Welcome to WebmasterWorld Guest from 54.144.15.10

Forum Moderators: buckworks

Message Too Old, No Replies

More Retailers Warn of Security Breach

     
2:23 pm on Apr 4, 2011 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:23150
votes: 344


More Retailers Warn of Security Breach [latimes.com]
Best Buy Co., TiVo Inc., and Walgreen Co. are the latest in a seemingly endless string of companies to warn over the weekend that hackers gained access to customers' files, including email addresses.

The companies all use the same marketing and communications vendor, Epsilon. It's a leading marketing services firm that sends more than 40 billion emails annually and has more than 2,500 clients including seven of the Fortune 10. Epsilon, based in Dallas, issued a brief statement on Friday saying "a full investigation was under way" following the discovery of the breach of some customer client data. The company said that information obtained was limited to names and email addresses and that "no other personal identifiable information associated with the names was at risk."

[edited by: tedster at 11:56 pm (utc) on Apr 4, 2011]
[edit reason] spelling error [/edit]

3:43 pm on Apr 4, 2011 (gmt 0)

Moderator from US 

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 10, 2005
posts:5618
votes: 44


Yup- I got several notification e-mails from companies over the weekend about the breach. Luckily, I used the same e-mail for all of them. And it's a Hotmail account, which does a fairly decent job of spam filtering. I almost never follow links in any e-mails sent from those companies anyway (always use my bookmarked links to logon to those sites).
6:10 pm on Apr 4, 2011 (gmt 0)

Full Member from US 

10+ Year Member

joined:July 12, 2000
posts:323
votes: 4


Got a notice from TiVo dated Sunday. "Important Information About Your Account"

"information that was obtained was limited to first name and/or email addresses only."

Let's hope
7:22 pm on Apr 4, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 15, 2003
posts:1418
votes: 0


Oh no! That means I'm going to get emails from fake companies trying to pretend to be real companies trying to sucker information out of me.

So uh... basically no different than any other day on the Internet. So basically they don't have access to anything they couldn't get off facebook anyway?
8:37 pm on Apr 4, 2011 (gmt 0)

New User

5+ Year Member

joined:Apr 4, 2011
posts:5
votes: 0


Add LL Bean to the list of brands impacted. Beans sent an email as reassuring as possible that the breach is name and email only. Time will tell ...
10:00 pm on Apr 4, 2011 (gmt 0)

Senior Member

joined:Dec 29, 2003
posts:5428
votes: 0


Wow, epsilon must be ruined. Shows the perils of doing business in the big leagues: great rewards but better be careful or else...
10:00 pm on Apr 4, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member sgt_kickaxe is a WebmasterWorld Top Contributor of All Time 5+ Year Member

joined:Apr 14, 2010
posts:3169
votes: 0


Got notice from my bank yesterday, not good.
10:18 pm on Apr 4, 2011 (gmt 0)

Moderator from US 

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 10, 2005
posts:5618
votes: 44


Now up to 5 notifications...
12:32 am on Apr 5, 2011 (gmt 0)

Full Member

10+ Year Member

joined:May 14, 2001
posts:262
votes: 0


Add Chase Bank to the list
2:46 am on Apr 5, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 26, 2002
posts:813
votes: 1


Add Chase Bank to the list
Known as Chase Manhattan Bank; Merged with Chemical Bank; Merged with J. P. Morgan & Co.
Currently: JP Morgan Chase.


From their email: We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.
2:49 am on Apr 5, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 31, 2006
posts:1254
votes: 13


I just got the same basic email from Air Miles, so they're affected too! First, last names, email only according to them.
12:05 pm on Apr 5, 2011 (gmt 0)

Junior Member

10+ Year Member

joined:Oct 19, 2004
posts: 169
votes: 1


I get being hacked. If youíre in this business long enough everyone gets bit. I hope that it was not a stupid mistake. Why do so many big companies use Epsilon? How have they amassed such a portfolio of high profile clients? I sent about 25 million e-mails per month from my own proprietary systems. Not SPAM. These are highly sophisticated permission based customer communications. I have solid penetration into all email service providers, a great Sender Score reputation, solid reporting and terrific ROI. I do this at a fraction of the cost of Epsilon. All in, I'm under $50k per year including template markup and testing. So why are firms lining up to use expensive firms like Epsilon? I donít get it! I guess is is all about build vs. buy. I'm a build guy.
12:06 pm on Apr 5, 2011 (gmt 0)

Junior Member

10+ Year Member

joined:Oct 19, 2004
posts: 169
votes: 1


Oh. I forgot to mention that I'm not an ESP. My main business is not sending e-mail. This is just part of running a modern Web site.
12:09 pm on Apr 5, 2011 (gmt 0)

Full Member

10+ Year Member

joined:May 14, 2001
posts:262
votes: 0


All of these retailers (and banks) are claiming only name and email were obtained. I think they are being misleading though. Each of those companies likely has preferences stored with your email address, whether it is the type of product/service you have bought or have indicated you are interested in.

If the database was breached, surely this data was visible also. It may not be as sensitive as credit card info or financial info but it is more than they are claiming.
1:35 pm on Apr 5, 2011 (gmt 0)

Preferred Member

10+ Year Member

joined:Mar 10, 2004
posts: 393
votes: 13


Add 1800flowers.com to the list.
2:23 pm on Apr 5, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 23, 2002
posts:659
votes: 0


At least you guys got a notice, I have accounts with some of the companies named and I have received ZERO notice.
2:28 pm on Apr 5, 2011 (gmt 0)

Senior Member

joined:Aug 12, 2004
posts:1781
votes: 0


I have accounts with some of the companies named and I have received ZERO notice.

I do as well but a lot of them are Mom and Pops. I'm with some big players also but as yet haven't heard anything.
3:11 pm on Apr 5, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 20, 2006
posts:1908
votes: 13


i got a warning from Disney Destination travel folks.

also reported here:
news.gather.com/viewArticle.action?articleId=281474979187600
3:12 pm on Apr 5, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 20, 2006
posts:1908
votes: 13


abc news list of affected companies:
abcnews.go.com/Technology/wireStory?id=13295491
3:48 pm on Apr 5, 2011 (gmt 0)

Moderator from US 

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 10, 2005
posts:5618
votes: 44


Not sure how many of those companies use the customer's e-mail address for the login. If so, I would certainly demand the login e-mail address be changed to something else.

I also wouldn't be posting on a public forum which companies had my e-mail address (especially if it was the login).

I think they are being misleading though. ... If the database was breached, surely this data was visible also.

I am also skeptical, but that is not necessarily the case. All the data may not be in the same table or even the same database (or even on the same server). And even if it is, there may be granular security settings that really did limit the breach to name & email. (e.g., different security is needed for the different information, but only the security for the basic information was compromised.)
11:36 am on Apr 6, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 23, 2002
posts:659
votes: 0


Customers of Verizon Communications had their email addresses exposed in a massive online data breach last week, according to an email to customers obtained by Reuters.


No word from Verizon about my account.
12:37 pm on Apr 6, 2011 (gmt 0)

Senior Member

joined:Dec 29, 2003
posts:5428
votes: 0


"No word from Verizon about my account."

Check your email again. Verizon emailed me twice, to let me know of the breach and then another time to change my password and credit card.
3:38 pm on Apr 6, 2011 (gmt 0)

Preferred Member

5+ Year Member

joined:Nov 2, 2006
posts:410
votes: 0


So why are firms lining up to use expensive firms like Epsilon?


It's all about accountability. If and when there is a breach of security, they can lay it on someone else's doorstep, fire the provider, and move on without any lasting damage to their brand.
5:25 pm on Apr 6, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


Co worker got one from Beachbody today. This is madness, talk about all your eggs in one basket . . .
2:42 am on Apr 8, 2011 (gmt 0)

Moderator from US 

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 10, 2005
posts:5618
votes: 44


Didn't take long to get my first phishing attempt from the breach- just got one pretending to be from one of the companies involved. Very low quality work- typos, bad grammar, and poor design.