Spam to plusnet-specific Email address.
I'm seeing spam to email addresses harvested from Plusnet - in the 2007 hack. I'm also seeing spam to other emails that have over the last few years have received spam.
There are a lot of other email addresses including actual mailboxes on Plusnet that have received no spam whatsoever in spite of them being used.
So while I've seen a lot of these test messages, nothing I've seen points to a fresh leak on Plusnet.
There are a lot of other email addresses including actual mailboxes on Plusnet that have received no spam whatsoever in spite of them being used.
So while I've seen a lot of these test messages, nothing I've seen points to a fresh leak on Plusnet.
Quote from: DomS Do any of the customers affected access their emails on a mobile device ? I.e. iPhone / Android device / Windows Phone ?
Are you suggesting that Plusnet's lack of SSL encryption on their email platform could allow customers email addresses to be sent as plain text over wireless networks and potentially harvested when using a public WiFi hotspot when accessed via a mobile device?.
Perhaps someone should start a new topic about that (AGAIN !).
To answer your question, no I have NEVER accessed the affected mailbox using a mobile device, AND in my case the mailbox in question is hosted on a secure email platform WITH SSL encryption and is NOT controlled in any way by Plusnet - other than my Plusnet account has the mailbox listed as my primary Plusnet contact email address.
Quote from: purleigh To answer your question, no I have NEVER accessed the affected mailbox using a mobile device,
I see your point on the previous rant
One more possibility to tick off on the compromised application theory then
I'm glad you took that the right way ! 
In addition to the insecure mobile theory, can also categorically say that my mailbox has never been accessed using any device with an insecure or vulnerable Operating System such as Microsoft Windows !.
In addition to the insecure mobile theory, can also categorically say that my mailbox has never been accessed using any device with an insecure or vulnerable Operating System such as Microsoft Windows !.
Quote from: purleigh To answer your question, no I have NEVER accessed the affected mailbox using a mobile device, AND in my case the mailbox in question is hosted on a secure email platform WITH SSL encryption and is NOT controlled in any way by Plusnet - other than my Plusnet account has the mailbox listed as my primary Plusnet contact email address.
I've got an idea of a possible source of the 'leak', can you check the headers of the messages you receive FROM Plusnet to your PN specific address and see if they pass through their spam filters?
My idea is that cloudfront (or whoever is doing the spam-scanning for PN these days) has had the breach and is keeping lists of the addresses that it sees pass through their devices and they've not a) noticed or b) notified their clients or c) have notified their clients under a NDA.
Just a wild theory, that may or may not be eluded to on the presence of cloudfront's headers in PN's outgoing mails.
@'avatastic' - Thanks for another theory for consideration
Firstly on my Plusnet email settings I have SPAM filtering disabled, as I prefer to do it myself and I don't like the idea of -
[quote=Member Centre / My Account / Manage My Mail / Spam]With spam filtering turned on, emails sent from mailservers with a bad SenderBase reputation will be rejected and bounced back to the sender. Emails that pass this first check are scanned and given a spam rating. What happens then depends on the settings which follow.
Looking at the received headers (from Plusnet billing emails) for the affected email address (hosted elsewhere with an independently registered domain), I can see no trace of any filtering results being added before the message was received at my email hosting provider.
However this now gets a little more complicated !
Looking at the email headers, what actually happens to billing emails, is that two copies of the emails are sent -
Unfortunately this means that both emails contain the other target emails address - so there is a potential vulnerability there !.
Looking at the other copy of the same Plusnet billing emails sent to the <username@username.plus.net> mailbox, there is nothing obvious that looks (to me) like Cloudfront, but there are these lines -
The other thing that I have noticed, is that despite receiving two copies of billing emails to different mailboxes, that I am only receiving these SPAM emails to my independent email address named in my Plusnet account, but NOT to the default Plusnet email address !.
Since I last posted in this topic I have received another SPAM email to my named email address -
So the fact remains, that those of us reporting this problem, we are receiving SPAM messages only to the email address specified in our Plusnet account settings, to unique email address mailboxes on differing email hosts, that have been specifically set up to only be used to receive Plusnet billing messages.
If someone has hacked or leaked our account settings to get these very specific email addresses, then what else has been stolen ?
Does someone now have our home addresses, phone numbers, credit card details, account passwords ?
Why has Plusnet not made a statement about this ?
There may be major security implications for all customers if our details have been stolen.
This was reported three days ago, and nothing seems to have been done other than Bob looking at some headers two days ago.
Is anyone working on this NOW ?
Firstly on my Plusnet email settings I have SPAM filtering disabled, as I prefer to do it myself and I don't like the idea of -
[quote=Member Centre / My Account / Manage My Mail / Spam]With spam filtering turned on, emails sent from mailservers with a bad SenderBase reputation will be rejected and bounced back to the sender. Emails that pass this first check are scanned and given a spam rating. What happens then depends on the settings which follow.
Looking at the received headers (from Plusnet billing emails) for the affected email address (hosted elsewhere with an independently registered domain), I can see no trace of any filtering results being added before the message was received at my email hosting provider.
However this now gets a little more complicated !
Looking at the email headers, what actually happens to billing emails, is that two copies of the emails are sent -
- The email is actually sent "To:" the Plusnet account's default email address - i.e. <username@username.plus.net>
- and also by "Cc:" so a copy is sent to the specified email address held on the account
Unfortunately this means that both emails contain the other target emails address - so there is a potential vulnerability there !.
Looking at the other copy of the same Plusnet billing emails sent to the <username@username.plus.net> mailbox, there is nothing obvious that looks (to me) like Cloudfront, but there are these lines -
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.1 cv=O8i3vXNW c=1 sm=1 tr=0
a=WPTklmkeA0lf4ztKFIiyww==:117 a=0Bzu9jTXAAAA:8 a=7HIFeAphMSMA:10
a=mrHjP8x4AAAA:8 a=lwZ3Ad6_j2Gb7XwZnmMA:9 a=PWqJf_0N3X8Ey6Cz:21
a=oZAOq0xajU3HTwh8:21 a=pn7XOFuvdOUA:10
X-PN-Virus-Filtered: by PlusNet MXCore (v5.00)
The other thing that I have noticed, is that despite receiving two copies of billing emails to different mailboxes, that I am only receiving these SPAM emails to my independent email address named in my Plusnet account, but NOT to the default Plusnet email address !.
Since I last posted in this topic I have received another SPAM email to my named email address -
Quote Subject: 20/20 Vision Can Be Yours. Learn More - News
From: "ClinicCompare News" <news@liveuknews.co.uk>
So the fact remains, that those of us reporting this problem, we are receiving SPAM messages only to the email address specified in our Plusnet account settings, to unique email address mailboxes on differing email hosts, that have been specifically set up to only be used to receive Plusnet billing messages.
If someone has hacked or leaked our account settings to get these very specific email addresses, then what else has been stolen ?
Does someone now have our home addresses, phone numbers, credit card details, account passwords ?
Why has Plusnet not made a statement about this ?
There may be major security implications for all customers if our details have been stolen.
This was reported three days ago, and nothing seems to have been done other than Bob looking at some headers two days ago.
Is anyone working on this NOW ?
This isn't the only thread that wasn't picked up either 
I got that too
Quote From: "EcoExperts News" <news@liveuknews.co.uk>
Subject: 50% cut from your energy bills - news