Firstly, apologies for the apparent silence on this matter.
Rest assured that we have been investigating, so sorry not to have kept you guys informed. It's not helped that I've not been around this past week.
We've conducted a thorough investigation into these reports and at no point has there been any evidence uncovered that any of our core systems or networks, including our subscriber and billing databases, have been compromised.
In response to some of the discussion whilst I've been away:
| Quote from: aich |
I can't see any other obvious way for the address to have been obtained other than by hacking Plusnet systems or a rouge employee.
|
There are plenty of ways data can be obtained without systems being hacked or the nefarious actions of an employee.
| Quote from: avatastic |
| My idea is that cloudfront (or whoever is doing the spam-scanning for PN these days) has had the breach and is keeping lists of the addresses that it sees pass through their devices and they've not a) noticed or b) notified their clients or c) have notified their clients under a NDA. |
We're confident that's not the case.
| Quote from: aich |
However one sent on 17/07/14 about changes to phone packages comes from "mx1.bt-plusnet.trclient.com"
Googling "trclient.com" doesn't fill me with a lot of confidence about them especially when following a link to them causes Firefox to throw a wobbly about the sites security certificate! |
These emails (and other one-off/targeted mail sends) are often sent with the assistance of third parties/marketing partners as per the details in our
privacy policy.
I am interested to know if everyone affected received this email though and if they did, on what date? The emails should also have a reference number on them somewhere. Fairly sure the price increase emails went to well over half our active broadband base (including me and a number of my referrals) and I can categorically state that many of them have not received the emails you guys have.
| Quote from: poshrat |
So from the two identical format responses I'm pretty sure we can assume that
E-Markets Labs are the source for cardnews and liveuknews.
Maybe PlusNet should could ask E-Market where they got the email addresses from? |
I doubt that would help. It's fairly obvious from the WHOIS data and SPF records of the sender domains are simply being registered for the purpose of spamming. I see similar stuff in my mail rejection logs (that's been happening for some time though). From personal experience (and as others have found), there's little point in pursuing the registrars either because the damage is often done before they get round to suspending the domain.
| Quote from: purleigh |
Conclusion, either our our Plusnet billing accounts (but not the email platform) have been hacked, or Plusnet (or an employee) has given/sold our Plusnet account email addresses to someone who is now using that information to send out SPAM messages. In either case, what other personal information has been leaked ?
|
Not necessarily, and as mentioned right up there ^^^ an audit returns no evidence of any of our integral systems being compromised.
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
