Welcome to WebmasterWorld Guest from 50.19.156.19

Forum Moderators: buckworks

Message Too Old, No Replies

More Retailers Warn of Security Breach

     

engine

2:23 pm on Apr 4, 2011 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



More Retailers Warn of Security Breach [latimes.com]
Best Buy Co., TiVo Inc., and Walgreen Co. are the latest in a seemingly endless string of companies to warn over the weekend that hackers gained access to customers' files, including email addresses.

The companies all use the same marketing and communications vendor, Epsilon. It's a leading marketing services firm that sends more than 40 billion emails annually and has more than 2,500 clients including seven of the Fortune 10. Epsilon, based in Dallas, issued a brief statement on Friday saying "a full investigation was under way" following the discovery of the breach of some customer client data. The company said that information obtained was limited to names and email addresses and that "no other personal identifiable information associated with the names was at risk."

[edited by: tedster at 11:56 pm (utc) on Apr 4, 2011]
[edit reason] spelling error [/edit]

LifeinAsia

3:43 pm on Apr 4, 2011 (gmt 0)

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Yup- I got several notification e-mails from companies over the weekend about the breach. Luckily, I used the same e-mail for all of them. And it's a Hotmail account, which does a fairly decent job of spam filtering. I almost never follow links in any e-mails sent from those companies anyway (always use my bookmarked links to logon to those sites).

herb

6:10 pm on Apr 4, 2011 (gmt 0)

10+ Year Member



Got a notice from TiVo dated Sunday. "Important Information About Your Account"

"information that was obtained was limited to first name and/or email addresses only."

Let's hope

digitalv

7:22 pm on Apr 4, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Oh no! That means I'm going to get emails from fake companies trying to pretend to be real companies trying to sucker information out of me.

So uh... basically no different than any other day on the Internet. So basically they don't have access to anything they couldn't get off facebook anyway?

MarketingVictory

8:37 pm on Apr 4, 2011 (gmt 0)



Add LL Bean to the list of brands impacted. Beans sent an email as reassuring as possible that the breach is name and email only. Time will tell ...

walkman

10:00 pm on Apr 4, 2011 (gmt 0)



Wow, epsilon must be ruined. Shows the perils of doing business in the big leagues: great rewards but better be careful or else...

Sgt_Kickaxe

10:00 pm on Apr 4, 2011 (gmt 0)

WebmasterWorld Senior Member sgt_kickaxe is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Got notice from my bank yesterday, not good.

LifeinAsia

10:18 pm on Apr 4, 2011 (gmt 0)

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Now up to 5 notifications...

bmcgee

12:32 am on Apr 5, 2011 (gmt 0)

10+ Year Member



Add Chase Bank to the list

JohnRoy

2:46 am on Apr 5, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Add Chase Bank to the list
Known as Chase Manhattan Bank; Merged with Chemical Bank; Merged with J. P. Morgan & Co.
Currently: JP Morgan Chase.


From their email: We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.

Swanny007

2:49 am on Apr 5, 2011 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



I just got the same basic email from Air Miles, so they're affected too! First, last names, email only according to them.

DirigoDev

12:05 pm on Apr 5, 2011 (gmt 0)

10+ Year Member



I get being hacked. If youíre in this business long enough everyone gets bit. I hope that it was not a stupid mistake. Why do so many big companies use Epsilon? How have they amassed such a portfolio of high profile clients? I sent about 25 million e-mails per month from my own proprietary systems. Not SPAM. These are highly sophisticated permission based customer communications. I have solid penetration into all email service providers, a great Sender Score reputation, solid reporting and terrific ROI. I do this at a fraction of the cost of Epsilon. All in, I'm under $50k per year including template markup and testing. So why are firms lining up to use expensive firms like Epsilon? I donít get it! I guess is is all about build vs. buy. I'm a build guy.

DirigoDev

12:06 pm on Apr 5, 2011 (gmt 0)

10+ Year Member



Oh. I forgot to mention that I'm not an ESP. My main business is not sending e-mail. This is just part of running a modern Web site.

bmcgee

12:09 pm on Apr 5, 2011 (gmt 0)

10+ Year Member



All of these retailers (and banks) are claiming only name and email were obtained. I think they are being misleading though. Each of those companies likely has preferences stored with your email address, whether it is the type of product/service you have bought or have indicated you are interested in.

If the database was breached, surely this data was visible also. It may not be as sensitive as credit card info or financial info but it is more than they are claiming.

motorhaven

1:35 pm on Apr 5, 2011 (gmt 0)

10+ Year Member



Add 1800flowers.com to the list.

frontpage

2:23 pm on Apr 5, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



At least you guys got a notice, I have accounts with some of the companies named and I have received ZERO notice.

wyweb

2:28 pm on Apr 5, 2011 (gmt 0)



I have accounts with some of the companies named and I have received ZERO notice.

I do as well but a lot of them are Mom and Pops. I'm with some big players also but as yet haven't heard anything.

RhinoFish

3:11 pm on Apr 5, 2011 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



i got a warning from Disney Destination travel folks.

also reported here:
news.gather.com/viewArticle.action?articleId=281474979187600

RhinoFish

3:12 pm on Apr 5, 2011 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



abc news list of affected companies:
abcnews.go.com/Technology/wireStory?id=13295491

LifeinAsia

3:48 pm on Apr 5, 2011 (gmt 0)

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Not sure how many of those companies use the customer's e-mail address for the login. If so, I would certainly demand the login e-mail address be changed to something else.

I also wouldn't be posting on a public forum which companies had my e-mail address (especially if it was the login).

I think they are being misleading though. ... If the database was breached, surely this data was visible also.

I am also skeptical, but that is not necessarily the case. All the data may not be in the same table or even the same database (or even on the same server). And even if it is, there may be granular security settings that really did limit the breach to name & email. (e.g., different security is needed for the different information, but only the security for the basic information was compromised.)

frontpage

11:36 am on Apr 6, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Customers of Verizon Communications had their email addresses exposed in a massive online data breach last week, according to an email to customers obtained by Reuters.


No word from Verizon about my account.

walkman

12:37 pm on Apr 6, 2011 (gmt 0)



"No word from Verizon about my account."

Check your email again. Verizon emailed me twice, to let me know of the breach and then another time to change my password and credit card.

arieng

3:38 pm on Apr 6, 2011 (gmt 0)

5+ Year Member



So why are firms lining up to use expensive firms like Epsilon?


It's all about accountability. If and when there is a breach of security, they can lay it on someone else's doorstep, fire the provider, and move on without any lasting damage to their brand.

rocknbil

5:25 pm on Apr 6, 2011 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Co worker got one from Beachbody today. This is madness, talk about all your eggs in one basket . . .

LifeinAsia

2:42 am on Apr 8, 2011 (gmt 0)

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Didn't take long to get my first phishing attempt from the breach- just got one pretending to be from one of the companies involved. Very low quality work- typos, bad grammar, and poor design.