Created
July 15, 2014 21:04
-
-
Save hossman/11ca11d3385c21ffe7fb to your computer and use it in GitHub Desktop.
Spammers Appear To Have Equifax Customer Contact Data
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Twitter exchange with equifax regarding apparent leak of customer contact info begins here... | |
| https://twitter.com/_hossman/status/486558700019007489 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Full details in email sent to equifax on 2014-07-08... | |
| ===================================================================================== | |
| Return-Path: <REDACTED> | |
| Received: from frisbee.local (REDACTED. [REDACTED]) | |
| by mx.google.com with ESMTPSA id REDACTED | |
| for <ask.equifax@equifax.com> | |
| (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); | |
| Tue, 08 Jul 2014 15:01:23 -0700 (PDT) | |
| Date: Tue, 8 Jul 2014 15:01:22 -0700 (MST) | |
| From: Chris Hostetter <REDACTED> | |
| To: ask.equifax@equifax.com | |
| Subject: Porn spam sent to single purpose email addr only ever given to | |
| equifax | |
| Message-ID: <alpine.DEB.2.02.1407081437020.32286@frisbee> | |
| User-Agent: Alpine 2.02 (DEB 1266 2009-07-14) | |
| MIME-Version: 1.0 | |
| Content-Type: MULTIPART/MIXED; BOUNDARY="8323329-1438897229-1404856883=:32286" | |
| This message is in MIME format. The first part should be readable text, | |
| while the remaining parts are likely unreadable without MIME-aware tools. | |
| --8323329-1438897229-1404856883=:32286 | |
| Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII | |
| Email as requested per "Misty" here... | |
| https://twitter.com/_hossman/status/486558700019007489 | |
| Summary: someone has access to your list of (past) customers and used it | |
| to send me spam. | |
| Details... | |
| In June of 2008, as a result of some personal data leak from some company | |
| i did business with (but i have already forgotten which one) I was given a | |
| code that let me enroll in "Equifax Credit Watch (TM) Gold With 3 in 1 | |
| Monitoring" for free for 1 year. As part of my regular habit of using | |
| single purpose email addresses when conducting business online, i enrolled | |
| using the email alias "REDACTED_ONE_TIME_ADDR" on June 16, 2008. | |
| Details of my equifax enrollment if they are helpful to you... | |
| >>Your order transaction number is REDACTED. Please use it in any | |
| >>correspondence to us. Your Username is REDACTED. You will use | |
| >>this Username and the password you created at registration to login and | |
| >>view your products. Be sure to keep this information in a safe place for | |
| >>future visits to Equifax Personal Solutions. | |
| Between June 16 2008 and June 23 2009, the email alias | |
| "REDACTED_ONE_TIME_ADDR" recieved 28 emails from equifax via | |
| Info@equifax-mail.com & Member.Benefits@equifax.com. At which point my | |
| subscription to your service stoped, i did not renew it, and I stoppd | |
| recieving emails from your company. | |
| Between June 2009, and yesterday (July 7 2014) the email alias | |
| "REDACTED_ONE_TIME_ADDR" has recieved 0 emails. | |
| Today (July 8 2014) the attached Porn related SPAM email arrived in my | |
| inbox addressed to "REDACTED_ONE_TIME_ADDR" -- suggesting that someone | |
| has obtained access to a list of (past) equifax customer email addresses. | |
| NOTE: I use "Google Apps" to manage email service for my domains. The | |
| address "REDACTED_ONE_TIME_ADDR" has never actaully existed as an email | |
| account on any system -- it simply matches a pattern based forwarding rule | |
| that is directed into my inbox. No email has ever been sent from | |
| "REDACTED_ONE_TIME_ADDR" nor has it ever been used when registering for | |
| any other service besides the "Equifax Credit Watch (TM) Gold With 3 in 1 | |
| Monitoring", nor has it appeared in any documents that exist online other | |
| then the emails I have recieved from your company. | |
| The only viable sources of information where a spammer could have learned | |
| of the existence of "REDACTED_ONE_TIME_ADDR" is: | |
| * Some internal Equifax database/record of (past) customers or past | |
| customer communications. | |
| * By harvesting my GMail hosted mail boxes and scraping the list of | |
| recepients of emails found inside -- which seems unlikely since i have not | |
| recieved a deluge of similar SPAM to any of the other 500+ similar email | |
| aliases i have used when interacting with other companys other the past | |
| 10+ years. | |
| -Chris | |
| --8323329-1438897229-1404856883=:32286 | |
| Content-Type: MESSAGE/RFC822; CHARSET=US-ASCII | |
| Content-ID: <alpine.DEB.2.02.1407081437030.32286@frisbee> | |
| Content-Description: Forwarded Message | |
| Content-Disposition: inline | |
| Delivered-To: REDACTED_ONE_TIME_ADDR | |
| Received: by 10.70.90.140 with SMTP id bw12csp654218pdb; Tue, 8 Jul 2014 | |
| 07:25:59 -0700 (PDT) | |
| X-Received: by 10.70.134.102 with SMTP id pj6mr965666pdb.161.1404829559426; | |
| Tue, 08 Jul 2014 07:25:59 -0700 (PDT) | |
| Return-Path: <ashleymadison1love@thesecreatlife88.us> | |
| Received: from thesecreatlife88.us ([173.236.41.69]) by mx.google.com with | |
| ESMTP id g4si6119092pde.456.2014.07.08.07.25.59 for | |
| <REDACTED_ONE_TIME_ADDR>; Tue, 08 Jul 2014 07:25:59 -0700 (PDT) | |
| Received-SPF: pass (google.com: domain of | |
| ashleymadison1love@thesecreatlife88.us designates 173.236.41.69 as permitted | |
| sender) client-ip=173.236.41.69; | |
| Authentication-Results: mx.google.com; spf=pass (google.com: domain of | |
| ashleymadison1love@thesecreatlife88.us designates 173.236.41.69 as permitted | |
| sender) smtp.mail=ashleymadison1love@thesecreatlife88.us | |
| Date: Tue, 08 Jul 2014 00:26:01 -0700 | |
| Message-ID: <REDACTED@thesecreatlife88.us> | |
| From: "Ashley Madison" <ashleymadison1love@thesecreatlife88.us> | |
| Content-Type: text/html | |
| Subject: Live is Short. Have an Affair Today. | |
| To: <REDACTED_ONE_TIME_ADDR> | |
| Mime-Version: 1.0 | |
| <html> | |
| <body> | |
| <br> | |
| Ashley Madison: <br> | |
| DATE: 07/08/14 | |
| <br> | |
| ___________________________________________________ | |
| <br> | |
| <br> | |
| Has your love life taken a wrong turn? Find people who | |
| share your same situation looking for an affair... | |
| <br> | |
| <br> | |
| <a href="http://REDACTED.thesecreatlife88.us">GO HERE TO VIEW PROFILES</a> | |
| <br> | |
| <br> | |
| Why Ashley Madison? | |
| <br> | |
| <br> | |
| - Our site is 100% secure | |
| <br> | |
| - Completely discreet | |
| <br> | |
| - We are the #1 Discreet Dating Site | |
| <br> | |
| <br> | |
| Ready to take a chance? | |
| <br> | |
| <br> | |
| <a href="http://REDACTED.thesecreatlife88.us">GO HERE NOW</a> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| Message: REDACTED<br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <br> | |
| <a href="http://remove2.thesecreatlife88.us"><img src="http://img3.thesecreatlife88.us" border="0"></a> | |
| <br> | |
| </body> | |
| </html> | |
| REDACTED,REDACTED_ONE_TIME_ADDR | |
| --8323329-1438897229-1404856883=:32286-- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment