izy MVM join:2000-09-21 endless loop ProCurve (HP) V1810-24g SonicWALL TZ215 Ubiquiti UniFi AP-LR
1 edit |
izy
MVM
2011-Apr-2 11:00 pm
Epsilon Data BreachEdited the title as it is not only Tivo that is affected
Anyone else get this? Been thinking of cancelling the service, this may make the decision a little easier!
Dear TiVo Customer,
Today we were informed by our email service provider that your email address was exposed due to unauthorized access of their system. Our email service provider deploys emails on our behalf to customers who have opted into email-based communications from us.
We were advised by our email service provider that the information that was obtained was limited to first name and/or email addresses only. Your service and any other personally identifiable information were not at risk and remain secure.
Please note, it is possible you may receive spam email messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties.
We regret this has taken place and apologize for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.
If you have unsubscribed in the past, there is no need to unsubscribe again. Your preferences will remain in place.
Sincerely, The TiVo Team |
|
veunadWhat Does This Do? Premium Member join:1999-08-06 Alpharetta, GA |
veunad
Premium Member
2011-Apr-2 11:20 pm
Re: Tivo Data BreachYeah, think it might be related to the Kroger one... because shortly after that was announced, I got one from Tivo, Brookstone, and of course Kroger... So sounds like their third party marketing vendor was breached and each company is announcing as if they were breached... That or something else entirely... |
|
ITICharlie1Ass Mode Premium Member join:2003-01-22 Saint Louis, MO |
to izy
I got this too, along with one from US Bank. |
|
SteveI know your IP address
join:2001-03-10 Tustin, CA |
to izy
The breach occurred at Epsilon, who does mailing for a zillion companies (Tivo, Brookstone, Kroger, USBank, and many more). Ref: » krebsonsecurity.com/2011 ··· stomers/ |
|
izy MVM join:2000-09-21 endless loop |
izy
MVM
2011-Apr-3 7:58 am
Interesting. Thanks for the link Steve |
|
jack bGone Fishing MVM join:2000-09-08 Cape Cod |
jack b
MVM
2011-Apr-3 10:51 am
Now you can reconsider your TiVo subscription cancellation? (OT:BTW, a lifetime subscription pays for itself in 2.5 years, then your TiVo is "free") I received this same email from TiVo, as well as a similar one from Chase and Barclay's Bank. Others are sure to follow. It's only a matter of time before the next round of phishing lures are cast. |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
Snowy
Premium Member
2011-Apr-3 3:14 pm
said by jack b:It's only a matter of time before the next round of phishing lures are cast. That would be one way to abuse the database. The difference between normal, expected phishmail is that this phishmail will include your name to add credibility. A PayPal phish using this database would begin with: Dear your name hereWe have detected... rather than the expected Dear memberWe have detected... It will snag a few more victims than the typical PayPal phish would if abused in this manner. Anyone effected be should stay aware of the possibility. |
|
amark join:2001-02-09 94045 |
to izy
I guess I can deal with that. Would those only come from Tivo since that account was effected? Would it come from other accounts as well? Most importantly-are there any other concerns I should know about? Any security issues, etc? Should I close out that email account? If the only concern is checking TiVo email and spam I guess I could live with that-any thing else I would like to know. Appreciated, thanks! |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
Snowy
Premium Member
2011-Apr-3 3:35 pm
said by amark:Should I close out that email account? It's always a matter of weighing the risks against the cost of mitigation. The risk of keeping the account is minimal but it does exist. What's the cost of replacing the email account? If the account is deeply embedded in your daily routine, replacing it being a major hassle, I'd say it's not worth the cost of replacing it. Otherwise, I'd say replace it. |
|
jack bGone Fishing MVM join:2000-09-08 Cape Cod |
Best method IMO is simply substitute the compromised email with another for that particular vendor, and any "alarm" account warning emails arriving using the "bad" account can simply be discarded. |
|
|
to izy
The same breach affected the email vendor for the College Board (the folks who do the SAT tests for high school students, etc).
Can't just blame TiVo---this hit LOTS of companies!! |
|
CCatWe're all quite mad here MVM join:2005-12-06 Wonderland |
to izy
My wife just got one from HSN stating the same thing. |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
Snowy to izy
Premium Member
2011-Apr-3 9:51 pm
to izy
With database abuse becoming a routine event because of the lack of a motivating reason to properly secure them a look at how they are parsed can't hurt. Extracting items such as email addresses from a database is a snap with online tools such as the one offered at » www.skymem.com/Using the text located below at » www.skymem.com/you can see how it's not just fast & free, it will even parse out duplicate entries etc... FirstName LastName DateOfBirthEmail City
SnowyOne 05/02/1970snowyonea@foo.com NewYork
SnowyOne 08/12/1974snowyone1@foo.com London
SnowyOne 09/14/1982snowyone2@foo.com Paris
SnowyOne 12/12/1969snowyone3@foo.com Rome
SnowyOne 03/02/1954snowyone4@foo.com Kailua
SnowyOne 03/06/1970snowyone5@foo.com NewYork
SnowyOne 03/09/1974snowyone1@foo.com London
SnowyOne 09/10/1982snowyone2@foo.com Paris
SnowyOne 12/17/1969snowyone3@foo.com Rome
SnowyOne 01/02/1954snowyonea@foo.com Kailua
Results: The Statistics:6 emails snowyone1@foo.com
snowyone2@foo.com
snowyone3@foo.com
snowyone4@foo.com
snowyone5@foo.com
snowyonea@foo.com
Duplicate List: Statistics:4 duplicate emails snowyone1@foo.com
snowyone2@foo.com
snowyone3@foo.com
snowyonea@foo.com
This post reply isn't intended as a judgment on the parsing site. It's intended to show that these databases with our stuff in them are child play to abuse which isn't a good mix with lackadaisical attitudes about their security. |
|
Noah VailOh God please no. Premium Member join:2004-12-10 SouthAmerica |
to Steve
said by Steve:The breach occurred at Epsilon, who does mailing for a zillion companies (Tivo, Brookstone, Kroger, USBank, and many more). Citigroup and Walgreens are sending notice letters about it... NV |
|
Couch PotatoWhat? Premium Member join:2004-08-29 Statesville, NC |
to izy
I got one of these emails also. I do not, nor have a ever had service with TiVo. This is also one of my newer email addresses, only about 2 years old. |
|
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI 1 edit |
Snowy
Premium Member
2011-Apr-3 11:45 pm
One step ahead of me... |
said by Couch Potato:I got one of these emails also. I do not, nor have a ever had service with TiVo. This is also one of my newer email addresses, only about 2 years old. Apparently you don't need a Tivo or presumably even a TV to get on Tivo's email list. I just successfully signed up one my email addresses to be on Tivo's mail DB without even being sure what Tivo is about. To double check that result I tried to sign up Steve for Tivo's mail DB but got rejected because Steve is one step ahead of me (having) previously opted out of receiving email from Tivo |
|
|
to izy
There's some other companies involved as well. I got the message from AbeBooks.com
I don't think you should let it reflect badly on Tivo. Epsilon is the one that had the data breach, not Tivo. |
|
Libra Premium Member join:2003-08-06 USA |
Libra to izy
Premium Member
2011-Apr-4 12:43 am
to izy
I received a similar e-mail from Disney Destinations today (I have no idea how they got my e-mail address). Part of it reads:
"We have been informed by one of our email service providers, Epsilon, that your email address was exposed by an unauthorized entry into that provider's computer system. We use our email service providers to help us manage the large number of email communications with our guests. Our email service providers send emails on our behalf to guests who have chosen to receive email communications from us.
We regret that this incident has occurred and any inconvenience this incident may cause you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.
We want to assure you that your email address was the only personal information we have regarding you that was compromised in this incident.
As a result of this incident, it is possible that you may receive spam email messages, emails that contain links containing computer viruses or other types of computer malware, or emails that seek to deceive you into providing personal or credit card information. As a result, you should be extremely cautious before opening links or attachments from unknown third parties or providing a credit card number or other sensitive information in response to any email.
If you have any questions regarding this incident, please contact us at (407) 560-2547 during the hours of 9:00 am to 7:00 pm (Eastern Time) Monday through Friday, and 9:00 am through 5:00 pm (Eastern Time) Saturday and Sunday.
Sincerely,
Disney Destinations"
I thought the 4th paragraph above was a pretty clear warning of what to expect and guard against.
Sincerely, Libra |
|
sivranVive Vivaldi Premium Member join:2003-09-15 Irving, TX |
sivran to izy
Premium Member
2011-Apr-4 2:40 am
to izy
So that's what that email from Robert Half was about... |
|
|
to gorrillamcd
I also got the message from AbeBooks. I suspect I will be getting more of these in the near future. Thankfully it is just an address that was hacked . |
|
fatnesssubtle
join:2000-11-17 fishing |
to izy
Re: Epsilon Data Breach» abcnews.go.com/Business/ ··· 13290451quote: Major banks and credit-card issuers Capital One, Barclays Bank, U.S. Bancorp and Citigroup have joined the list of companies warning customers that hackers may have learned their email addresses.
The companies all use a Dallas-based company called Epsilon to manage their emails to customers. Epsilon said Friday that its system had been breached, exposing email addresses and customer names but no other personal information.
The hackers also gained access to the email addresses of customers of JPMorgan Chase & Co., Best Buy Co., TiVo Inc., Walgreen Co. and Kroger Co.
This explains why my typical spam emails received over the weekend from one email account jumped from the usual 15-or-so to 187 (many containing viruses) this weekend. I haven't signed up for anything recently using that email account. |
|
Mannus Premium Member join:2005-10-25 Fort Wayne, IN |
Mannus to izy
Premium Member
2011-Apr-4 11:34 am
to izy
I received an email from Chase Bank regarding this. I have noticed an increase in SPAM the past week. |
|
Rocky67Pencil Neck Geek Premium Member join:2005-01-13 Orange, CA |
to fatness
This seems like a strange situation in some respects. I have a Chase account, but haven't received a notification from them about the data breach. My spam folder only had one item in it this morning which seems remarkable for two days worth of email. The last time my spam count was that low must have been around 1996. |
|
jadinolfI love you Fred Premium Member join:2005-07-09 Ojai, CA |
to izy
Got my email from Chase this morning.
I'm not worried because I gave them a very special address. |
|
AVDRespice, Adspice, Prospice Premium Member join:2003-02-06 Onion, NJ |
AVD to izy
Premium Member
2011-Apr-4 12:05 pm
to izy
Yeah, I got it, archived it, and went on with my life. |
|
pcdebbbirdbrain Premium Member join:2000-12-03 Brandon, FL |
to sivran
Re: Tivo Data Breachsaid by sivran:So that's what that email from Robert Half was about... me too. and also Best Buy. |
|
jl747 join:2005-03-24 Mount Prospect, IL |
to izy
Re: Epsilon Data BreachThis is from Chase.
Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send e-mails, that an unauthorized person outside Epsilon accessed files that included e-mail addresses of some Chase customers. We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.
We apologize if this causes you any inconvenience. We want to remind you that Chase will never ask for your personal information or login credentials in an e-mail. As always, be cautious if you receive e-mails asking for your personal information and be on the lookout for unwanted spam. It is not Chase's practice to request personal information by e-mail.
As a reminder, we recommend that you: Don't give your Chase OnlineSM User ID or password in e-mail. Don't respond to e-mails that require you to enter personal information directly into the e-mail. Don't respond to e-mails threatening to close your account if you do not take the immediate action of providing personal information. Don't reply to e-mails asking you to send personal information. Don't use your e-mail address as a login ID or password. The security of your information is a critical priority to us and we strive to handle it carefully at all times. Please visit our Security Center at chase.com and click on "Fraud Information" under the "How to Report Fraud." It provides additional information on exercising caution when reading e-mails that appear to be sent by us.
Sincerely, |
|
|
to ITICharlie1
Re: Tivo Data BreachLikewise, US Bank. |
|
burner50Proud Union THUG Premium Member join:2002-06-05 Iowa |
to izy
Re: Epsilon Data BreachI got one from best buy sometime overnight. |
|
|
to izy
I got this notice from BestBuy too.
I just love how no company wants to manage there own info anymore, outsources it to a bigger company who manages everyone, even their competitors, and then leaks it to the whole world. Is there any company who ever wants to do anything themselves anymore? |
|