I am now almost certain that LogMeIn.com has suffered a data breach. How do I know? You can read about it here…

A spam more than 13½ years in the making

The actual trigger phishing email is pasted below. If you have ever had an account with LogMeIn.com, you should expect to get this email soon (if you have not gotten it already). Any other information that you’ve ever given to LogMeIn.com is also now potentially compromised.

This is particularly distressing because the LogMeIn.com service allows people to remotely control your computer. Yikes. If you have LogMeIn installed, then the prudent thing to do is to remove it until we get more details to the extent of the problem.

Could there be any connection to the (very recent, very sudden) announcement that LogMeIn.com was immediately stopping their popular free service offerings? We’ll see…

In other disturbing news- it looks like eFax.com does not have an SPF record which could have mitigated this phishing attack. Come on guys, there is no excuse for this and it makes you look really bad.

Subject: eFax message from 16023994730 - 1 page(s), Caller-ID: 602-399-4730
From: eFax.com <messages@inbound.efax.com>

Fax Message [Caller-ID: 602-399-4730]

You have received a 1 page fax at 2014-01-27 05:45:50 CDT.

* The reference number for this fax is min1_did13-1329191075-6023994730-49.

View this fax online, on our website : http://www.efax.com/fax/fax_view.aspx?fax_id=XXXXXXXXXXX
Please visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.

Thank you for using the eFax service!