dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
13649
« HTTP.SYS driverNanny cam »
page: 1 · 2 · 3 · 4 · 5 · next

izy
MVM
join:2000-09-21
endless loop
ProCurve (HP) V1810-24g
SonicWALL TZ215
Ubiquiti UniFi AP-LR

1 edit

izy

MVM

Epsilon Data Breach

Edited the title as it is not only Tivo that is affected

Anyone else get this? Been thinking of cancelling the service, this may make the decision a little easier!

Dear TiVo Customer,

Today we were informed by our email service provider that your email address was exposed due to unauthorized access of their system. Our email service provider deploys emails on our behalf to customers who have opted into email-based communications from us.

We were advised by our email service provider that the information that was obtained was limited to first name and/or email addresses only. Your service and any other personally identifiable information were not at risk and remain secure.

Please note, it is possible you may receive spam email messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties.

We regret this has taken place and apologize for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.

If you have unsubscribed in the past, there is no need to unsubscribe again. Your preferences will remain in place.

Sincerely,
The TiVo Team

veunad
What Does This Do?
Premium Member
join:1999-08-06
Alpharetta, GA

veunad

Premium Member

Re: Tivo Data Breach

Yeah, think it might be related to the Kroger one... because shortly after that was announced, I got one from Tivo, Brookstone, and of course Kroger... So sounds like their third party marketing vendor was breached and each company is announcing as if they were breached... That or something else entirely...

ITICharlie1
Ass Mode
Premium Member
join:2003-01-22
Saint Louis, MO

ITICharlie1 to izy

Premium Member

to izy
I got this too, along with one from US Bank.

Steve
I know your IP address

join:2001-03-10
Tustin, CA

Steve to izy

to izy
The breach occurred at Epsilon, who does mailing for a zillion companies (Tivo, Brookstone, Kroger, USBank, and many more).

Ref: »krebsonsecurity.com/2011 ··· stomers/

izy
MVM
join:2000-09-21
endless loop

izy

MVM

Interesting. Thanks for the link Steve

jack b
Gone Fishing
MVM
join:2000-09-08
Cape Cod

jack b

MVM

Now you can reconsider your TiVo subscription cancellation?
(OT:BTW, a lifetime subscription pays for itself in 2.5 years, then your TiVo is "free")

I received this same email from TiVo, as well as a similar one from Chase and Barclay's Bank. Others are sure to follow.

It's only a matter of time before the next round of phishing lures are cast.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by jack b:

It's only a matter of time before the next round of phishing lures are cast.

That would be one way to abuse the database.
The difference between normal, expected phishmail is that this phishmail will include your name to add credibility.
A PayPal phish using this database would begin with:
Dear your name here
We have detected...
rather than the expected
Dear member
We have detected...
It will snag a few more victims than the typical PayPal phish would if abused in this manner.
Anyone effected be should stay aware of the possibility.

amark
join:2001-02-09
94045

amark to izy

Member

to izy
I guess I can deal with that. Would those only come from Tivo since that account was effected? Would it come from other accounts as well?
Most importantly-are there any other concerns I should know about? Any security issues, etc?
Should I close out that email account? If the only concern is checking TiVo email and spam I guess I could live with that-any thing else I would like to know.
Appreciated, thanks!

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by amark:

Should I close out that email account?

It's always a matter of weighing the risks against the cost of mitigation.
The risk of keeping the account is minimal but it does exist.
What's the cost of replacing the email account?
If the account is deeply embedded in your daily routine, replacing it being a major hassle, I'd say it's not worth the cost of replacing it. Otherwise, I'd say replace it.

jack b
Gone Fishing
MVM
join:2000-09-08
Cape Cod

jack b

MVM

Best method IMO is simply substitute the compromised email with another for that particular vendor, and any "alarm" account warning emails arriving using the "bad" account can simply be discarded.
PX Eliezer704
Premium Member
join:2008-08-09
Hutt River

PX Eliezer704 to izy

Premium Member

to izy
The same breach affected the email vendor for the College Board (the folks who do the SAT tests for high school students, etc).

Can't just blame TiVo---this hit LOTS of companies!!

CCat
We're all quite mad here
MVM
join:2005-12-06
Wonderland

CCat to izy

MVM

to izy
My wife just got one from HSN stating the same thing.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy to izy

Premium Member

to izy
With database abuse becoming a routine event because of the lack of a motivating reason to properly secure them a look at how they are parsed can't hurt.

Extracting items such as email addresses from a database is a snap with online tools such as the one offered at
»www.skymem.com/

Using the text located below at »www.skymem.com/
you can see how it's not just fast & free, it will even parse out duplicate entries etc...

FirstName LastName DateOfBirthEmail     City
SnowyOne 05/02/1970snowyonea@foo.com    NewYork
SnowyOne 08/12/1974snowyone1@foo.com    London
SnowyOne 09/14/1982snowyone2@foo.com    Paris
SnowyOne 12/12/1969snowyone3@foo.com    Rome 
SnowyOne 03/02/1954snowyone4@foo.com    Kailua
SnowyOne 03/06/1970snowyone5@foo.com    NewYork
SnowyOne 03/09/1974snowyone1@foo.com    London
SnowyOne 09/10/1982snowyone2@foo.com    Paris
SnowyOne 12/17/1969snowyone3@foo.com    Rome 
SnowyOne 01/02/1954snowyonea@foo.com    Kailua
 

Results:
The Statistics:6 emails
snowyone1@foo.com
snowyone2@foo.com
snowyone3@foo.com
snowyone4@foo.com
snowyone5@foo.com
snowyonea@foo.com
 

Duplicate List:
Statistics:4 duplicate emails
snowyone1@foo.com
snowyone2@foo.com
snowyone3@foo.com
snowyonea@foo.com
 

This post reply isn't intended as a judgment on the parsing site.
It's intended to show that these databases with
our stuff in them are child play to abuse which
isn't a good mix with lackadaisical attitudes about their security.

Noah Vail
Oh God please no.
Premium Member
join:2004-12-10
SouthAmerica

Noah Vail to Steve

Premium Member

to Steve
said by Steve:

The breach occurred at Epsilon, who does mailing for a zillion companies (Tivo, Brookstone, Kroger, USBank, and many more).

Citigroup and Walgreens are sending notice letters about it...

NV
Couch Potato
What?
Premium Member
join:2004-08-29
Statesville, NC

Couch Potato to izy

Premium Member

to izy
Click for full size
I got one of these emails also. I do not, nor have a ever had service with TiVo. This is also one of my newer email addresses, only about 2 years old.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

1 edit

Snowy

Premium Member

Click for full size
One step ahead of me...
said by Couch Potato:

I got one of these emails also. I do not, nor have a ever had service with TiVo. This is also one of my newer email addresses, only about 2 years old.

Apparently you don't need a Tivo or presumably even a TV to get on Tivo's email list.
I just successfully signed up one my email addresses to be on Tivo's mail DB without even being sure what Tivo is about.
To double check that result I tried to sign up Steve See Profile for Tivo's mail DB but got rejected because Steve See Profile is one step ahead of me (having) previously opted out of receiving email from Tivo

gorrillamcd
Hangin' Out
join:2010-04-01
mexico

gorrillamcd to izy

Member

to izy
There's some other companies involved as well. I got the message from AbeBooks.com

I don't think you should let it reflect badly on Tivo. Epsilon is the one that had the data breach, not Tivo.
Libra
Premium Member
join:2003-08-06
USA

Libra to izy

Premium Member

to izy
I received a similar e-mail from Disney Destinations today (I have no idea how they got my e-mail address). Part of it reads:

"We have been informed by one of our email service providers, Epsilon,
that your email address was exposed by an unauthorized entry into that
provider's computer system. We use our email service providers to
help us manage the large number of email communications with our
guests. Our email service providers send emails on our behalf to
guests who have chosen to receive email communications from us.

We regret that this incident has occurred and any inconvenience this
incident may cause you. We take your privacy very seriously, and we
will continue to work diligently to protect your personal information.

We want to assure you that your email address was the only personal
information we have regarding you that was compromised in this
incident.

As a result of this incident, it is possible that you may receive spam
email messages, emails that contain links containing computer viruses
or other types of computer malware, or emails that seek to deceive you
into providing personal or credit card information. As a result, you
should be extremely cautious before opening links or attachments from
unknown third parties or providing a credit card number or other
sensitive information in response to any email.

If you have any questions regarding this incident, please contact us
at (407) 560-2547 during the hours of 9:00 am to 7:00 pm (Eastern Time)
Monday through Friday, and 9:00 am through 5:00 pm (Eastern Time)
Saturday and Sunday.

Sincerely,

Disney Destinations"

I thought the 4th paragraph above was a pretty clear warning of what to expect and guard against.

Sincerely, Libra

sivran
Vive Vivaldi
Premium Member
join:2003-09-15
Irving, TX

sivran to izy

Premium Member

to izy
So that's what that email from Robert Half was about...
DrDemento
join:2005-07-25
Brick, NJ

DrDemento to gorrillamcd

Member

to gorrillamcd
I also got the message from AbeBooks. I suspect I will be getting more of these in the near future. Thankfully it is just an address that was hacked .

fatness
subtle

join:2000-11-17
fishing

fatness to izy

to izy

Re: Epsilon Data Breach

»abcnews.go.com/Business/ ··· 13290451
quote:
Major banks and credit-card issuers Capital One, Barclays Bank, U.S. Bancorp and Citigroup have joined the list of companies warning customers that hackers may have learned their email addresses.

The companies all use a Dallas-based company called Epsilon to manage their emails to customers. Epsilon said Friday that its system had been breached, exposing email addresses and customer names but no other personal information.

The hackers also gained access to the email addresses of customers of JPMorgan Chase & Co., Best Buy Co., TiVo Inc., Walgreen Co. and Kroger Co.
This explains why my typical spam emails received over the weekend from one email account jumped from the usual 15-or-so to 187 (many containing viruses) this weekend. I haven't signed up for anything recently using that email account.

Mannus
Premium Member
join:2005-10-25
Fort Wayne, IN

Mannus to izy

Premium Member

to izy
I received an email from Chase Bank regarding this. I have noticed an increase in SPAM the past week.

Rocky67
Pencil Neck Geek
Premium Member
join:2005-01-13
Orange, CA

Rocky67 to fatness

Premium Member

to fatness
This seems like a strange situation in some respects. I have a Chase account, but haven't received a notification from them about the data breach. My spam folder only had one item in it this morning which seems remarkable for two days worth of email. The last time my spam count was that low must have been around 1996.

jadinolf
I love you Fred
Premium Member
join:2005-07-09
Ojai, CA

jadinolf to izy

Premium Member

to izy
Got my email from Chase this morning.

I'm not worried because I gave them a very special address.

AVD
Respice, Adspice, Prospice
Premium Member
join:2003-02-06
Onion, NJ

AVD to izy

Premium Member

to izy
Yeah, I got it, archived it, and went on with my life.

pcdebb
birdbrain
Premium Member
join:2000-12-03
Brandon, FL

pcdebb to sivran

Premium Member

to sivran

Re: Tivo Data Breach

said by sivran:

So that's what that email from Robert Half was about...

me too. and also Best Buy.
jl747
join:2005-03-24
Mount Prospect, IL

jl747 to izy

Member

to izy

Re: Epsilon Data Breach

This is from Chase.

Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send e-mails, that an unauthorized person outside Epsilon accessed files that included e-mail addresses of some Chase customers. We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.

We apologize if this causes you any inconvenience. We want to remind you that Chase will never ask for your personal information or login credentials in an e-mail. As always, be cautious if you receive e-mails asking for your personal information and be on the lookout for unwanted spam. It is not Chase's practice to request personal information by e-mail.

As a reminder, we recommend that you:
• Don't give your Chase OnlineSM User ID or password in e-mail.
• Don't respond to e-mails that require you to enter personal information directly into the e-mail.
• Don't respond to e-mails threatening to close your account if you do not take the immediate action of providing personal information.
• Don't reply to e-mails asking you to send personal information.
• Don't use your e-mail address as a login ID or password.
The security of your information is a critical priority to us and we strive to handle it carefully at all times. Please visit our Security Center at chase.com and click on "Fraud Information" under the "How to Report Fraud." It provides additional information on exercising caution when reading e-mails that appear to be sent by us.

Sincerely,
Austinloop
join:2001-08-19
Austin, TX

Austinloop to ITICharlie1

Member

to ITICharlie1

Re: Tivo Data Breach

Likewise, US Bank.

burner50
Proud Union THUG
Premium Member
join:2002-06-05
Iowa

burner50 to izy

Premium Member

to izy

Re: Epsilon Data Breach

I got one from best buy sometime overnight.
supergeeky
join:2003-05-09
United State

supergeeky to izy

Member

to izy
I got this notice from BestBuy too.

I just love how no company wants to manage there own info anymore, outsources it to a bigger company who manages everyone, even their competitors, and then leaks it to the whole world. Is there any company who ever wants to do anything themselves anymore?