Software firm says e-mails stolen in server breach

[Wallonn7]

Ashampoo, a German maker of Windows utilities and security software, warned this week that customer names and e-mail addresses were stolen and could be used in targeted malware attacks.

Read more at CNet

 

[mickey megabyte]

yes, i'm an ashampoo user (ashampoo burning studio 2010 - excellent burning/ripping app).

i received this email this morning:

Dear Ashampoo customer,

We are writing to you concerning an important issue. We regret to tell you that we also detected an unauthorized access to one of our server systems. We assume that the attackers were able to purloin data of customers. Sensitive data such as billing information etc. is not affected by this, because Ashampoo does not store this data.

We summarized all pieces of information concerning this incident for you and would like you to read the following website: Ashampoo® - We Make Software!

Yours sincerely,

The Ashampoo-Team

 

[MadSupra354]

I think Play.com was breached a while ago to :shock:

 

[wilywombat]

I gave a link to the Ashampoo company statemant over a day ago:- http://www.sevenforums.com/security-news/158415-ashampoo-data-breach.html It also gives details of affected programs.

 

[Imperfect1]

Hmmmmmmmm, something fishy is going on. I received virtually TWO of the same emails from US Bank and one other company. The only difference was that each of the two emails was sent by a different company and had a different vendor's name. Plus, both of the emails had a LINK that the person is supposed to click on to check the validity of the email. I think these may NOT be legitimate warnings! I smell an attempted hacking going on. . .

Here's the text of the US Bank email. The other one was pretty much identical:

"As a valued U.S. Bank customer, we want to make you aware of a situation that has occurred related to your email address.

We have been informed by Epsilon Interactive, a vendor based in Dallas, Texas, that files containing your email address were accessed by unauthorized entry into their computer system. Epsilon helps us send you emails about products and services that may be of interest to you.

We want to assure you that U.S. Bank has never provided Epsilon with financial information about you. For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails.
Please remember that U.S. Bank will never request information such as your personal ID, password, social security number, PIN or account number via email. For your safety, never share this or similar information in response to an email request at any time. To learn more about recognizing online fraud issues, visit: [usbank link removed for posters' safety].In addition, if you receive any suspicious looking emails, please tell us immediately."

 

[wilywombat]

I think maybe time for a full scan with Malwarebytes....just to be sure!!

 

[KnowledgeWorker]

Hmmmmmmmm, something fishy is going on. I received virtually TWO of the same emails from US Bank and one other company. The only difference was that each of the two emails was sent by a different company and had a different vendor's name.

Imperfect, what do you mean by "different vendor"? Obviously the company you receive the e-mails from is different! Maybe US Bank just sent it twice to be sure? The URL looked totally valid, I tried it (not being a customer or US citizen ).

To "relieve" you: I got the same e-mail from "Polo Ralph Lauren USA" (ralphlauren.com), to which I had subscribed to, to receive their newsletter. I think they mentioned the same company "Epsilon Interactive", which you can find here: Epsilon | The Leading Provider of Multi-Channel Marketing Services

And here is their information about the incident!
"In response to the recent security incident involving unauthorized access of Epsilon's e-mail services platform, we remind consumers of precautions to help safeguard your information."

Best regards - and I think we should all stop subscribing to corporate newsletters!

 

[linnemeyerhere]

I as well use a shampoo in the shower each day. Sorry......

 

[Wallonn7]

I as well use a shampoo in the shower each day. Sorry......

:roflmao:

 

[Imperfect1]

Hmmmmmmmm, something fishy is going on. I received virtually TWO of the same emails from US Bank and one other company. The only difference was that each of the two emails was sent by a different company and had a different vendor's name.

Imperfect, what do you mean by "different vendor"? Obviously the company you receive the e-mails from is different! Maybe US Bank just sent it twice to be sure? The URL looked totally valid, I tried it (not being a customer or US citizen ).

By "different vendor" I meant that the 1st company that I received the email from did not use Epsilon as their multi-marketing vendor -- they named a different vendor. I had discarded their email before I received a 2nd very similar email notification from US Bank --- I don't remember the 1st company's name or the name of their multi-marketing service -- otherwise I would have named them in my post.

I didn't think too much about it until I saw the OP's post about receiving an almost identical email and then hearing about other similar incidents and I thought, hmmmm, I wonder if there is something fishy going on here. It just seemed a little too coincidental and unlikely that suddenly, there would be all these reports of unauthorized 3rd party access to customer's email information --- particularly since different vendor's were named.

PS I've had my PayPal account hijacked and lost $780 to some hacker who was able to gain unauthorized access to the bank account that was attached to my PayPal account. Since that happened, I've learned to be more observant of this type of 'unusual activity' and more cautious about it. Hackers are extremely skillful and clever these days --- we put ourselves at risk if we're too careless or unassuming about protecting our private information and money -- particularly if we're doing sensitive communications and/or financial transactions (e.g. banking, shopping, etc.) over the internet.

 

[sygnus21]

Well I got an e-mail from Verizon saying my e-mail was exposed.....

Dear Verizon Customer,

We have been informed by Epsilon, a provider of Verizon's email marketing services, that your email address was exposed due to unauthorized access to its systems. Verizon uses Epsilon to send marketing communications on our behalf.

Epsilon has assured us that the information exposed was limited to email addresses, and that no other information about you or your account was exposed.

As always, you should be cautious when opening email links or attachments from unknown or suspicious parties, or emails purporting to be from Verizon and asking for financial or account password information. It is our policy to never ask for this information in emails. If you receive such emails, do not reply to them. You can report suspect or unwanted emails to Verizon at [email protected] and can obtain more information on how to protect against spam and phishing attacks on Verizon's Privacy Policy page by clicking on "Tips for Guarding Your Information" located at the top right hand corner of the page. Our privacy policy can be found at Verizon.com/privacy.

We regret any inconvenience this may cause you. Please be assured that we take the privacy of your information very seriously.

Sincerely,

Verizon

Hmmmm..... interesting.

BTW the @xxx.net is me changing the link.

 

[alan10]

Here's the text of the US Bank email. The other one was pretty much identical:
"
password, social security number, PIN or account number via email. For your safety, never share this or similar information in response to an email request at any time. To learn more about recognizing online fraud issues, visit:
the link looked unclickable in preview, but still looked dangerous once posted

In addition, if you receive any suspicious looking emails, please tell us immediately."

Was that post safe ?
I have just prefixed with xxx- to hopefully make it NON-clickable,
but the original post seems to be very clickable,
and when I hover over it Firefox shows I will be taken to
http://email.usbank.com/diddly-doodah-garbage-obfuscation-etc

Was the original link a malware trap,
or just a method of getting an Auto Response email confirming that the email harvesters had caught a valid email address with which to spam the recipient Imperfect1 when he clicks it ?
Is there a danger to anyone who read that post and clicked that link that the spammers would receive his message and record his default outgoing email address as an additional valid target for spam ?

 

[Imperfect1]

Here's the text of the US Bank email. The other one was pretty much identical:
"
password, social security number, PIN or account number via email. For your safety, never share this or similar information in response to an email request at any time. To learn more about recognizing online fraud issues, visit: [us bank link removed for posters' safety]. In addition, if you receive any suspicious looking emails, please tell us immediately."

Was that post safe ?
I have just prefixed with xxx- to hopefully make it NON-clickable,
but the original post seems to be very clickable,
and when I hover over it Firefox shows I will be taken to
http://email.usbank.com/diddly-doodah-garbage-obfuscation-etc

Was the original link a malware trap,
or just a method of getting an Auto Response email confirming that the email harvesters had caught a valid email address with which to spam the recipient Imperfect1 when he clicks it ?
Is there a danger to anyone who read that post and clicked that link that the spammers would receive his message and record his default outgoing email address as an additional valid target for spam ?

To be cautious, I just removed the link entirely from my original post.

 

[mr pc]

So - yeah, Cloud Computing

Do we really believe that exceptional safeguards will be put in place to secure everyone's data?

Personally I believe it will be the contrary - - There's BIG money in cheap work

 

[Imperfect1]

Hmmmmmmmm, something fishy is going on. I received virtually TWO of the same emails from US Bank and one other company. The only difference was that each of the two emails was sent by a different company and had a different vendor's name.

Imperfect, what do you mean by "different vendor"? Obviously the company you receive the e-mails from is different! Maybe US Bank just sent it twice to be sure? The URL looked totally valid, I tried it (not being a customer or US citizen ).

By "different vendor" I meant that the 1st company that I received the email from did not use Epsilon as their multi-marketing vendor -- they named a different vendor. I had discarded their email before I received a 2nd very similar email notification from US Bank --- I don't remember the 1st company's name or the name of their multi-marketing service -- otherwise I would have named them in my post.

I didn't think too much about it until I saw the OP's post about receiving an almost identical email and then hearing about other similar incidents and I thought, hmmmm, I wonder if there is something fishy going on here. It just seemed a little too coincidental and unlikely that suddenly, there would be all these reports of unauthorized 3rd party access to customer's email information --- particularly since different vendor's were named.

PS I've had my PayPal account hijacked and lost $780 to some hacker who was able to gain unauthorized access to the bank account that was attached to my PayPal account. Since that happened, I've learned to be more observant of this type of 'unusual activity' and more cautious about it. Hackers are extremely skillful and clever these days --- we put ourselves at risk if we're too careless or unassuming about protecting our private information and money -- particularly if we're doing sensitive communications and/or financial transactions (e.g. banking, shopping, etc.) over the internet.

I can't believe that I got another one of these emails, this time from Michaels Stores -- a retailer that I've never done business with:

"Dear Michaels Customer:
Michaels has just learned that it may have been a victim of PIN pad tampering in the Chicago area and that customer credit and debit card information may have been compromised.
In the event that this is a more widespread issue, we are taking the precautionary measure of alerting all of our customers so that they may protect themselves. We recommend immediately contacting your bank and/or credit card company to check for and report any unauthorized charges, as well as seek their advice on how to protect your account in the event that your information has been taken. Additional information is available on the Federal Trade Commission website at [removed link for security].
We sincerely regret any inconvenience this may have caused you, and we want you to know that we are working with law enforcement authorities in every way we can to help in the investigation. As always, we thank you for being a Michaels customer.
Thank you.
Sincerely,
John B. Menzer
CEO, Michaels Stores"