topic Re: Do PlusNet have a data breach? in Email

Do PlusNet have a data breach?

Batphone — Fri, 26 Sep 2025 13:34:08 GMT

I am receiving periodic e-mails all with the "Boots store survey" and in cheverons various plus.com addresses.

Anyone else getting these?

For information only, the link in the e-mail points to (PLEASE DO NOT VISIT - IT MAY CONTAIN MALWARE!):

<hxxxxp://www.boots.com/shopping/customer-survey-rewards/>

Actual underlying link:

hxxps://boots-store-healthandbeauty-supports.s3.dualstack.us-east-1.amazonaws.com/ecustomer.html

This is NOT a genuine Boots resource. (I have deliberately edited the protocol header.) No idea what it is.

This e-mail is obviously spam so if you have received one, PLEASE DO NOT CLICK ON THE LINK.

Re: Do PlusNet have a data breach?

jab1 — Fri, 26 Sep 2025 13:34:08 GMT

@Batphone See the last few posts on this topic:https://community.plus.net/t5/Email/Someones-using-my-email-address-to-send-spam-emails-how-can-I/td-p/2021583

The issue is under investigation at a high level.

Re: Do PlusNet have a data breach?

Batphone — Fri, 26 Sep 2025 13:42:48 GMT

Thanks. BTW, jab1, you can kill this thread if you want. Sorry, didn't see the other one.

Re: Do PlusNet have a data breach?

bmc — Fri, 26 Sep 2025 14:34:09 GMT

I've also received 4 (so far!!!) e-mails from "Boots"

Brian

Re: Do PlusNet have a data breach?

TJP — Fri, 26 Sep 2025 14:46:40 GMT

I received 3 of these overnight but received my first one on 14th September, it had a different link location to these recent ones.

It was hxxxs://sebbie.info/.store.boots.co.uk/

Re: Do PlusNet have a data breach?

mwwagain — Fri, 26 Sep 2025 15:20:27 GMT

I think it is worth reporting the underlying link direct to AmazonAWS.

https://repost.aws/knowledge-center/report-aws-abuse

It seems to work and gets the target URL deleted so nobody else can get to it

Re: Do PlusNet have a data breach?

Batphone — Fri, 26 Sep 2025 19:50:51 GMT

Looks like one needs to be an AWS client/user which I am not unfortunately so can't log in to make the report.

Re: Do PlusNet have a data breach?

mwwagain — Fri, 26 Sep 2025 23:58:17 GMT

I am not an AWS user / account and have reported several.

You ignore the login prompt and just fill in the rest

Re: Do PlusNet have a data breach?

jab1 — Fri, 03 Oct 2025 17:16:16 GMT

I thought this had been resolved -unfortunately it hasn't, as I received another 'survey' request this afternoon.

Re: Do PlusNet have a data breach?

Batphone — Fri, 03 Oct 2025 20:03:50 GMT

Same here. Different Amazon AWS URL though. Still have not been able to report to Amazon.

Re: Do PlusNet have a data breach?

Townman — Fri, 03 Oct 2025 20:04:46 GMT

@jab1

Hi John,

What kind of “resolution” do you envisage here?

Some bad actor has injected sheds loads of spam emails into the network. We humans are very good at recognising similarities where there’s a multitude of changes in detail - spam filtering is not that smart; it requires exact matches.

Re: Do PlusNet have a data breach?

jab1 — Fri, 03 Oct 2025 20:12:50 GMT

@Townman Me confused - I have not, to the best of my knowledge anyway, asked for a resolution in this topic? I appreciate some clown somewhere is having a field-day, and appreciate it may take time to resolve, but as the spam had stopped, for me at least, I presumed PN had identified the source and taken steps to resolve.

Re: Do PlusNet have a data breach?

Phimmo — Wed, 08 Oct 2025 09:34:41 GMT

Still getting these so clearly not stopped yet. Whilst I spotted them easily, other family members may not be so savvy and could click on the links by accident.