Hacked Sites

[za_bullet]

I've been meaning to write this post for a while. I've owned a personal domain for about 15 years and so when I'm asked for an email address I create a unique address so as to manage spam (if I start getting spam to a mail address i.e. they ignore my unsubscribes....I just kill the mailbox). However every now and again it seems some of the sites I've subscribed to either sell or get hacked. I've been meaning to compile a list and open up a discussion and seeing as the latest leak/sale was a South African site I thought I'd do it now.

2017.09.06

www.travelstart.co.za Travelstart (hacked or sold)

2017.07.31

www.superbalist.com (Email from MR.Delivery since superbalist was sold to takealot in 2016)

2017.07.10

www.getwine.co.za

pre-2017.07.10 highlights (non-exhaustive list)

www.piggspeak.com (Piggs Peak Casino - Sold or hacked)
www.adt.co.za (ADT Security - Sold or hacked)
www.adobe.com (Adobe Hack)
www.axiz.com (Axiz/Axizworks - Ignored unsubscribes)
www.careerjunction.co.za (Career Junction - Sold or hacked)
www.hippo.co.za (Hippo Insurance - Ignored unsubscribes)
www.last.fm (Last.fm music - Last FM Hack)
www.motorspot.co.za (Motorspot, now defunct - Sold or hacked)
www.rentacoder.com (now www.freelancer.com - Sold or hacked)

zb.

 

[RoganDawes]

Yeah, I do the same thing, and have seen quite a lot of compromises.

A couple off the top of my head:

camaf.co.za
flysaa.co.za

 

[Zipkoppie]

I use to work for piggs peak casino and I can confirm that the company was sold years ago to another online casino, but I have no idea what the new company did with the data.

 

[za_bullet]

FYI just got email from email registered with travelstart for german lottery.....so they've had a compromise.

 

[infscrtyrisk]

FYI just got email from email registered with travelstart for german lottery.....so they've had a compromise.

Or an internal employee / contractor / contractor's friend has leaked data. It's an interesting system you have, worthy of adding to a threat intel system.

 

[Thor]

Unique email address as in forwarder or inbox?

 

[HibiscusTunes]

Unique email address as in forwarder or inbox?

I use a catchall to do the same. No prior setup needed.

 

[envo]

+1 piggspeak, started getting casino emails in the last 6 months or so. dropped the mail

@Thor, email aliases to an undisclosed pop3, yes.

 

[Thor]

+1 piggspeak, started getting casino emails in the last 6 months or so. dropped the mail

@Thor, email aliases to an undisclosed pop3, yes.

Plain language please.

Normal forwarder to your main email?

Or do you manage 100s of inboxes

 

[RoganDawes]

Email alias means it ends up in a different mailbox, but you can still see what address it was originally addressed to.

e.g. foo+bar@gmail.com ends up in the mailbox foo@gmail.com (this exists for all gmail addresses, anything after the plus is ignored), problem is that any spammer who knows this can simply drop anything after the plus and still reach the original victim.

I created individual aliases under my personal domain, so as to avoid the "truncation".

 

[za_bullet]

I essentially set up a catch-all address for one of my domains. Then when I provide a website with my email it might be something like websitename_plus_random_characters@mydomain.co.za. This method requires the least up front work.

If I start getting spam on that email I create an alias for it and hard bounce it.

Simple but effective.

 

[za_bullet]

Or an internal employee / contractor / contractor's friend has leaked data. It's an interesting system you have, worthy of adding to a threat intel system.

Agreed. I know some companies use the strategy to detect leaks. Seed their own databases with email addresses and check that only their marketing comes to it. If they start getting spam....they can start looking for a leak.