Thread: Warning for Earthlink users
View Single Post
  #5   Report Post  
Posted to rec.crafts.metalworking
cavelamb cavelamb is offline
external usenet poster
  
Posts: 1,536
Default Warning for Earthlink users
http://www.cnn.com/2011/TECH/web/04/....html?hpt=Sbin
http://www.securityweek.com/massive-...s-major-brands



Some may dismiss the type of data harvested as a minor threat, but having access
to customer lists opens the opportunity for targeted phishing attacks to
customers who expect communications from these brands. Being able to send a
targeted phishing message to a bank customer and personally address them by name
will certainly result in a much higher “hit rate” than a typical “blind”
spamming campaign would yield. So having access to this information will just
help phishing attacks achieve a higher success rate.

A Marriott Rewards & Ritz Carlton Rewards spokesperson told SecurityWeek that
their customer names, email addresses, and member point balances were exposed:

"We recently discovered that one of our third parties’ computer systems was
tampered with. Tampering with our systems by an unauthorized person or persons
is an illegal act and we reported this incident to a law enforcement agency who
is currently investigating this matter. The unauthorized person(s) had access to
email addresses and member point balances. They did not have access to member
addresses, account logins and passwords, credit card information or other
personal data," the spokesperson wrote in an email.

Correction: The Marriott Rewards spokesperson contacted us on Sunday to
correct their initial statement, saying that member point balances were not
disclosed afterall.


Citi also warned customers over Twitter about the incident, Tweeting the
following: "Please be careful of phishing scams via email. Statement from Citi
for our valued Customers regarding Epsilon & email" with a link to the following
statement: "Because e-mail addresses can be used for "phishing" attacks, we want
to remind our customers that Citi uses an Email Security Zone in all our email
to help them recognize that the email was sent by us. Customers should check the
Email Security Zone to verify that email they have received is from Citi and
reduce the risk of personal information being 'phished.'"

As the initial disclosure by Epsilon occurred late in the day on Friday, I
expect several more brands to be announcing that they’ve been affected by the
breach as well. When asked to comment, Epsilon has refused to provide additional
details on what other brands may have been affected.

Reply With QuoteReply With Quote