Wave of Spam Messages, Phishing Attack Expected As Epsilon Database Falls for Email Hack

Bob Styran, IT audit expert
April 04, 2011 /

Email service provider Epsilon has warned its customers of a massive email hack into its database as it detected an incident where a subset of “clients’ customer data was exposed by an unauthorized entry into Epsilon’s email system.”

Hackers have successfully penetrated the database of Epsilon on March 30 that may lead to the exposure of the customers’ data to possible wave of spam messages and phishing attack.

The email hack has affected customers of high-profile firms such as Barclaycard, Citigroup, Disney, JP Morgan Chase, hotel chain Marriott, bookseller AbeBooks, and sports apparel dealer Lacoste.

According to Sophos technology head for Asia Pacific, Paul Ducklin, the loss of email address to spammers would most probably result in a “surge of spam” in the customers’ account.

And since these email addresses already belong to an email service provider, he went on, scammers and spammers could just easily identify what interests the customers and send them targeted spam and phishing attack in a more “believable” manner.

The email hack comes on the heels of the recent security breach into the cyber security system of Australia despite tight measures adopted by its parliament.

The security breach has compromised computers in the office of Prime Minister Julia Gillard and several other Members of the Parliament.

More previously than that, Bank of America’s card security system was breached by believed hackers, where every single transaction of customers has been massively denied by the system.

The individual or group of individuals responsible for the email hack still remains unidentified. In the same manner, Epsilon remains clueless as to how its database was breached by the email hack.

InAudit notes that the hacked database contains only the e-mail addresses and names of the customers, excluding other personally identifiable information like card data and residential address.

Shortly after the breach, Disney and other affected firms have sent email notifications to all of their customers warning them of a massive data breach.

In an advisory posted on its website, Epsilon assures its customers that a “full investigation” is going on while “a rigorous assessment determined that no other personal identifiable information associated with those names was at risk.”

 

1 Comment for “Wave of Spam Messages, Phishing Attack Expected As Epsilon Database Falls for Email Hack”

  1. MarcusW

    The phishing attacks have started. An email that appears to be from my broker, Scottrade, was sent to me this morning. Attached to the email is a 1KB Word document. The name of the file is “BuyIn.doc” and the following is in the body of the email:

    “PLEASE SEE ATTACHED FILE FOR ADMINISTRATIVE ACTIONS INVOLVING YOUR ACCOUNTAll e-mail sent to and from this address will be retained by the Scottrade corporate e-mail system and is subject to review by someone other than the recipient. E-mail transmissions may not be secure; contact us at 1-800-619-SAVE for more information.”

    That 1-800 number will probably ding your phone bill…

Share your opinion