Quote

swoofe.ru 149.154.68.194 webmaster mg-spb.ru Mar 14, 2016 1:04:01 AM nschwmtas03p.mx.bigpond.com 61.9.189.143 grimreepa bigpond.com Feb 5, 2016 11:59:11 AM mail-am1hn0245.outbound.protection.outlook.com 157.56.112.245 Thorstein.Olafsson omega.no Feb 3, 2016 4:37:16 PM

I just received a pair of 'test' messages, with the same content as the initial ones a month ago. This time from a Mali IP address.

If Plusnet are ignoring this, hoping it will go away, it ain't working.

---

@Anotherone wrote:
And still no comment from Plusnet!

---

And that's after a couple of PMs to one of the management team.

Sadly after the pasting @bobpullen got last time he tried to be up front and honest about matters such as this, I'm not surprised (even though it saddens me) that there is no response here from the front line team.  Sadly I suspect that PN towers is being run by the BT legal lads these days, rather than honest engineers of days long time past.

I received a repeat of the initial messages again, on 24/04/16.

So I have submitted a question to Plusnet.

What's the betting the first response is a link to spam advice, instead of an actual answer to my question...

I had a 24 minute online chat about this today.

info: You are now chatting with C.
C:
Good afternoon, I'm C. How can I help?

Me: Hi C
C:
Hi J.

Me: I have a problem that I have posted on the community forum at https://community.plus.net/t5/Email/Potential-email-address-leak/m-p/1329269
C:
Okay.

Me: Do you want to look at the forum or for me to repeat stuff here?
C:
I'm just having a look at the post myself.

C:
What mailboxes are the messages received by, are they targeted at random addresses?

C:
If you have 'catch all' enabled on your account then this might indicate the cause of the problem.

C:
I am aware of this issue and have previously discussed the issue with security and data protection officers but we haven't found any evidence of a genuine leak of information.

Me: I will disregard your first two responses as they are meaningless in the light of my posting. The targeted mailboxes were only ever together within Plusnet and are the only mailboxes being targeted. The latter is evidence that they were harvested together and the former is the only place they could have been harvested. This supports the only possible conclusion that they were leaked from data held by Plusnet.
C:
The Plusnet User Group service is in fact operated by a third party and not as part of Plusnet. So this is not indication of a security breach within Plusnet's organisation.

Me: Can you explain any other connection between the usergroup email address data and the status email address data?
C:
I don't unfortunately have any more information on this specific problem. My advice at this stage is to enable the 'catch all' and if you are receiving spam mail to use our spam filter.

Me: I already have catchall enabled but, as I am careful with my email addresses, I receive approximately 7 spam emails per week (plus the two I have received due to this problem). I therefore do not need a third party spam filter. Thanks for your suggestion, but it does not have any bearing on determining the cause or source of the leaked data.
C:
Okay, then at this stage I would advise to wait a further response in regards to this issue on the community forum page.

Me: Does that mean that Plusnet will be continuing to investigate?
C:
We will work closely with those who moderate the user group, user tools and community forum to investigate the issue and provide an appropriate investigation and response.

Me: Thanks C, I will post further responses to the forum.
C:
No problem. Is there anything further that I might be able to help you with?

Me: No, thanks.
C:
It's been great chatting to you today. I really appreciate your time and would love to hear any feedback that you might have.

Please click this link to close the chat and answer a few questions about the experience you have had with me today.

Don't forget to subscribe to <a href="www.youtube.com/user/plusnethelp target=" _blank="">Plusnet Help on YouTube for further help and support.

Enjoy the rest of your day!

The info I gleaned from that was that somewhere, sometime, usergroup email address data and Plusnet service status email addresses existed together in the same place and that was the point of vulnerability..

PS. The only changes I made to the above chat were the names and my typos (to make it easier to read).

OK so from the above, a simple question: in who's domain / control / environment is the pug service hosted?

The chat agent's response does not seek to deny that these emai addresses have been leaked, only denial is that anything has been leaked from PlusNET controlled services.  That being the case, the implication in the response is that PlusNET has no breach case to answer.

So now that the forums are hosted by a third party, holding customer email addresses provided by PlusNET, who assumes responsibility for the security of that data?  PlusNET who acquired the data or lithium into whose hands it has been entrusted.

it seems to me that on each of the recent occasions where an email address used exclusively in association with a user's PlusNET account ir associated servuce has escaped into the wild, a third party has been involved.  What is it going to take for PlusNET to realise that the only way they can properly control access to client information is to keep it and the systems which use it in house behind their own security systems?

I wonder how long before the exclusive email address I setup for my forum identity (prior to this data being passed to lithium) escapes into the wild?

If you want to protect the integrity of your primary email address, make sure that's not the email address used on this forum.

PlusNET users can have email addresses in the form of anything1@username.plus.com.

If you have catch-all switched on, they will arrive in your default mailbox, if you prefer to have catch-all switched off, make anything1 an alias of the mailbox you want to receive those emails.