cancel
Showing results for 
Search instead for 
Did you mean: 

Email Server Hacked.....Again?

Ripperoo2018
Dabbler
Posts: 16
Thanks: 2
Registered: ‎10-04-2018

Email Server Hacked.....Again?

Back in December 2018, a Plusnet user name Bazdvd started a thread about receiving scam messages to email addresses that hadn't been used for years.

 

That thread is now locked for replies, but on reading through the opening post, I thought to myself, I could have written it as the Bazdvd's experience was almost identical to mine.

 

I experienced around the same issue around the same time as that of Bazdvd's post, but also before then and also yesterday (26/08/2021).

 

I would have resurrected the old thread, but as already mentioned, it's locked.

 

This time the scam has been updated to mention the "Pegasus" spyware scare (to try and make the user believe the sender has acquired all sorts of personal info), which we know is utter BS.

 

Like Bazdvd, I've been with Plusnet a very long time (since 2017) and have used a lot of throwaway and unique email addresses, which were used to try and track who was sharing my personal details and still rarely use the same email address twice.

 

I don't think a lot of the posters in Bazdvd's original thread really understood what he was on about, but I for one understand 100% what he meant as I had/have the same issue.....again.

 

Like Bazdvd, the email addresses in question have not been used for up to 10 years, so my thinking is that there was a email server hack at Plusnet at some point in the past and that old list is doing the rounds again.

Can someone at Plusnet with historical knowledge either confirm or deny that the Plusnet email server was hacked at some point?

 

I have start this thread in order to point out that this issue is not an isolated incident and that something somewhere at Plusnet has been compromised.

 

I dare say a lot of Plusnet users only use a single email address, so thay may not even realise they have an issue if they are getting the scam emails to one address.

 

23 REPLIES 23
JonoH
Community Gaffer
Community Gaffer
Posts: 3,708
Thanks: 6,259
Fixes: 124
Registered: ‎29-09-2011

Re: Email Server Hacked.....Again?

Hey @Ripperoo2018

I've worked for Plusnet for well over a decade and I know of no breach other than one before my time that resulted in customers being informed and provided with a free domain so they could get new domain specific email addresses. 

 


@Ripperoo2018 wrote:

I have start this thread in order to point out that this issue is not an isolated incident and that something somewhere at Plusnet has been compromised.

Just because a couple of our many customers (1m+) have things in common that does not mean a breach has occured, its perfectly possible that the throwaway email addresses you used were exposed by the site you used them on being breached and I'm not sure that stating as fact that we've been hacked and panicking users is the best way to communicate your concerns.

 

If you want to check your email addresses a good place to start is here

What's interesting is you can see from mine that I've been breached multiple times from companies I thought were secure.

JonoBreach.png

 

 Jono H
 Plusnet Community Manager
Ripperoo2018
Dabbler
Posts: 16
Thanks: 2
Registered: ‎10-04-2018

Re: Email Server Hacked.....Again?

There was a typo in my original message and it should have read that I've been with Plusnet since 2007 and not 2017 as stated (unable to edit) the OP.

 

Well, I checked the "HIBP" website that you suggested and discovered that several old email addresses that I have received spam/scam messages in the past have been part of a historical data breach in 2016 and 2019.

 

"Exploit.In" (late 2016) and "Collection #1" (January 2019)

 

Some email addresses have been involved in 1 data breach and some in 2 data breaches, but two email addresses to which I received these scam emails yesterday have not been involved in any known data breaches.

 

May I add, that all the email addresses to which I received these scam/spam messages were created some time around 2007 and have never been used since, so would these possibly have been part of that historical breach you mention?

JonoH
Community Gaffer
Community Gaffer
Posts: 3,708
Thanks: 6,259
Fixes: 124
Registered: ‎29-09-2011

Re: Email Server Hacked.....Again?

Good morning. I'm not in all week so I can't check but I do recall that we contacted the customers who had their details exposed so had it happened to you you would have been informed and offered a solution.

If you'd like, drop me a poke here and ill check on my return. Smiley 

 Jono H
 Plusnet Community Manager
Ripperoo2018
Dabbler
Posts: 16
Thanks: 2
Registered: ‎10-04-2018

Re: Email Server Hacked.....Again?

Yeah, I would like this looked into, but would prefer to correspond via private/officisl/Plusnet CS chat as I want to share the email headers of the recent batch of emails I received, which look like they have came from my own email account as the 'from line' is the same as the 'to line', if you know what I mean.

 

I'm hoping the scammers have found some way to spoof the from line, but checking the email headers with my untrained eye, it looks like it has been sent by me to me.

JonoH
Community Gaffer
Community Gaffer
Posts: 3,708
Thanks: 6,259
Fixes: 124
Registered: ‎29-09-2011

Re: Email Server Hacked.....Again?

Frankly you're unlikely to reach someone who can read email headers to the desired standard standard on our CS Chat. If you PM me the headers (it will be visible to the support team) one of them will send them to the relevant people Smiley 

 Jono H
 Plusnet Community Manager
Mook
Champion
Posts: 909
Thanks: 195
Fixes: 2
Registered: ‎27-12-2019

Re: Email Server Hacked.....Again?

@Ripperoo2018  If you think these emails were sent from your account then they'll be in your sent folder, but I suspect they won't be and it's less than trivial to spoof the from line.

Ripperoo2018
Dabbler
Posts: 16
Thanks: 2
Registered: ‎10-04-2018

Re: Email Server Hacked.....Again?

Not necessarily.

*If* the scammers did actually have my Plusnet POP3 server login details they *could* potentially send messages using my account without any messages appearing in my local 'Sent' folder.

 

I had a look in my Plusnet account settings, but cannot see how to change the password for POP3 email server as this would at least let me restrict potential access to the email server.

Mook
Champion
Posts: 909
Thanks: 195
Fixes: 2
Registered: ‎27-12-2019

Re: Email Server Hacked.....Again?


@Ripperoo2018 wrote:

*If* the scammers did actually have my Plusnet POP3 server login details they *could* potentially send messages using my account without any messages appearing in my local 'Sent' folder.


Without deleting the messages themselves how would that be done?

Ripperoo2018
Dabbler
Posts: 16
Thanks: 2
Registered: ‎10-04-2018

Re: Email Server Hacked.....Again?

Well, if they did have the correct email server credentials, they *could* use any email client on any laptop/PC/phone to then send emails and because the emails were not sent from my device, would not show up on my device.  This would only apply when using POP3 email though as IMAP email works differently (kinda how Gmail works, which is accessible from anywhere you log into your Gmail)

  • POP3 (Post Office Protocol): POP3 mail connects and attempts to keep the mail located on the local device (computer or mobile).
  • IMAP (Internet Message Access Protocol): IMAP messages do not remain on the local device (computer, mobile etc), it remains on the server.

Gonna leave this now and await a response from Plusnet CS to help with this potential issue.

JonoH
Community Gaffer
Community Gaffer
Posts: 3,708
Thanks: 6,259
Fixes: 124
Registered: ‎29-09-2011

Re: Email Server Hacked.....Again?


@Ripperoo2018 wrote:

Gonna leave this now and await a response from Plusnet CS to help with this potential issue.


Did you send me the headers to forward on? I haven't seen them yet but they're also not likely to be seen by our team until next week.

I also think we need to be really careful with language when it comes to security. People get really worried (understandably) and several times this thread insists that Plusnet has been breached.  The title even says again.

 

And whilst I am prohibited from talking about security in any way as hackers have been known to target companies who publicly state they haven't been breached or talk about any security procedures they have in place as they see it as a challenge and want the notoriety, I at the same time need to reassure customers that despite your statements there's no evidence of any breaches in security and thankfully we've established now through https://haveibeenpwned.com/  that your email addresses were exposed from 3rd party breaches, and hopefully we can get to the bottom of the last of your addresses that's compromised.

 

 Jono H
 Plusnet Community Manager
Ripperoo2018
Dabbler
Posts: 16
Thanks: 2
Registered: ‎10-04-2018

Re: Email Server Hacked.....Again?

More of a question than an insisting that Plusnet has been breached.

If Plusnet didn't insist in using forum software that limits the editing of a post, I could have went back nad edited the OP to make the language used less sensitive

 

I will foward those headers soon..

 

RobPN
Hero
Posts: 4,109
Thanks: 348
Fixes: 9
Registered: ‎17-05-2013

Re: Email Server Hacked.....Again?


@Ripperoo2018 wrote:

Well, if they did have the correct email server credentials, they *could* use any email client on any laptop/PC/phone to then send emails and because the emails were not sent from my device, would not show up on my device.  This would only apply when using POP3 email though as IMAP email works differently (kinda how Gmail works, which is accessible from anywhere you log into your Gmail)

  • POP3 (Post Office Protocol): POP3 mail connects and attempts to keep the mail located on the local device (computer or mobile).
  • IMAP (Internet Message Access Protocol): IMAP messages do not remain on the local device (computer, mobile etc), it remains on the server.

I'm not taking sides @Ripperoo2018 , but regarding IMAP, AFAIK it is possible for the mail server to NOT store sent mail.

I have Thunderbird on my main PC set to store a copy of sent mail in a local folder instead of the servers 'Sent' folder, it doesn't show when using other clients, e.g. on my phone, but the opposite is true if I send from my phone.

I can't remember the possibilities with POP3 as I haven't used it for years.

Ripperoo2018
Dabbler
Posts: 16
Thanks: 2
Registered: ‎10-04-2018

Re: Email Server Hacked.....Again?

Yeah, OK.

Haven't used IMAP myself before and found that decription elsewhere, but I suppose it could be down to individual email client settings?

 

 

Ripperoo2018
Dabbler
Posts: 16
Thanks: 2
Registered: ‎10-04-2018

Re: Email Server Hacked.....Again?

Did you get those headers?