BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Epsilon breach used four-month-old attack

From: security curmudgeon <jericho () attrition org>
Date: Thu, 7 Apr 2011 19:35:00 -0500 (CDT)

http://www.itnews.com.au/News/253712,epsilon-breach-used-four-month-old-attack.aspx

Epsilon breach used four-month-old attack
By Brett Winterford on Apr 7, 2011 3:13 PM

ReturnPath had warned partners of breach in November.

A data breach exposing the customer details of the likes of Citigroup, 
Hilton Hotels and Dell Australia was part of a series of 
socially-engineered attacks first reported by an Epsilon technology 
partner some four months ago, iTnews can reveal.

The world.s largest email service provider, Epsilon, disclosed on April 1, 
2011 that the data it manages on behalf of a subset of its 2500 global 
clients had been accessed by hackers the day prior.

Today iTnews can reveal that Epsilon has been aware of the vulnerability 
behind this attack for some months.

[..]

By December 10, drugstore giant Walgreens . today an Epsilon customer - 
revealed that it had been the victim of a phishing attack levelled at its 
customers.

On December 13, fellow email service provider Silverpop Services revealed 
that it too had .recently detected suspicious activity in a small 
percentage of customer accounts., and responded by changing all passwords 
and engaging the FBI.s cybercrime division.

In the days that followed, it was revealed that McDonalds and Play.com 
customers had been hit with phishing attacks as a result of this breach.

[..]

The challenge for Epsilon will be to now convince its clients that it had 
done enough to protect their data, considering the number of months it had 
known of the vulnerability.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
Previous By Date Next
Previous By Thread Next

Current thread: