I am now almost certain that LogMeIn.com has suffered a data breach. How do I know? You can read about it here…
The actual trigger phishing email is pasted below. If you have ever had an account with LogMeIn.com, you should expect to get this email soon (if you have not gotten it already). Any other information that you’ve ever given to LogMeIn.com is also now potentially compromised.
This is particularly distressing because the LogMeIn.com service allows people to remotely control your computer. Yikes. If you have LogMeIn installed, then the prudent thing to do is to remove it until we get more details to the extent of the problem.
Could there be any connection to the (very recent, very sudden) announcement that LogMeIn.com was immediately stopping their popular free service offerings? We’ll see…
In other disturbing news- it looks like eFax.com does not have an SPF record which could have mitigated this phishing attack. Come on guys, there is no excuse for this and it makes you look really bad.
Subject: eFax message from 16023994730 - 1 page(s), Caller-ID: 602-399-4730 From: eFax.com <firstname.lastname@example.org> Fax Message [Caller-ID: 602-399-4730] You have received a 1 page fax at 2014-01-27 05:45:50 CDT. * The reference number for this fax is min1_did13-1329191075-6023994730-49. View this fax online, on our website : http://www.efax.com/fax/fax_view.aspx?fax_id=XXXXXXXXXXX Please visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service. Thank you for using the eFax service!
On 3/13/2000 at 9:38:25 AM, I bought the Bundesbahn Pi font from Adobe (yep, back then they were a font company).
On 10/31/2013 at 11:36:01 AM, I got a spam because of that purchase.
I knew that the spam was Adobe’s fault because I give everyone a very special email address. I never give out the same address twice and I keep track of who I gave each and every address to. This way, whenever I get a spam I can look up what address the spam was sent to and know who to blame.
Sometimes companies leak an email address on purpose by selling their customer list. Sometimes they do it unintentionally when they accidentally publish the list in a public document. But usually the leak happens because of a a security problem – either someone with access to the list got a virus, or the servers that hold the list got hacked into. Sadly, it happens all the time.
I was therefore not surprised when I saw Adobe’s announcement that they were hacked. At least they found out about it and acknowledged it. Most of the time when I get a spam on a special email address, the company that leaked the address is unaware and uninterested.
Here is the telltale spam…
From: Oolya <email@example.com> Sent: Thursday, October 31, 2013 7:36 AM Subject: Olechka How is it going? Hello!!! My name is Olia! I look for a second half. I love fitness and arting.. Reply me letter on firstname.lastname@example.org Regards, Olia.
If you’ve ever given your email address to Adobe, you probably got a spam like this too.
If I were a big company, I would sprinkle lots of special email accounts and username/passwords around my systems, and then keep a very close eye out to see if they every get used. At least this way I’d know something bad was happening, and maybe I could use the info about what got leaked and when to figure out what happened.
Have you ever wondered how a SPAM sender got your email address?
For the past 15 years, I’ve used a different email address every time I filled out a webform . This way, whenever I get a SPAM I can look at the address the SPAM was sent to and know how the sender found out about me.
It is interesting to see where the leaks come up. Here is a short list of some of the people who (willingly or unwillingly) ratted me out to spammers….