Crucial email details hacked

Niall · Apr 06, 2011, 23:17:27

On April 4, we were informed by Epsilon, a company we use to send emails to our customers, that files containing the names and/or email addresses of some Crucial customers were accessed by unauthorized entry into their computer system.
We have been assured by Epsilon that the only information that may have been obtained was your name and/or email address. No other personally identifiable information that you have supplied to Crucial was at risk because such data is not contained in Epsilon's email system.
For your security, we encourage you to be aware of common email scams that ask for personal or sensitive information. We will not send you emails asking for your credit card number, social security number or other personally identifiable information. If ever asked for this information, you can be confident it is not from Crucial.
For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails and remain cautious when opening links or attachments from unknown third parties. Our service provider has reported this incident to the appropriate authorities.
We regret this has taken place and for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.

I just received the above email. Well, earlier today, I've only just read my emails.

Lance · Apr 06, 2011, 23:40:10

I think this has already been posted somewhere on here. I've hada similar email re the same breach from Hilton Hhonors.

Simon · Apr 06, 2011, 23:46:15

Isn't it similar to the one from Play the other day?

Lance · Apr 06, 2011, 23:53:10

Different company I think.

Lance · Apr 06, 2011, 23:55:00

Found it in natter:

http://www.idnetters.co.uk/forums/index.php/topic,25358.0/wap2?nowap

JB · Apr 07, 2011, 09:13:44

Yet another reason to use a throw away Gmail/Hotmail address for any on-line ordering.

Rik · Apr 07, 2011, 09:48:54

It's affecting M&S too.

Niall · Apr 07, 2011, 14:00:50

Quote from: 6jb on Apr 07, 2011, 09:13:44
Yet another reason to use a throw away Gmail/Hotmail address for any on-line ordering.

Why's that? It's not hotmail that were hacked. It was the companies providing supposedly secure email for businesses that were hacked.

JB · Apr 07, 2011, 21:28:21

Quote from: Rik on Apr 07, 2011, 09:48:54
It's affecting M&S too.

Yes it does seem to be Rik.

Gary · Apr 08, 2011, 12:04:01

Quote from: Niall on Apr 07, 2011, 14:00:50
Why's that? It's not hotmail that were hacked. It was the companies providing supposedly secure email for businesses that were hacked.

Because if you use a throw away email, or an alias email if the company gets hacked it does not matter that the email address may be lost, better than your own domain one getting got, or your personal email you use for friends etc.

Niall · Apr 09, 2011, 16:00:04

Just noticed that I misread your post

wdforte · Apr 09, 2011, 21:24:29

Quote from: 6jb on Apr 07, 2011, 09:13:44
Yet another reason to use a throw away Gmail/Hotmail address for any on-line ordering.

Quite wrong. Nothing to do with Gmail or Hotmail. In fact, in my case, Gmail has been absolutely fantastic! Wouldn't do without it, their spam filter is outstanding.

Never had a moments problem ordering on line over the past five years.

Brilliant!

JB · Apr 10, 2011, 17:28:26

Quote from: wdforte on Apr 09, 2011, 21:24:29
Quite wrong. Nothing to do with Gmail or Hotmail.

That was not the point of my posting. I agree that Gmail accounts are very good. Our family use them a lot and yes, the spam filtering is very good indeed.

My point is, that if a company releases your email address into the wild by mistake it will likely be harvested by spammers. If that occurs I would be happier that it was a Gmail or Hotmail account, which can easily be replaced. If this occurs with one of my personal domains I personally regard it as much more serious. If I have gone to the trouble of buying a chosen domain name and run a mail server for it, the last thing I want is it to be flooded by spam.

I thought Gary explained it quite well above.

Steve · Apr 10, 2011, 17:38:00

I quite like the 'throw away' aliases I use with mobile me, create one for car insurance quotations and then just bin it once the job is done. I think it's impossible no matter what anyone says to avoid spam in these situations otherwise how else can you get the quotes.

wdforte · Apr 10, 2011, 18:54:25

Quote from: 6jb on Apr 10, 2011, 17:28:26
That was not the point of my posting. I agree that Gmail accounts are very good. Our family use them a lot and yes, the spam filtering is very good indeed.

My point is, that if a company releases your email address into the wild by mistake it will likely be harvested by spammers. If that occurs I would be happier that it was a Gmail or Hotmail account, which can easily be replaced. If this occurs with one of my personal domains I personally regard it as much more serious. If I have gone to the trouble of buying a chosen domain name and run a mail server for it, the last thing I want is it to be flooded by spam.

I thought Gary explained it quite well above.

Apologies, I misread your post

JB · Apr 10, 2011, 20:12:11

Quote from: wdforte on Apr 10, 2011, 18:54:25
Apologies, I misread your post

No worries

Technical Ben · Apr 11, 2011, 08:58:53

By "hacked" do they mean someone "replied to address book" by mistake?

I've got all my friends email addresses even though I never asked for them. It takes one person to accidentally forward/send an email with everyone's addresses in the header, and you've got the lot.

JB · Apr 11, 2011, 12:37:15

Quote from: Technical Ben on Apr 11, 2011, 08:58:53It takes one person to accidentally forward/send an email with everyone's addresses in the header, and you've got the lot.

Ouch!

Simon · Apr 11, 2011, 12:41:25

Yes, I've received emails like that, and have had stern words with the sender.

Rik · Apr 11, 2011, 14:18:31

Leave Kate out of this.

Niall · Apr 11, 2011, 16:49:35

Quote from: Technical Ben on Apr 11, 2011, 08:58:53
By "hacked" do they mean someone "replied to address book" by mistake?

I've got all my friends email addresses even though I never asked for them. It takes one person to accidentally forward/send an email with everyone's addresses in the header, and you've got the lot.

Yep, namely my mum

She gets emails from her mates and forwards them to me. By the time she's had them there are already about 19 email addresses in the header. I've even noticed some have my old address from my old website that hasn't existed for over 2 years. So somewhere, my old email address is on someone's list that I've never met and don't know, who are mass emailing people jokes, etc. To make matters worse, my current email address is too, which is why I've never emailed her anything from my idnet account

Technical Ben · Apr 11, 2011, 17:26:06

Personally I think MS, Firefox, AOL and all the major (read programs people actually use) should legally, or morally be obliged to remove that feature from emails.
Could the likes of IDNet and BT enforce it on mail too? IE strip out the headers from emails and keep senders details only? I am sure these people are breaking data protection. Not that I want to send my friends and family down the river without a paddle, but that this is getting quite a dangerous thing to do. Especially with all the scams going around.
They may as well be putting up letters on the lamp posts with your name and address and personal details on. (For example see the "oops I pressed entire address book" email conversations about private matters!

)

Niall · Apr 11, 2011, 19:12:18

In work, if you forward an email and it's just someone else sending it to you incorrectly, and you forget to add the correct flags to allow/block it through the system, you get the cr*p for it, even if all you have done is forward the misdirected email. It's extremely strict with things like that in the DWP.

Simon · Apr 11, 2011, 22:30:01

Quote from: Rik on Apr 11, 2011, 14:18:31
Leave Kate out of this.

Technical Ben · Apr 12, 2011, 08:30:52

Does your work use a Microsoft outlook mail server of some sort Niall? When my work did. We could "recall" emails. As it was on our own server, and MS added a button for it, you could delete an email even after sending it, as long as it was not read.
This with a "read receipt" meant you also knew if anyone had already read it (although the receipt could be stopped by clicking "don't send reply receipt from the reader, so not 100% fool proof).