Skip to comments.Massive Breach at Epsilon Compromises Customer Lists of Major Brands
Posted on 04/02/2011 8:46:19 PM PDT by brytlea
Due to the growing list of brands disclosing that they have been compromised as a result of this breach, Im going to go ahead and tag this as a massive breach. And I only expect it to get bigger as more announcements come out from Epsilon customers.
Last night we reported on a breach at marketing services provider, Epsilon, the worlds largest permission-based email marketing provider. Initially we wrote that the breach had affected Kroger, the nation's largest traditional grocery retailer. There is a list of companies at the link (but I don't know if that is going to be the full list, it sounds like there may be more yet).
It turns out that Kroger is only one of many customers affected by the breach at Epsilon.
(Excerpt) Read more at securityweek.com ...
You would think that an outfit this big — and supposedly professional — would have encrypted this data. Apparently not.
We just received a message from the College Board (the folks who run the Advanced Placement exams and the SATs) stating, “We have been informed by Epsilon, the vendor that sends email to you on our behalf, that your e-mail address may have been exposed by unauthorized entry into their system.”
Yeah, sounds basically like what I received from TiVo. Whoever did this apparently now has a LOT of email addresses with names. :(
This is one reason I have stopped giving my email address to almost anyone, if I don’t have to. Seems that every store I buy something in nowadays wants my email address and I just say, “No thank you.” They always seem surprised. Next time I’ll just mention this fiasco.
Thank you. This is the unpteenth time this has happened in the past year or so, but this sounds like one of the biggest.
I wonder if they EVER catch these creeps?
I got an e-mail from the college board.
Thank you for posting. I received an email tonight from collegeboard.com about the epsilon breach, that my first and last name and email were fraudulently accessed. This is why I come to freerepublic when I want breaking news.
Got the same email here
I just hope names and emails were really all they got.
Thanks! I have online accounts at some on the list.
Just another reminder to look at the email, then open the site from *FAVORITES* (or even Google it) instead of using the links in the email.
Not that I don’t get sloppy now & then when there’s a good sale at an e-merchant I regularly do business with.
Got an email from US Bank yesterday - they were a target as well.
I don’t know. It doesn’t seem as though they catch these criminals very often.
This sort of thing points to the need for everyone to step up and take responsibility for their own online security. It’s clear that most companies have no intention of helping in any meaningful way.
I’ve gotten so paranoid anymore, but it only takes getting sloppy once. It just seems these creepy scoundrels are so pervasive anymore and I guess they are next to impossible to catch.
I agree, it doesn’t seem like they EVER catch them, and it doesn’t seem that there seems to be any desire on the part of the government (altho it may just be that it’s virtually impossible, I don’t know).
The problem is, you can be careful (I am, extremely so) but it seems the bad guys get smarter and better all the time. I don’t know how long we can stay a step ahead of them. I’m not a techie genius. At some point do we just throw in the towel and give up?
None of my banks have sent me anything. Yet.
Yeah, I know exactly what you mean.
I looked (in *Preview*) at an email from my auto insurer a couple of months back, and it looked EXACTLY like what I normally get from them, but didn’t seem ‘right’.
I finally noticed in the small print at the end that they had a letter in the acronym wrong. I deleted it without opening, then did a set of scans just to be safe.
I also web-based email accounts, and when something comes to them, no matter what or from whom, I right click on any links in the *PREVIEW*, and hit *PROPERTIES*, and that shows what the REAL address of the link is, no matter what it says it is. It doesn’t get opened if it’s got bad links.
Have to be careful, and check EACH link, because there are often a couple of real links to main site of the real company in th first part & very end, but the “money links” for the actual “offer” in the body of the message are the redirects.
I’ve googled some of them, and most are well know scam operations located mainly in China, Rumania, or Russia, where there is zero chance of doing anything about them.