Avoidance of the leaked email addresses issue
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Feedback
- :
- Plusnet Feedback
- :
- Re: Avoidance of the leaked email addresses issue
Avoidance of the leaked email addresses issue
11-03-2015 2:12 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Plusnet, you have in some way allowed unique email addresses of many of your customers to be leaked to a spmmer. This is practically irrefutable; there is far too much evidence that the leaked data can only have come from you.
Now, my private email account that I have paid for for almost as long as the Internet has been here, and which has NEVER had spam to the base domain address, is receiving the same, easily identifyable spam we have been receiving to our unique addresses known only to you. This means that the spammer is now moving further than just using the exact email addresses that were compromised, and it is only a mater of time until such things as dictionary attacks begin and render my email account unusable.
The amount of work I will have to do to contact everyone who has my contact details on that domain will take me many days to do, and I doubt I will even get to most of them.
You, Plusnet, had been far too silent on this issue and tried to brush it under the carpet.
You have allowed our data to get into the hands of spammers, and this is going to cost at least me, and I guess many others, a lot of time and money to correct.
What are you going to do about this?
Re: Avoidance of the leaked email addresses issue
12-03-2015 8:18 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Personally I would like to hear that PlusNet will stop using all third parties for service delivery which involves the release of personal data, including email addresses. PlusNet are not alone in this respect - far too many organisations farm out their email marketing activity rather than keeping such activities in house. Running in-house marketing email services is not that difficult - I do not understand why such activities are farmed out... especially with the marked risk of third party data leakage.
In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.
Re: Avoidance of the leaked email addresses issue
12-03-2015 8:30 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Avoidance of the leaked email addresses issue
13-03-2015 3:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
There is far more PN can do - it can come clean, admit to its userbase as a whole there has been a problem (whether or not PN claims it cannot find out how it happened) and offer compensation to those of us who have been severely inconvenienced and will be put to expense because of this leak.
@Empirical, thank you for the question. It shows exactly how this issue has been kept quiet by PN by keeping the thread away from feedback and in the email problems section, where people wouldn't go unless they had, well, an email problem I guess.
It certainly shows that they have not done as was suggested and requested by us, asking their userbase as a whole if they were receiving the particular spam. It would have helped them greatly in determining where the leak was to know how widespread it was. That assumes they don't already know, of course, and that the supposed investigation PN did was actually an investigation and not a cover up.
The spam (which is unusual in format and easily recognisable from others) is going to unique addresses that many of us have made up entirely for PN's billing system, and are used nowehere else. It is not PN-supplied addresses, but our own, private addresses that we gave to PN that have been leaked.
We are all similar in this. My own address is one that has never, ever been given to anyone other than PN, does not even exists on my PC as a sendable address (so no leak from me is possible) and is received only by a catch-all email account that I pay for.
The whole point of doing this, and I have done it for years, is that if I get an email sent to me using a particular address, I know for a fact that it has come from the company I ghave that unique address to. Or, they have given it to someone else.
Have a read through the thread here if you are interested. Even the media got involved at one point - they might again if things don't improve on PN's side soon.
http://community.plus.net/forum/index.php/topic,133959.0.html
Re: Avoidance of the leaked email addresses issue
13-03-2015 4:15 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Not surprisingly, it was a complete waste of ten minutes.
The agent I spoke with claims they know nothing about this issue (utter rubbish), denied that there could have been any leak of information (even PN has not said that, in case it gets caught out) and suggested I raise a ticket. Which, of course, I had already done and got nowhere.
You are leaving my with little alternative here PN, I won't let this matter just go away and foot the bills and wasted time myself.
I have used this email system, for about twenty years, and in all that time had hardly any spam to it because of the system I implemented. Now, I am receving more spam than genuine emails, thanks to PN.
"Good honest bradband from Yorkshire" - yeah, right!
Re: Avoidance of the leaked email addresses issue
13-03-2015 5:24 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: LordFox You are leaving my with little alternative here PN, I won't let this matter just go away and foot the bills and wasted time myself.
What bills and what waste of time? Seems that all you want is a fight.
I do understand your frustration, but surely the simple solution is to replace the existing unique email address you have for PlusNet and "blackhole" the old one. Five minutes work and the problem is gone - no bills (?) and no more wasted time.
Do not get me wrong, I am not defending PlusNet for what has happened, but it has happened and cannot be undone. There is nothing PlusNet can do over the consequential flood of SPAM - that is for you to manage, in the same way we had to after the 2007 webmail server hack which stole numerous email addresses used with webmail.
Assign new email addresses, blackhole the old ones, move on and enjoy life. The people I really feel for are those who have given every contact the same email address. They do not have the means that you have to manage the problem.
In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.
Re: Avoidance of the leaked email addresses issue
13-03-2015 8:58 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It is pointless to blackhole the original address (it is already filtered off so I can keep a record of the spam).
An address I have used, as my main means of communication (I have autism) for twenty years, and which I have kept almost free of spam, is now receiving quantities of spam to the base address. I repeat, not just the address given to PN but now to the address I receive as the catch-all address.
The spam is exactly the same as that also sent (duplicated in fact) to the PN address - it is from the same source and thus is of the same cause.
I have never used an antispam service due to the chance of losing legitimate emails, which happened the only time I tried such a service out. I have never needed such a service before, however now, thanks to PN, my account is receiving more than double the amount of spam I have seen in all the twenty years that I have used the addresses.
Everyone I have communicated with in all that time has a unique email address on my system.
Do you have any idea of the length of time it will take to try to contact all of them, generate new addresses on a new domain (since this one is likely to succumb to spam sooner or later now) and the cost of my time to do so? And the cost of finding another such servivce; I do not think even Clara offer it any more and keep mine active only as a customer service.
Why do you take it on yourself to say there is nothing that PN can do? There is a lot they can do, but they won't unless they are made to, it seems. People jumping in and saying there is nothing more they can do can only hurt those of us who say they should. Why do that?
I certainly do not want a fight; with autism, I find I am really quite poorly equipped to deal with such matters. I refuse to allow that to stop me trying to get what is only right though and have found means to do so before.
If you do not feel that it is a problem to you, please do not apply whatever reasoning brings you to that conclusion to me. We are clearly not in the same situaton.
Re: Avoidance of the leaked email addresses issue
13-03-2015 9:58 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
What relationship is there between the PlusNet email address used for billing and the the "base address"? Do you mean that you used plusnet@yourdomain.co.uk as your PlusNet billing address AND another-address@yourdomain.co.uk is now receiving spam too?
Is this a catch all email box?
Did you by chance click the UNSUBSCRIBE link on an earlier email?
Is this spam to the "base address" all to a single "name" or multiple "names"?
If none of your specific names are receiving spam then you only need to sort out the catchall mailbox.
If this does not help you, then please do spell out in simple words what you believe ought to be done by PlusNet to fix your CURRENT issue - may be you know more about how email works than do the members of this forum - you might have something to teach us.
In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.
Re: Avoidance of the leaked email addresses issue
13-03-2015 11:12 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have used my autism as an excuse for nothing - do not put your misinterpretations on me. As to wanting the world to revolve around me - I want compensation for a comapny losing control of my personal information, in breech most likely of the data protection act, and the problems it is now causing me. How is that "wanting the world to revolve around me"?
Please leave such personal, and incorrect, assumptions about me out of this; they are not relevent nor welcome.
Have you read the post I made in the main thread on this matter?
I use an address in the form plusnet12345@myaccountname.clara.co.uk. That is what was leaked and originally was the only address receiving the spam.
Duplicates of the spam are now being sent addressed directly to the catch-all address, myaccountname@clara.co.uk. This is what has changed, as I have now repeated several times. That catch-all address has never, ever been used except twice a year by Clara themselves for billing purposes.
Do you understand now?
Re: Avoidance of the leaked email addresses issue
13-03-2015 11:52 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Avoidance of the leaked email addresses issue
14-03-2015 12:28 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It means someone is actually leverging the information in the database they have rather than simply using a list. It raises the issue that they will likely make more attacks now, based on the original address, where previously the spam has been restricted to only the leaked address. The spammers do not know or care that the thousands of addresses they could generate from it will all go to one person.
That is my concern. I can cope with one address being taken out by this; it's not the first time a company has leaked an address I have given them. This is the first time spam has subseqnetly come directly to the base address. If a larger scale bombardment now happens against my account, it will cause problems.
It is still an "if" of course, unfortunately so far, the "ifs" have happened.
Re: Avoidance of the leaked email addresses issue
14-03-2015 12:47 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Avoidance of the leaked email addresses issue
14-03-2015 3:13 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Interestingly (maybe) is that the ones going to the base address are addressed to myaccountname @claranet.com - I do not use that domain, I use myaccountname @clara.co.uk. Higher up of course is envelope-to myaccountname @clara.co.uk since that is what I receive as the catch-all address.
So they haven't just sent (or BCC'd) to the base address they would get from the leaked address (clara.co.uk). Not sure how they have come up with claranet.com. It does work, but originally it was clara.co.uk and that is what I've always used. I can get nslookups to give my mail server IP addresses followed by looking up the domain names to give me clara.net, but not claranet.com. Huh!
I don't claim to know much about reading email headers unfortunately (depsite certain patronizing remarks somewhere above).
What I do know is that this is the very same spam, from the very same source that was provided with our data from PN, now sending me duplicates to the (or at least one) base address.
Re: Avoidance of the leaked email addresses issue
14-03-2015 1:41 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Firstly as I've taken a quick look through the email sub-forum and nothing leapt out at me about a leak. Maybe a link to the specific thread would be useful here?
Secondly; I'm still getting very little spam on the account that PN use for billing notifications etc.
Re: Avoidance of the leaked email addresses issue
14-03-2015 1:42 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Feedback
- :
- Plusnet Feedback
- :
- Re: Avoidance of the leaked email addresses issue