Gaffe-prone ISP PlusNet has had its email database stolen and its users' accounts bombarded by spammers. The attack first surfaced yesterday, when PlusNet punters reported that previously spam-free email addresses were being filled with unsolicited discount pharmacy marketing. Some forum posters report that a few of their …
Email details plus what else?
I used a mail address at a non-plusnet hosted domain that I own to sign up to plusnet's services, this address was a one-off for that purpose only and has never been used for anything else at all.
It is now receiving spam.
As this address was provided at the same time as my payment details I'm left wondering what other data are now in the hands of the viagra merchants.
Still, after losing a load of our mail it is thoughtful of them to provide us with some extra to make up for it.
You'd think that mistakes could be learnt from.
This is another example of making a mistake, and then compounding it.
As customers, we weren't even told directly that our card/bank details were safe.
We had to pick up that tidbit from TBB's homepage.
You'd have thought they'd have told us in their own forums, or in via the Usergroup site, but no, we are left to find out elsewhere.
We're all human though, and we all make mistakes.
The important bit is learning from them..... my MAC won't expire *this* time.....
Will the ICO act?
I look forward to the ICO springing into action with immediate, punitive sanctions.
I am holding my breath.
This is why...
... I use my own mail server and domain.
Avoids all the hassles of ISP mail servers being down, corrupted, lost mails, spammed to death and I have better spam control. The domain is ISP independent so I can move to any ISP without changing email addresses, and I can use an almost infinite amount of addresses. I use one address per site and account I sign up for so I can also track back the spam and block an address getting spammed too much without killing all my other addresses.
Poor old PlusNet though. They really do suffer with these incidents. Still have a bit of a soft spot for them though and at least my broadband works.
That's it, I'm off
As a Plus Net user I get battered by Spam, but it comes in waves. The most recent wave (which sees between 25-50 spam mails arriving every day) started a week ago. I did wonder why...
Now I find out from El Reg, they've had my details nicked! Nice of them to tell me. This is the final straw - they didn't tell me they'd released new connection offerings, so I was paying over the odds for two months; they have no way of controlling the amount of spam your virtual accounts generate (there is something galling about receiving spam from your own address); they lose email; and now this.
Anyone know a good ISP???
When will they contact me?
I've not been contacted as yet to advise me of anything. It was by pure chance that I visited PlusNet's Member Centre to turn on their spam filtering. When reviewing my account settings, that's when the penny dropped, an e-mail address used for my "catch all" settings was being spammed and it wasn't an address that I'd ever used. Clearly PlusNet had made a blunder.
I'm now fed up with the unreliable e-mail service PlusNet provide, if it's not spam, it's severely delayed mail.
Shouldn't it be about time PlusNet compensated it's customers for the shoddy service it provides or lack of service?
Can anyone recommend a good alternative to PlusNet?
Aha, that explains it
I have a plusnet account, and for the last year I've generated a new email address for every new contact of the form firstname.lastname@example.org
The idea being that if I start to get spam, I can tell who's address book got raided, and also filter out that address.
It was all clean until two days ago when suddenly I started to get spam on several of these addresses at once.
Glad to know that it was not me that got hacked, but very annoyed that it was my isp that blew it in such a big way.
Big questions to be answered
I want to know how spammers have got my e-mail address as I never use the PlusNet one despite being a customer for nearly 5 years and I have just left the first post ever on their forum.
The only reason I check my PlusNet e-mails is I have done so since day 1, using Outlook to receive notification of billing, etc. This therefore in my opinion disproves all the theories about people using webmail, spammers looking at the forums and working out addresses, and so on.
Once it has been determined how they got my address I want to know what other information they now have about me.
"...in the process of contacting all affected customers..."
A very slow process it seems - i haven't heard anything yet.
My PlusNet account was 100% spam-free two days ago (i don't use the address in any web forms, etc)... then yesterday i got 5 spam messages. This morning I had 20 waiting for me. Does that mean i'll have another 80 in my inbox by tomorrow?
Odd that PlusNet can't get out a message to everyone affected, but the PeN1S-EnL4RGEmEnt crew can... several times over...
BTW, this is the first time i've been directly affected by a PlusNet gaffe... i luckily escaped the 700GB-of-messages-deleted saga.
I'm feeling left out...
I'm not sure it's PlusNet's fault for the spam. I've been using plusnet for about 4 years and hardly get any spam at all. I consistently get about 5 spam emails a day and have not seen any increase recently.
I'm very careful about what I do with my email addresses, I have my own domain and so I don't use the actual plusnet account addresses for anything directly, they are just forwarded to from addresses on my own domain. The catch-all address for my domain forwards to a gmail account, not plusnet, so the spam in that account can only be due to randomly generated email addresses being used by spammers, not anything plusnet has or hasn't done.
I did have a spot of bad service from plusnet when I moved house, which lead to me shopping round for an alternative supplier. I couldn't find one that matched plusnet on speed / relyability / features (including the thrown-in hosted stuff like cgi, mysql, php, frontpage etc) oh and cost...
But, if you're an unhappy plusnet user, specially one of those that regularly moans about traffic shaping / p2p file-sharing speeds, then by all means bugger off somewhere else and stop hogging everyone else's bandwidth. You know who you are... Thanks!
Happy PlusNet User :o)
Not just folks at PN affected
If you had used webmail to send somebody a message, the recipients address could also be on the list for receiving SPAM.
Sadly means those who think they can get around it by hosting their own domain are mistaken - if somebody else has ever sent them a message from PN's webmail, they could be on the list to receive SPAM too....
Bit of a bugger all round really.
re: I'm feeling left out
I too have been a very happy plusnet user for years. I too use my own domain names forwarded through to gmail (after plusnet's last lot of major email problems). Every site I subscribe to has a different email address so I know the origins of any spam I get.
Nobody knows my ISP plusnet email address - no-one needs to know it - it's why I have my own domains. I have successfully avoided spam for years. I could never see what the fuss was about with spam as I was 'controlling' it all very succesfully. However, since this latest plusnet I'm now getting high volumes of spam coming through to me. Not just my plusnet addresses but other non-plusnet ones too that used to be forwarded on to me via plusnet's systems.
Spammers may very well be making up the addresses but, if they have, they've been remarkably successful in the last 2 days and very suspiciously at just about the same time that plusnet have admitted that a third party has illegally got hold of data from their systems.
Wear your blinkers if you like but plusnet have really dropped the ball on this one.
Unhappy PlusNet User :o(
Calling Plusnet, Plusnet to the courtesy phone please...
... Get yourself a PROPER antispam solution... From a British vendor who is consistently doing well. One word, six letters, starts and ends with an 'S'.
I'm sure said Abingdon-based vendor would enjoy having your business...
These cowboys should not be allowed to run an e-mail platform. God knows what this latest catastrophe may end up costing their long-suffering customers. They don't even handle huge volumes of mail compared to the big boys so they are simply incompetent. One of their directors posted on TBB at the time that the new platform was being installed that he guaranteed a trouble-free run from that point forth. I'm assuming he will do the decent thing and fall on his sword.
sick of it
i never thought i'd have as isp that would make me consider virgin (nee ntl) but they managed it. i had an email which was never used on sites anywhere and received no spam... till this week. to top it all i had to find out on here!
never mind the soothing apologies how about some refund for a substandard, inconsistent, patchy, poor service?
Sweeping trojans under the carpet
It looks very likely that this problem is connected to a trojan virus attack last week - on May 9 according to http://usertools.plus.net/status/archive/1179240249.htm - which PlusNet staff admitted today that they knew about at the time. They claim to have secured the platform after that but it seems that they neglected to alert customers to the risk they were exposed to, ie unknowingly downloading the trojan. Whoever took the decision to sweep the discovery of the trojan under the carpet last week should be fired right now. You can't play PR games with customers' security.
I've just checked the members support pages. Plusnet state "we believe no other personal information, including credit card details, has been disclosed." hardly a confidence booster... especially when there are no announcements due till friday.
beginning to get angry now.
...including credit card details...
"...at this stage in the investigation we believe no other personal information, including credit card details, has been disclosed."
"...became aware of an attack on Wednesday 9th May 2007..."
"...a small number of customers may have downloaded a Trojan virus."
"We take the security of our customers' information very seriously..."
"...currently taking a number of actions to minimise any further risks to customers."
"This list is now being used to distribute spam email which continues to be sent to customers, and it is likely that this will continue."
So, if no other personal information has been gained, why do I have to change my password? If I have to change my password, then it must be assumed my password has been compromised, and therefore the my bank details (and other personal data) has also fallen into the wrong hands, so I think PlusNet have contradicted themselves here.
They take the security of their customers' information seriously? So why have they done very little since 9 May? And why have they still not contacted me to apologise and beg me to stay with them after yet another unacceptable display of incompetence?
However I can rest assured they are taking a number of actions to minimise further risks, but I can still expect the spam. I wonder if those actions involve putting the kettle on and sitting on their backsides?
Ironically I turned PlusNet's spam filter on this morning, in an effort to identify the spam. Apparently the filter will mark such mails with the word "SPAM" in the subject. Laughably, what are clearly spam mails are not even being flagged by PlusNet's filter. Another brilliant display of incompetence?
Not just PlusNet
Over the last 7 days, I've started to receive a similar deluge of crap from Tiscali.
it just gets better and better...
P***nets latest post to their members (you have to go look for it of course)...
"...Portal and Webmail Access Restrictions
As a temporary precautionary measure, we have restricted access to our Member Centre and Webmail services from connections that appear to originate from outside the UK..."
so basically they still don't have a secure network, they still haven't contacted their subscribers directly, they still haven't confirmed that bank details were not comprimised. That's it. I'm finally annoyed enough to go elsewhere. Any recommendations?
And it's goodnight from him, and it's goodnight from me
I've just spent the night looking at the various alternatives out there, and I've finally settled up on Zen (http://www.zen.co.uk/).
I've come to this decision with the help of ADSLGuide, or rather thinkboradband.com as they have now become known, http://www.thinkbroadband.com. (Compare Zen against PlusNet and see the difference, the gap never used to be that big.)
It was a toss up between Zen and Newnet, but Zen won due to the similar pricing to PlusNet and inclusion of web space over Newnet.
Oh, and if random comments should start to appear here, blame PlusNet, they let the spammers steal my personal data.
The trojan is a classic PlusNet excuse
From the comments above PlusNet seem to be pointing at a Trojan on customers machines as a likely source of problems. I'm not a PlusNet customer and haven't used their email system for months (I occasionally check my old account from a couple of years ago).
This week I started getting identical spam to three email addresses that have not received a single piece of spam in over 4 years. One of these hasn't been used for over 2 years. Logging into Plusnet's webmail system there were no emails in the inbox containing the 3 spammed addresses. However, I found that all three addresses were setup as identities in the webmail system (the webmail system allows identities to be setup, each with a different 'from' address).
This looks like the spammers have had direct access to the backend of PlusNet's email systems (this is the only place where those three address are listed together) and I expect that any addresses listed as identities or in addressbooks will have been collected.
It gets worse...
It has now been revealed that a customer e-mailed PlusNet on May 5 to report the trojan to them. PlusNet kept it quiet but, according to their own forum posts today, didn't manage to flush the trojan out until May 9 - and even then they negligently failed to notify their customers of the risks they had been subjected to. In all, they said nothing for 10 days until the spam hit the fan today, forcing them to reveal all.
This company "relaunched" itself this year with "open, honest and responsive" tub-thumping. This is surely one cover-up too many and their conscious neglect of their customers may justifiably make them liable for criminal damages.
Yup, and for some reason customers are the last to hear about it.....
Still haven't figured out why info from PN ends up on TBB first, and is then repeated/quoted/linked to from the official portal forums.
Is it perchance because potential customers, and news sites see what goes on there?
Do PN need to look as if they are all over the situation in public, whilst leaving the rest of us on their portal as poor relations.
More spin than my washing machine.
Enough is enough
I've stuck with Plus for the last four years, hell i've even recommended friends to them - but there is a limit to my patience. This is the first non-loss of service issue that's affected me - i was fortunate enough to be spared the loss of email - but i suspect if i stay, it won't be the last. Despite what plus say, i suspect that account details have been lost (I'm getting spam to email@example.com), and i'm as annoyed as annoyed as everyone else that they haven't bothered to tell me. Now they've "secured" their system (do they even know how?) to prevent access from non-UK IPs, i can't cahnge my password (i'm on holiday in the states).
It seems that Plus can't be trusted to hold their hands up when they have a breach, inform customers of their services (no i wasn't told of the new packages either, presumable because they wanted to keep the extra couple of quid a month) or correctly manage the security of what is, in comparison to BT et al, a relativly small (and presumably shrinking exponentially) number of customers.
Time to move! Plus don't deserve to be in business.
Number 7 in the UK's Most Spam Targetted ISP's...
We have just finished analysing 2 years of spam data and it may be no surprise to some that PlusNet ranked 7th in our chart of the most spam-targeted UK ISP’s...
Looking at our statistics for yesterday we have seen an alarming increase in spam for PlusNet customers - shooting up a massive 62% against the same period last week
The worrying thing about this is that it appears that some of the targeted email accounts have not been used for several months. This could be a sign that the email addresses have either been stolen by hacking into the PlusNet systems or even sold to the spammers by an insider.
Spam gangs are now targeting UK ISP's much more effectively using new techniques that are easily able to by-pass standard spam filters. The cost of these attacks to the ISP can be enormous - they clog up mail servers, slow down customers Internet access and can cause physical damage to customers computers if they contain Viruses or Trojans.
Ah! That explains it, then
As I live over five miles from my nearest phone exchange I was rather short'n'curlied when it came to choosing an ISP to provide DSL to my line - the choice was between BT and PlusNet. Having had such abysmal service from BT when I was on dial-up, I chose PlusNet.
'Nothing could be worse than bloody BT' I thought... how wrong I was.
At the time I signed up with Plus, they asked for an alternative email address (alt to the webmail service they provide as part of the package). Foolishly, I gave them my personal Yahoo webmail address.
I've had various Yahoo accounts for years: those that have been used for mailing lists, usenet groups, bulletin boards and so on have inevitably become spam-clogged eventually. But I've guarded the 'personal' one jealously: it's never been published and my correspondents have respected my requests to keep it out of WAB; out of the CC field, and off the web: consequently, despite having used it daily for six years I've very rarely had more than a couple of iffy mails a week in it.
In the past few days my account has been deluged with spam, mostly for pharmaceuticals and software. I was perplexed until I read The Register's story (and the follow-up on the closure of PlusNet's webmail). Not only has PlusNet let spammers nick my PlusNet email address (which I only use to check their billing notification is correct) but they've given the baddies my long-established Yahoo address for good measure.
About the only thing that PlusNet seems to do reliably is bill for their service - though it wouldn't surprise me if they've managed to give my bloody credit card details to the Russian mafia as well.
The spam cock-up is the last straw. I know most ISPs are as bad as each other and, as I said, my choice here is limited. But I'm fucked if I'm going to pay PlusNet another penny - I'd sooner go through the tedious process of transferring the DSL to someone less incompetent. Bastards!
And, of course, had I not been an avid El Reg reader I'd have no idea who the culprit was because PlusNet has not told its customers anything, leaving them to find out by burrowing deep into its crap web portal.
Just email addresses?
Unfortunately I don't believe that just email addresses were compromised. I can't remember whether it was 2001 or 2002 but back then, criticalmass got righteously hacked. A slowdown in service was reported but it wasn't until many hours later when criticalmass went down that NOC figured out that the slowdown was a DDOS against one of the others to distract from the hacking attempts on criticalmass. They needn't have bothered as neither were noticed.
CS staff were told to keep quiet about the hack and it was reported as a server failure. What was even worse was there was a plaintext list of passwords on each of the cgi servers. A mass email was sent out advising people to change their passwords but leaving out why. A week later it transpired that someone had left the plaintext list on the new server in a web accessible directory so another round of emails about changing passwords went out.
All the while, noone knew that criticalmass had been hacked except staff. Nice. At least this time they are admitting to the hack but is there anything that management aren't admitting to?
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- 14 antivirus apps found to have security problems
- Feature Scotland's BIG question: Will independence cost me my broadband?
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
- FTC to mobile carriers: If you could stop text scammers being jerks that'd be just great