Quote from: deadkenny

Quote To stop all future communications from this sender, please go [link here] You may also write to us at 237 S Delsea Drive #302 Vineland, NJ 08360

Yes, I'm getting spam with this at the end too.
The email I'm getting it sent to is plusnet@mypersonaldomain.com.
Guess how I know I've never given it to anyone other than PN?
They need to take their fingers out of their ears and stop singing 'lalalalala'

Just found this thread via The Register.....  Add me to the list as I have also been hearing from Maria Medium, Dyson testing etc etc.  This started about two weeks ago.  I use my own domain hosted at 1&1 for general Plusnet billing purposes, in case this has any relevance to other affected users, but a different address for this forum which is not affected.

It does not seem to matter where the domain is hosted; there's no common link there.
As to it being probably the result of a dictionary attack on our domains (what, all of these different domains at the same time?) like some people on The Register's comments are saying, what a load of rubbish. If it was, I would have had all the other words in the dictionary in my inbox. Some people just have no clue.

Just to clear up some misunderstanding of my previous (badly worded with hindsight) comment "all the hallmarks of 2007" ... I was primarily meaning that it wasn't just a random or trivial event as was sort of being implied but rather the acquisition of a substantial amount of customer data and also referring to the way that it's currently being (mis)used, i.e. carefully and perhaps more testing the water to establish quality of data rather than simply generating a full-on deluge of complete rubbish. Abuse tends to be somewhat different if the data is almost guaranteed current and likely to be 'live' data rather than of dubious, old or unknown quality and/or previously (ab)used. The deluge will no doubt come (much) later needless to say. I certainly did NOT mean to imply that there is any similarity in the way the data was obtained (i.e. webmail hack) because that possibility had already been clearly ruled out. I've no evidence to suggest otherwise or indeed any particular reason to doubt that the webmail platform is currently secure despite having never used it and not being likely to ever do so. Apologies for the confusion but I also made no secret about where I rather suspect the problem is/was in any case ...
I've been going through some historic stuff and I'm interested in users' spam receiving status in relation to some specific dates. I therefore feel a poll coming on as that should hopefully mean it's a tad easier to spot any relevant link but it will obviously need to be in a separate thread. It may or may not reveal something of possible relevance and all that.

@ BobP  You simply must have been naughty beyond belief in some previous life to keep on drawing these short straws !
Sorry in advance and all that but whilst I'm not going to waste vast amounts of time on this as the damage is already done and cannot be undone, I'm not just going to give up either. There clearly has been a leak and the source needs to be found. Without knowing exactly what's happened, where and when, PN simply cannot know how much data has been released, what data has been released or be even remotely confident that it cannot happen again. And again. And again.

Add another one receiving the same garbage to the list. In my case its my parents plusnet billing address, only ever used for that purpose (and NOT the forum) and hosted on my server. It slightly took me aback because the first one came on 13 Nov, just a few days after requesting cancellation for the account on 6 Nov and changing the billing address to my own address in case there were any final queries. My own PN billing address hasn't had the same thing.
For reference, the account in question was signed up in Jan 2009 and the email address did not exist prior to that. There have been a total of 33 spam mails, the last 6 received on 29 Nov.
I had thought PN had got past this sort of shenanigans, but given past form I'm not really all that surprised. I am disappointed though that the same old deny-the-obvious-till-you're-blue-in-the-face routine still persists, because its never really worked out well in the past has it?
As others have said, the spam's not really the problem, the implications of what else may have been got at are.

I really don't think that anything like sufficient has been said/done to explain and address the possible antipodean connection. Could PN actually have found anywhere further from the UK and with less demanding DPA-style regulation to send our personal data purely for stupid and totally unnecessary routine marketing purposes  
I suspect the answer is probably "yes" mind you but that's not really the point. The point is I have other much more relevant questions that are in need of some answers.

Questions for PN:
( 1 ) Why Australia and what controls did PN actually place on the Company in order to ensure security of our personal data in accordance with UK DPA requirements given the substantially different situation in Australia at the time ?
( 2 ) Have PN confirmed beyond any doubt whatsoever that any controls were indeed followed to the letter as was (presumably) contractually required and that no possible breach involving the PN supplied customer data has ever occurred ?
( 3 ) What role did BT play in the selection and/or use of this specific Company and in the handling of personal data involved in particular ?
( 4 ) Can PN confirm whether the personal data was (or was not) sent appropriately encrypted and/or by an alternative fully secure method ?
( 5 ) Over what precise timeframe was this Company actually used to send marketing e-mails to existing customers ?
( 6 ) Do PN still have an on-going business relationship with the Company that involves the use of our personal data ?
( 7 ) Do the Company still have access to any of our personal data ?
( 8 ) How do I expressly forbid PN to share my personal data with random 3rd parties (other than as may be required by a Court of Law) for purposes NOT directly related to the service(s) actually being provided ?


Some info and questions for users with archived e-mail data:  
My archives show that PN apparently made use of Traction Digital to send out marketing e-mails between October 2012 and August 2013. Prior to October 2012, PN used their own in-house systems. Since August 2013 no similar PN marketing e-mails have been received. BT also used the same company in the same time frame for similar purposes and appear to still be using them in 2014. All these marketing e-mails were sent solely to the primary e-mail address on my primary A/C and not to the additional default address as was the case with all previous in-house marketing e-mails or to any of my other A/Cs. Some (but not all) of these e-mails also included my full name in addition to the associated e-mail address. The e-mail data is also openly stored on Akamai servers and is still available today anything up to 2 years later. It is not only freely accessible on Akamai but Traction Digital still process links to it via their servers/systems in any case.  There are several historic threads on this forum relating to these and similar e-mails. There are subtle differences between the various marketing e-mails I received and not just in terms of content but some typical data follows by way of an example:

Quote

http://epidm.edgesuite.net/BTEM/1012/2058452_BT_Plusnet_EM_build_Q3_12_Emails/EM64/EM64_ExistingCustomers_switchToPlusnet_Q3_12_Alt.html Delivery-date: Tue, 09 Oct 2012 21:07:52 +0100 Received: from [202.43.5.89] (helo=mx1.bt-plusnet.trclient.com) inetnum:        202.43.4.0 - 202.43.7.255 netname:        TRACTION-AU descr:          Traction Digital Pty Ltd descr:          NSW, Australia country:        AU admin-c:        LR329-AP

( 1 ) Can anyone else confirm or possibly modify the time frame during which Traction Digital was actually being used by PN to send marketing e-mails to their A/C ?
( 2 ) Can anyone else confirm whether the recently compromised e-mail address definitely was (or was not) that being used for marketing purposes within (or at least immediately prior to) the time frame during which Traction Digital was being used ?
Please bear in mind that if you have any form of automatic spam filtering enabled, you may not receive all or (if you're very lucky) any of the recently reported spam currently being sent to compromised e-mail addresses.  Seeing no spam in your inbox and concluding that your e-mail address hasn't been compromised is ONLY true if you have no spam filtering or you have positively confirmed that any spammy messages that might have been received haven't been hidden elsewhere or simply deleted. If you have spam filtering and it actually works then you wouldn't expect to receive the spam would you !

DISCLAIMER:  I fully understand that I am personally responsible for the content of this message. It should be noted however that I am not at this stage intending to suggest or even vaguely imply that Traction Digital *ARE* in some way responsible for the problems currently being experienced. I'm merely trying to establish the facts concerning their involvement with BT/PN and investigate any potential link(s) to the current problem that there might possibly be.  Consider it as being a "helping with our enquiries" kinda situation rather than being any kind of allegation never mind a formal accusation and/or charge

Quote from: mikeb

( 2 ) Have PN confirmed beyond any doubt whatsoever that any controls were indeed followed to the letter as was (presumably) contractually required and that no possible breach involving the PN supplied customer data has ever occurred ?

You might also ask if they were ever in the position to properly do so, especially outside European borders. Ditto for some of the other items.
And a vote for the 3rd party opt out from me.

Quote from: Bob

Quote from: Anotherone Have Plusnet, or their legal representatives (whether internal, external or within BT Group) contacted all 3rd Parties used, whether for Marketing, Mailshots or Spam Filtering, past and present - and advised them of a security breach and requested that they check their security and provide feedback? Whilst we do take customers' security seriously, I don't think it's appropriate to reach out to some of the companies you've mentioned e.g. Ironport. Mainly due to the length of time that's elapsed since the solution was used, but also a knowledge of how the platform was built. Whilst we're sometimes dependent on third party anti-spam solutions, that's not to say they're hosted outside the Plusnet network. I believe our security/legal/marketing folk have reached out to certain third parties, I wouldn't expect us to publish an explicit list of these companies any time soon though.

I'm still waiting for an answer to the above question.  Whilst I accept there may little point in contacting companies like Ironport regarding the current security leak when the anti-spam solution was hosted within the Plusnet network, that doesn't I'm afraid detract from a definitive answer with regard to contacting other 3rd parties, especially, but not exclusively, those used for marketing - "believing" is not the same as stating that they definitely have been contacted. Nor do I see any reason why you can't give a list of those companies - it's hardly a secret and there are no commercial in confidence reasons either - such company server details will appear in the mail headers!

Well today I've had an incredibly patronising follow-up to my complaint.  It kindly explains how spammers can obtain addresses and blames a brute force attack.  It suggests setting up an email whitelist !
I always found that a much better alternative was to set up individual addresses for different suppliers so I could identify where the breach was..  oh, whoops, the finger points at PlusNet!
Two other updates:
- My father has also received some of the same spam to his unique PlusNet address (which isn't plusnet@...) so suddenly spamming plusnet@randomdomain.com seems a bit less likely.
- I clicked unsubscribe and haven't had any more spam (unexpected!).
Ian

Quote from: ianjpn

.. so suddenly spamming plusnet@randomdomain.com seems a bit less likely.

Nobody in possession of the facts could seriously have thought that.

Quote from: ianjpn

- I clicked unsubscribe and haven't had any more spam (unexpected!).

It is slightly tempting as they all come from the same place. I've just had another four after a lull of a few days.
P.S. I have only just noticed that every single one of them contains the email address to which it has been sent at the start of the Subject line. I'm sure this must have been mentioned but I didn't see it.

Quote from: ianjpn

Well today I've had an incredibly patronising follow-up to my complaint.  It kindly explains how spammers can obtain addresses and blames a brute force attack.  It suggests setting up an email whitelist !

So, the spammers could have obtained our addresses by a brute-force attack on PN's payment databases...?   
Brute-force attack my you-know-what!
I absolutely hate those canned responses. Of course, there is no problem at PN so there must be some other explanation, despite the fact that it is statistically unfeasible compared the to the statistically almost-certain "PN has leaked".
There is supposed to be some weak equivalent of the USA's "Class Action Law" in the UK. The government would never allow a full version (too many big companies would get prosecuted or sued) but still... Is this what it will take to get some proper action from PN?
PN: Anyone with even half a functioning brain can see that the only link between all our disparate domains and catch-all methods is you, PN. Anything else one might suggest as a simultaneous source of our addresses can easily be discounted by the facts. To try to claim anything other than a leak of our data from PN or its contractors (or owner!) is simply insulting to our intelligence and can only hurt PN's standing. PN cannot hide from this.
It's about time some official (need I say honest and reasonable?) statement was made about all of this, before things get out of hand.

Not gonna lie, very annoyed that my private PlusNet only email I've been using for 3+ years has over the last few weeks started to receive spam email.
But I'm mainly cunnied off that PlusNet seem to be denying it, I consider it an insult on the collective intelligence of everyone else who has only ever given PlusNet their own mailbox to find all sorts of weird and whimsical excuses to explain how the database has not been breached as opposed to an explanation of how it clearly was.  Denial is a river in Egypt folks.
First spam received was on 14/11/2014 18:09 and I've now had several.

Quote from: ianjpn

Well today I've had an incredibly patronising follow-up to my complaint.  It kindly explains how spammers can obtain addresses and blames a brute force attack.  It suggests setting up an email whitelist !

I take it this response was on a ticket   I really can't believe this, not only do Plusnet seem to be trying to pretend this isn't happening, they haven't told their CSC agents either