Hey @Ripperoo2018

I've worked for Plusnet for well over a decade and I know of no breach other than one before my time that resulted in customers being informed and provided with a free domain so they could get new domain specific email addresses. 

---

@Ripperoo2018 wrote:

I have start this thread in order to point out that this issue is not an isolated incident and that something somewhere at Plusnet has been compromised.

Just because a couple of our many customers (1m+) have things in common that does not mean a breach has occured, its perfectly possible that the throwaway email addresses you used were exposed by the site you used them on being breached and I'm not sure that stating as fact that we've been hacked and panicking users is the best way to communicate your concerns.

If you want to check your email addresses a good place to start is here

What's interesting is you can see from mine that I've been breached multiple times from companies I thought were secure.

Jono H  Plusnet Community Manager

There was a typo in my original message and it should have read that I've been with Plusnet since 2007 and not 2017 as stated (unable to edit) the OP.

Well, I checked the "HIBP" website that you suggested and discovered that several old email addresses that I have received spam/scam messages in the past have been part of a historical data breach in 2016 and 2019.

"Exploit.In" (late 2016) and "Collection #1" (January 2019)

Some email addresses have been involved in 1 data breach and some in 2 data breaches, but two email addresses to which I received these scam emails yesterday have not been involved in any known data breaches.

May I add, that all the email addresses to which I received these scam/spam messages were created some time around 2007 and have never been used since, so would these possibly have been part of that historical breach you mention?

Good morning. I'm not in all week so I can't check but I do recall that we contacted the customers who had their details exposed so had it happened to you you would have been informed and offered a solution.

If you'd like, drop me a poke here and ill check on my return.  

Jono H  Plusnet Community Manager

Yeah, I would like this looked into, but would prefer to correspond via private/officisl/Plusnet CS chat as I want to share the email headers of the recent batch of emails I received, which look like they have came from my own email account as the 'from line' is the same as the 'to line', if you know what I mean.

I'm hoping the scammers have found some way to spoof the from line, but checking the email headers with my untrained eye, it looks like it has been sent by me to me.

Frankly you're unlikely to reach someone who can read email headers to the desired standard standard on our CS Chat. If you PM me the headers (it will be visible to the support team) one of them will send them to the relevant people  

Jono H  Plusnet Community Manager

@Ripperoo2018  If you think these emails were sent from your account then they'll be in your sent folder, but I suspect they won't be and it's less than trivial to spoof the from line.

Not necessarily.

*If* the scammers did actually have my Plusnet POP3 server login details they *could* potentially send messages using my account without any messages appearing in my local 'Sent' folder.

I had a look in my Plusnet account settings, but cannot see how to change the password for POP3 email server as this would at least let me restrict potential access to the email server.

---

@Ripperoo2018 wrote:

*If* the scammers did actually have my Plusnet POP3 server login details they *could* potentially send messages using my account without any messages appearing in my local 'Sent' folder.

---

Without deleting the messages themselves how would that be done?

Well, if they did have the correct email server credentials, they *could* use any email client on any laptop/PC/phone to then send emails and because the emails were not sent from my device, would not show up on my device.  This would only apply when using POP3 email though as IMAP email works differently (kinda how Gmail works, which is accessible from anywhere you log into your Gmail)

• POP3 (Post Office Protocol): POP3 mail connects and attempts to keep the mail located on the local device (computer or mobile).
• IMAP (Internet Message Access Protocol): IMAP messages do not remain on the local device (computer, mobile etc), it remains on the server.

Gonna leave this now and await a response from Plusnet CS to help with this potential issue.

---

@Ripperoo2018 wrote:

Gonna leave this now and await a response from Plusnet CS to help with this potential issue.

---

Did you send me the headers to forward on? I haven't seen them yet but they're also not likely to be seen by our team until next week.

I also think we need to be really careful with language when it comes to security. People get really worried (understandably) and several times this thread insists that Plusnet has been breached.  The title even says again.

And whilst I am prohibited from talking about security in any way as hackers have been known to target companies who publicly state they haven't been breached or talk about any security procedures they have in place as they see it as a challenge and want the notoriety, I at the same time need to reassure customers that despite your statements there's no evidence of any breaches in security and thankfully we've established now through https://haveibeenpwned.com/  that your email addresses were exposed from 3rd party breaches, and hopefully we can get to the bottom of the last of your addresses that's compromised.

Jono H  Plusnet Community Manager

More of a question than an insisting that Plusnet has been breached.

If Plusnet didn't insist in using forum software that limits the editing of a post, I could have went back nad edited the OP to make the language used less sensitive

I will foward those headers soon..

---

@Ripperoo2018 wrote:

Well, if they did have the correct email server credentials, they *could* use any email client on any laptop/PC/phone to then send emails and because the emails were not sent from my device, would not show up on my device.  This would only apply when using POP3 email though as IMAP email works differently (kinda how Gmail works, which is accessible from anywhere you log into your Gmail)

• POP3 (Post Office Protocol): POP3 mail connects and attempts to keep the mail located on the local device (computer or mobile).
• IMAP (Internet Message Access Protocol): IMAP messages do not remain on the local device (computer, mobile etc), it remains on the server.

---

I'm not taking sides @Ripperoo2018 , but regarding IMAP, AFAIK it is possible for the mail server to NOT store sent mail.

I have Thunderbird on my main PC set to store a copy of sent mail in a local folder instead of the servers 'Sent' folder, it doesn't show when using other clients, e.g. on my phone, but the opposite is true if I send from my phone.

I can't remember the possibilities with POP3 as I haven't used it for years.

Yeah, OK.

Haven't used IMAP myself before and found that decription elsewhere, but I suppose it could be down to individual email client settings?

Did you get those headers?