first one was but some also to My_PN_Account@My_PN_Account.plus.com  What an absolute b*gger that 7+ years of spam free e-mail has clearly come to a rather abrupt end Sad

There doesn't seem to be any real correlation between them at all. They apparently come from all over the place. France, USA, Far East etc.  I have to say this is pretty much what happened to my F9 account years ago unfortunately - suddenly started getting spam galore to specific addresses for no apparent reason after a long period of none at all.  That account became pretty much totally unusable in a very short space of time as the spam increased exponentially.

Whoever is (hopefully) found responsible for providing my details to the spammers is defo going to need something a whole lot stronger than 'performance' enhancing drugs to cure their problems if I ever get my hands on them ... they'd need to find an organ donor for starters in order to have something to enhance the performance of !!!

Given the fact that this all started using my 'main' named e-mail address and so many other PN users are seeing the same kinda thing, this just has to have been obtained somehow directly via PN - either from the portal forums or even worse still internally.  I just can't see any other possible explanation except perhaps getting it from here somehow.  I can fully understand getting hold of the My_Account bit from any one of various places and then using the Random_Chars or Good_Guess prefix (as has happened to some users before) but to target specific named addresses and virtually no others is highly suspicious of something way more than a bit of good guesswork. 

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
XPC exiled in NZ

Posts: 1382

« Reply #76 on: May 15, 2007, 01:02:56 am »


Given the fact that this all started using my 'main' named e-mail address and so many other PN users are seeing the same kinda thing, this just has to have been obtained somehow directly via PN - either from the portal forums or even worse still internally.  I just can't see any other possible explanation except perhaps getting it from here somehow.  I can fully understand getting hold of the My_Account bit from any one of various places and then using the Random_Chars or Good_Guess prefix (as has happened to some users before) but to target specific named addresses and virtually no others is highly suspicious of something way more than a bit of good guesswork. 

My router log reporting email address was clearly not guessed, as it was too specific. This info can only have come from F9 redirects database, or someone sniffing specific email traffic on it's way in/out of F9. I have never personally sent mail from it or to it. Only my router has sent mail from that address and TO that address, for F9 to redirect on to main account so I receive the router logs & alerts. It has never been listed anywhere or used anywhere or even know about by any other being apart from me... and I ain't told no-one. The router in question is now dead, although it is still in possession, so the email address hasn't been used since last June/July.

The username@username.f9.co.uk emails could have been generated by a scouring forums etc, but clearly my case shows that other tactics were used in this instance (for at least some of the email addresses, and therefore I guess ALL of the others!). This is FAR more serious that that.

There has been a serious breach of security somewhere and I hope F9 get to the bottom of it and quick.

Until I know the hole is closed, then I am losing confidence in F9 to be trusted in the future.



BR_pnug

Posts: 3

« Reply #77 on: May 15, 2007, 01:14:50 am »

Between 7 & 9 ish pm Monday 14th I received another batch of spam delivered to my previously spam-free  (before 13th May that is) mail boxes. Each included a link to http://tekyi.com or http://ourmix.hk. I cannot help thinking that PN data source has been compromised.  I'm not sure what to make of the comment in the PN Service Update "Reports of Spam Email (42837)" at 14/05/2007 @ 19:33 that "We ... are confident that we have resolved this issue and will monitor the situation closely to ensure that the effect is minimised and the issue does not reoccur."   
XPC exiled in NZ

Posts: 1382

« Reply #78 on: May 15, 2007, 01:28:10 am »

I just read that report too. The fact that they are planning to contact all affected users suggests that they know exactly which accounts were compromised! I will wait with interest to see who they contact, and if they get it right!

Clearly they are staying tight-lipped about it until they get further to the bottom of it, but we now have to wait for the next update (they say Friday!)...

I'm not really happy that they aren't saying any more until then, but equally, I understand that they need to sort out the immediate problem first, which obviously means contacting a lot of users to explain the implications!

I just wish they could give us more info, so we can make up our minds whether to trust F9 any further. To me this is a very serious matter, and I need re-assuring or I will be looking for a new provider. A blackout on further news until Friday will only let minds worry and ideas spiral further!

Please give us more of an update before then... to the best of your abilities. I can wait for the full detailed report, I just need the gist of it. (Oh and without SPIN please, just the facts!)

Thanks
mikeb

Posts: 657


« Reply #79 on: May 15, 2007, 03:38:00 am »

Oh b*gger, just read the service.status reports Sad  and not liking the sound of it one little bit either.

Also, just received another batch of spam to My_Name@My_PN_Account.plus.net like the very first one with the attached .gif image for meds Sad  All came into PN at around the same time, just after 02:00

Quote
We are in the process of contacting all affected customers in order to inform them of the incident and of any steps they need to take to ensure that their Internet connections and computers are safe.

Although I welcome the contact (if/when it happens) I particularly don't like the bit in bold because, unless that is just a little @rse protect and/or supposed to be 'comforting' words, it implies to me there is something rather more serious than just e-mail addresses being acquired by a third party. 

I appreciate that the problem is being worked on and it's probably not a simple one but need more info and need it real soon Mr.PN because several more days to find out just how deep the poo is isn't really on - especially if there might be other implications such as passwd or other sensitive data involved or trojan/virus issues.

I've also been having a few other very 'strange' and highly unusual problems just recently and whilst that might be simply co-incidence it's a bit odd that after a good few years of everything hunky-dory it all seems to go t*ts up around the same time.
« Last Edit: May 15, 2007, 03:42:29 am by mikeb »

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
mikeb

Posts: 657


« Reply #80 on: May 15, 2007, 04:15:47 am »

Oh great, the one and only mbox on my PN Account is now apparently getting the d@mn stuff as well angry 

A whole bunch arrived around 18:00 Monday 14th May although none at all on Sunday 13th when I got the first one on my address. I'm *really* sure that my 80 year old mum is going to be well interested in getting lots of this performance enhancement [Censored] ... NOT.  Grrrrrrrrrrrrr.

Also, my F9 account is now getting the stuff along with all the random [Censored] that it gets in any case. So, that means the following addresses have been recently targeted so far:

My_Name@My_PN_Account.plus.com
My_Account@My_PN_Account.plus.com
My_Only_Mailbox@My_PN_Account.plus.com
My_Account@My_F9_Account.force9.co.uk
postmaster@My_F9_Account.force9.co.uk

Interestingly, My_Mailboxes@My_F9_Account.force9.co.uk haven't as yet.

Other specific named addresses  @My_F9_Account.force9.net have been getting spammed silly for years and I would put a quite large sum of money on that being almost exclusively down to much the same reason as for this recent apparent fiasco rather than being down to me being a bit careless with who I gave them to.

Suffice it to say that I'm so not a happy bunny.
« Last Edit: May 15, 2007, 04:42:01 am by mikeb »

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
wildmind
Guest
« Reply #81 on: May 15, 2007, 07:59:33 am »

Great,

My account has started to receive spam as well Sad

P.S. - Can someone from PUG please remove my wildmind@usergroup address as that is now also being spammed Sad

I look forward to reading what has happened and why!
James

Posts: 1010


3567190798

« Reply #82 on: May 15, 2007, 08:14:26 am »

I've added a note to that effect in a thread discussing @usergroup addy's in case it gets missed here Mike.

I'm sure one of the admins will oblige when they are next about.

Best Wishes - James

Tell me and I'll forget; show me and I may remember; involve me and I'll understand. - Chinese Proverb
godsell4

Posts: 397

« Reply #83 on: May 15, 2007, 08:25:37 am »

please remove my wildmind@usergroup address as that is now also being spammed Sad

My theory, based on the patterns of messages I have, is that somebody has sent a message to wildmind@usergroup to you from Webmail, and so it is a valid To: field in a message in the Sent Items folder.

SW.
« Last Edit: May 15, 2007, 09:58:34 am by godsell4 »

BBYW1/10GB
godsell4

Posts: 397

« Reply #84 on: May 15, 2007, 08:33:56 am »


I just can not describe how annoyed I am at this.

We spend good money on domain names and usernames that are far from guessable, it has taken time to get friends/family aware of the need to use certain e-mail adresses for specific tasks, like an addresss that is only ever used for registering for websites and an address for private e-mail.


Of course now, that planning and expense are nullfied because I have sent them all e-mail via Webmail.

If this list has been sold on and we continue to get these messages I am pretty sure my OH will be demanding we leave PN. This time I can only agree with her, the previous problems with lack of bandwidth and the 'email deletion' were not such an issue as this as the ramifications are likely to remain forever if this list was sold/copied.

SW.

BBYW1/10GB
wildmind
Guest
« Reply #85 on: May 15, 2007, 08:35:06 am »

Cheers James!

Must admit that I have used the wildmind@usergroup from webmail as it was the only way to send emails when I used to be working at my old place Wink
The Flying Gribble

Posts: 18

« Reply #86 on: May 15, 2007, 08:47:18 am »

Had about 30 spam emails this morning when I logged in, mostly of the carnal nature.  I use mailwasher to check 4 different PN and free-online mailboxes. All of them have been spammed, going directly to the mailbox address.  I never distribute my PN addresses, since I use my own domain which then gets forwarded to PN.  Definitely come internally from PN.
BR_pnug

Posts: 3

« Reply #87 on: May 15, 2007, 08:54:28 am »

At about 4am 15 May received the last of my 6 PN mailboxes recieved the "ED" spam.  This mailbox has not been used since 2005, possibly longer.  I am now convinced that the PN database HAS been compromised.  I don't mind setting up replacement addresses but what guarantee is there that this will remain secure?Huh
Tam

Posts: 1188


100Mb via Enta.net :D

« Reply #88 on: May 15, 2007, 09:12:11 am »


I just can not describe how annoyed I am at this.

We spend good money on domain names and usernames that are far from guessable, it has taken time to get friends/family aware of the need to use certain e-mail adresses for specific tasks, like an addresss that is only ever used for registering for websites and an address for private e-mail.


Totally agree with that!

Fortunately, it would appear I may have only used web-mail once, therefore only 1 of my addresses have been compromised from my own personal domain (used for PN to contact me).

Therefore - this is now black holed meaning the spam and PlusNet cannot use it any more... (I can only see that as a good thing TBH!). grin

Oldjim

Posts: 1016

« Reply #89 on: May 15, 2007, 09:23:58 am »

Question on the extent of the leak.
Just checked with my daughter and not only is she receiving these to both her PlusNet addresses but also her works address starting at the same time.. The only connection between the two is that mails have been sent to it from PlusNet possibly by webmail.
Pages: 1 ... 4 5 [6] 7 8 ... 20
  Print  
 
Jump to: