homepage Welcome to WebmasterWorld Guest from 54.242.18.232
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
More Retailers Warn of Security Breach
engine




msg:4291836
 2:23 pm on Apr 4, 2011 (gmt 0)

More Retailers Warn of Security Breach [latimes.com]
Best Buy Co., TiVo Inc., and Walgreen Co. are the latest in a seemingly endless string of companies to warn over the weekend that hackers gained access to customers' files, including email addresses.

The companies all use the same marketing and communications vendor, Epsilon. It's a leading marketing services firm that sends more than 40 billion emails annually and has more than 2,500 clients including seven of the Fortune 10. Epsilon, based in Dallas, issued a brief statement on Friday saying "a full investigation was under way" following the discovery of the breach of some customer client data. The company said that information obtained was limited to names and email addresses and that "no other personal identifiable information associated with the names was at risk."

[edited by: tedster at 11:56 pm (utc) on Apr 4, 2011]
[edit reason] spelling error [/edit]

 

LifeinAsia




msg:4291869
 3:43 pm on Apr 4, 2011 (gmt 0)

Yup- I got several notification e-mails from companies over the weekend about the breach. Luckily, I used the same e-mail for all of them. And it's a Hotmail account, which does a fairly decent job of spam filtering. I almost never follow links in any e-mails sent from those companies anyway (always use my bookmarked links to logon to those sites).

herb




msg:4291923
 6:10 pm on Apr 4, 2011 (gmt 0)

Got a notice from TiVo dated Sunday. "Important Information About Your Account"

"information that was obtained was limited to first name and/or email addresses only."

Let's hope

digitalv




msg:4291948
 7:22 pm on Apr 4, 2011 (gmt 0)

Oh no! That means I'm going to get emails from fake companies trying to pretend to be real companies trying to sucker information out of me.

So uh... basically no different than any other day on the Internet. So basically they don't have access to anything they couldn't get off facebook anyway?

MarketingVictory




msg:4291993
 8:37 pm on Apr 4, 2011 (gmt 0)

Add LL Bean to the list of brands impacted. Beans sent an email as reassuring as possible that the breach is name and email only. Time will tell ...

walkman




msg:4292061
 10:00 pm on Apr 4, 2011 (gmt 0)

Wow, epsilon must be ruined. Shows the perils of doing business in the big leagues: great rewards but better be careful or else...

Sgt_Kickaxe




msg:4292062
 10:00 pm on Apr 4, 2011 (gmt 0)

Got notice from my bank yesterday, not good.

LifeinAsia




msg:4292071
 10:18 pm on Apr 4, 2011 (gmt 0)

Now up to 5 notifications...

bmcgee




msg:4292112
 12:32 am on Apr 5, 2011 (gmt 0)

Add Chase Bank to the list

JohnRoy




msg:4292163
 2:46 am on Apr 5, 2011 (gmt 0)

Add Chase Bank to the list
Known as Chase Manhattan Bank; Merged with Chemical Bank; Merged with J. P. Morgan & Co.
Currently: JP Morgan Chase.


From their email: We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.

Swanny007




msg:4292164
 2:49 am on Apr 5, 2011 (gmt 0)

I just got the same basic email from Air Miles, so they're affected too! First, last names, email only according to them.

DirigoDev




msg:4292381
 12:05 pm on Apr 5, 2011 (gmt 0)

I get being hacked. If youíre in this business long enough everyone gets bit. I hope that it was not a stupid mistake. Why do so many big companies use Epsilon? How have they amassed such a portfolio of high profile clients? I sent about 25 million e-mails per month from my own proprietary systems. Not SPAM. These are highly sophisticated permission based customer communications. I have solid penetration into all email service providers, a great Sender Score reputation, solid reporting and terrific ROI. I do this at a fraction of the cost of Epsilon. All in, I'm under $50k per year including template markup and testing. So why are firms lining up to use expensive firms like Epsilon? I donít get it! I guess is is all about build vs. buy. I'm a build guy.

DirigoDev




msg:4292382
 12:06 pm on Apr 5, 2011 (gmt 0)

Oh. I forgot to mention that I'm not an ESP. My main business is not sending e-mail. This is just part of running a modern Web site.

bmcgee




msg:4292383
 12:09 pm on Apr 5, 2011 (gmt 0)

All of these retailers (and banks) are claiming only name and email were obtained. I think they are being misleading though. Each of those companies likely has preferences stored with your email address, whether it is the type of product/service you have bought or have indicated you are interested in.

If the database was breached, surely this data was visible also. It may not be as sensitive as credit card info or financial info but it is more than they are claiming.

motorhaven




msg:4292413
 1:35 pm on Apr 5, 2011 (gmt 0)

Add 1800flowers.com to the list.

frontpage




msg:4292439
 2:23 pm on Apr 5, 2011 (gmt 0)

At least you guys got a notice, I have accounts with some of the companies named and I have received ZERO notice.

wyweb




msg:4292446
 2:28 pm on Apr 5, 2011 (gmt 0)

I have accounts with some of the companies named and I have received ZERO notice.

I do as well but a lot of them are Mom and Pops. I'm with some big players also but as yet haven't heard anything.

RhinoFish




msg:4292467
 3:11 pm on Apr 5, 2011 (gmt 0)

i got a warning from Disney Destination travel folks.

also reported here:
news.gather.com/viewArticle.action?articleId=281474979187600

RhinoFish




msg:4292468
 3:12 pm on Apr 5, 2011 (gmt 0)

abc news list of affected companies:
abcnews.go.com/Technology/wireStory?id=13295491

LifeinAsia




msg:4292491
 3:48 pm on Apr 5, 2011 (gmt 0)

Not sure how many of those companies use the customer's e-mail address for the login. If so, I would certainly demand the login e-mail address be changed to something else.

I also wouldn't be posting on a public forum which companies had my e-mail address (especially if it was the login).

I think they are being misleading though. ... If the database was breached, surely this data was visible also.

I am also skeptical, but that is not necessarily the case. All the data may not be in the same table or even the same database (or even on the same server). And even if it is, there may be granular security settings that really did limit the breach to name & email. (e.g., different security is needed for the different information, but only the security for the basic information was compromised.)

frontpage




msg:4293075
 11:36 am on Apr 6, 2011 (gmt 0)

Customers of Verizon Communications had their email addresses exposed in a massive online data breach last week, according to an email to customers obtained by Reuters.


No word from Verizon about my account.

walkman




msg:4293091
 12:37 pm on Apr 6, 2011 (gmt 0)

"No word from Verizon about my account."

Check your email again. Verizon emailed me twice, to let me know of the breach and then another time to change my password and credit card.

arieng




msg:4293196
 3:38 pm on Apr 6, 2011 (gmt 0)

So why are firms lining up to use expensive firms like Epsilon?


It's all about accountability. If and when there is a breach of security, they can lay it on someone else's doorstep, fire the provider, and move on without any lasting damage to their brand.

rocknbil




msg:4293293
 5:25 pm on Apr 6, 2011 (gmt 0)

Co worker got one from Beachbody today. This is madness, talk about all your eggs in one basket . . .

LifeinAsia




msg:4293973
 2:42 am on Apr 8, 2011 (gmt 0)

Didn't take long to get my first phishing attempt from the breach- just got one pretending to be from one of the companies involved. Very low quality work- typos, bad grammar, and poor design.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved