database exposed? (email, click, online, password) - Internet - - City-Data Forum

fuzzymystic · 04-04-2011, 04:51 PM

Beginning Friday, I have gotten 3 emails from different companies giving versions of the same message, as follows:

their data system was exposed to unauthorized entry

the data base with our customers' names and email addresses has been breached by someone outside of the company.

Yesterday, we were informed by our email service provider that your
email address was exposed by unauthorized entry into their system.

Has anyone else had this happen? This seems very odd to me, but they tell me that no vital information was accessed. I am a little spooked though.

NMNan · 04-04-2011, 05:04 PM

Yes, I got one the other day from one of the online book merchant membership sites. It looked legit, but I did not click on any links or download any images (just to be sure).
Here is a copy of the text

Quote:

Epsilon Informs AbeBooks of E-mail Database Breach

We have been informed by Epsilon, a third-party vendor we use to send e-mails, that an unauthorized person outside their company accessed files that included e-mail addresses of some AbeBooks customers. Epsilon has advised us that the files that were accessed did not include any customer information other than email addresses.

As a reminder, AbeBooks will never ask customers for personal or account information in an e-mail. Please exercise caution if you get any emails that ask for personal information or direct you to a site where you are asked to provide personal information.

Did yours mention Epsilon?

fuzzymystic · 04-04-2011, 05:22 PM

Yes, one did.

PacificFlights · 04-04-2011, 05:27 PM

It's on the news and its legit. Many companies used this same company that sends out their email marketing and that was hacked so all the names and emails may have been stolen. Its only names and emails, no other information.

Macrina · 04-04-2011, 05:36 PM

This is just one of many news item about this latest breach of information:
Marriott, Hilton Hit by Breach to Client E-mail Information - Bloomberg

NHDave · 04-04-2011, 06:27 PM

Quote:

Originally Posted by PacificFlights

Its only names and emails, no other information.

At least that's currently all they're admitting to

Bo · 04-04-2011, 07:58 PM

The important thing after receiving those notificiations is to be suspicious of any emails you get from those companies now. The thieves know you have an email relationship with that company, so they may try a phishing attack.

thecoalman · 04-04-2011, 08:30 PM

This is pretty good example of why you should use different passwords.

Let's suppose this breach included passwords for the email accounts and some emails. Typically passwords stored in a database should use a one way encryption, the password itself is the key to decrypt it. In the case of a breach the password data is pretty useless to those that obtain it however not all sites/services take this precautions.

If the passwords are stored in plain text or easily decrypted the hacker can look through some emails and potentially discover other sites you use like online banking. Armed with the information and the password gained from the hacked site or service they can now gain access to these other sites if you are using the same password.

Brian · 04-04-2011, 11:51 PM

I have received that message from HSN on Sunday.

Since I have never used their service, I am not really concerned about that.

Macrina · 04-05-2011, 12:07 AM

Quote:

Originally Posted by Brian

I have received that message from HSN on Sunday.

Since I have never used their service, I am not really concerned about that.

If you've never made an account with HSN, how do you suppose they obtained your name and email address?