Pixmania email security breach?

Legacy_user

Dear MSE'rs

I have just received some spam to my pixmania account email address (I know this because it was addressed to a dedicated email address I used for, i.e. pixmania@....).

Has anyone else seen spam via pixmania recently? I am concerned about the fact that they might have had their security breached a la Sony.

The sender of the email was "petryrojxbana@hotmail.com" and looking at the source of the email it is peddling:

Customer Service Assistant vacancy at ASTRO Consulting

I have had similar issues with Play.com and my Playstation account too - this is getting very concerning now as they are no longer rare isolated incidences for me.

8u87fhsd

& I also use pixmania@

asbokid

balfralf wrote: »

Dear MSE'rs

I have just received some spam to my pixmania account email address (I know this because it was addressed to a dedicated email address I used for, i.e. pixmania@....).

Has anyone else seen spam via pixmania recently? I am concerned about the fact that they might have had their security breached a la Sony.

The sender of the email was "petryrojxbana@hotmail.com" and looking at the source of the email it is peddling:

Customer Service Assistant vacancy at ASTRO Consulting

I have had similar issues with Play.com and my Playstation account too - this is getting very concerning now as they are no longer rare isolated incidences for me.

Your suspicions of an email compromise are probably well founded.. Although the compromise might not have been through pixmania and its email or e-commerce servers.

How is your email provided? Can you be sure that the mail servers you are using have always been free from compromise? Or indeed is the security of your own connectivity provided through your ISP beyond doubt?

System

asbokid wrote: »

Your suspicions of an email compromise are probably well founded.. Although the compromise might not have been through pixmania and its email or e-commerce servers.

How is your email provided? Can you be sure that the mail servers you are using have always been free from compromise? Or indeed is the security of your own connectivity provided through your ISP beyond doubt?

I Agree ASBOKID, I thought a concensus of opinion on MSE might help indicate that Pixmania was the culprit rather than my ISP or perhaps even the delivery firm they've used for my deliveries.

debitcardmayhem

asbokid wrote: »

Your suspicions of an email compromise are probably well founded.. Although the compromise might not have been through pixmania and its email or e-commerce servers.

I don't use pixmaniacs at all , but I get spam at my FT com throwaway address plus also for some throwaways for the OH (trust is a wonderful thing ) and a couple of others I use

How is your email provided? Can you be sure that the mail servers you are using have always been free from compromise? Or indeed is the security of your own connectivity provided through your ISP beyond doubt?

My throwaways are via several mail providers , and if it is the ISP that is compromised then how did they specifically choose to use B7370616d6674 @ myaddresstoday.com which identifies ft(and the year I registered) and others eg A7370616d6d7365 being from mse , oh and also I also use a non-throwaway when I first register so that I can track the spam if I get two identical mails. I haven't yet found one that doesn't allow you change your email after registration

asbokid

debitcardmayhem wrote: »

I don't use sexmaniacs at all, but I get spam at my FT com throwaway address plus also for some throwaways for the OH (trust is a wonderful thing) and a couple of others I use

My throwaways are via several mail providers , and if it is the ISP that is compromised then how did they specifically choose to use B7370616d6674 @ myaddresstoday.com which identifies ft (and the year I registered) and others eg A7370616d6d7365 being from mse , oh and also I also use a non-throwaway when I first register so that I can track the spam if I get two identical mails. I haven't yet found one that doesn't allow you change your email after registration

That's interesting although I don't fully understand what you are doing.

You have used unique and unguessable email addresses to subscribe to each online service?

And yet 'they' still send spam to those unique email mailboxes?

But who is 'they', and how are they linked to the subscribed service?

The spammers might just have compromised a router, or a web server that provides hosting to the company, among many others.

I just did a traceroute to www.ft.com and it was more than 20 hops. Any one of those routers could be compromised, allowing traffic to be sniffed for harvesting email addresses.

madonnamustache

balfralf wrote: »

Dear MSE'rs

I have just received some spam to my pixmania account email address (I know this because it was addressed to a dedicated email address I used for, i.e. pixmania@....).

Has anyone else seen spam via pixmania recently? I am concerned about the fact that they might have had their security breached a la Sony.

The sender of the email was "petryrojxbana@hotmail.com" and looking at the source of the email it is peddling:

Customer Service Assistant vacancy at ASTRO Consulting

I have had similar issues with Play.com and my Playstation account too - this is getting very concerning now as they are no longer rare isolated incidences for me.

Same here - dedicated Pixmania email COMPROMISED! Same with TheBookDepository and a couple of others. Oh dear!:eek:

asbokid

madonnamustache wrote: »

Same here - dedicated Pixmania email COMPROMISED! Same with TheBookDepository and a couple of others. Oh dear!

Again, what does this prove? Most important question is who provides the mailboxes?

If all your 'dedicated' mailboxes are provided by gmail.com, then Google would be the prime suspect, not pixmania nor thebooksuppository..

debitcardmayhem

asbokid wrote: »

And yet 'they' still send spam to those unique email mailboxes?

But who is 'they', and how are they linked to the subscribed service?

I will save some and if you like I will send you the UPS / DHL and others, trojan dropper zip/pdf(really a zip) files

The spammers might just have compromised a router, or a web server that provides hosting to the company, among many others.

Mmmm but registering is ssl'd so they must have trawled through the outgoing emails in that case.

Edited: Sorry I can't send you the Viagra I have a use for it :beer:

debitcardmayhem

@asbokid That's interesting although I don't fully understand what you are doing.

take away first letter (A=10,B=11,9=9,etc ...ok it only keeps me going til 2015) then eg
use your linux box and do enter "echo spamft | od -xc" then you get 7073 6d61 7466 000a ie 7370616d6674 @ a throwaway com. So I register as that and also for "debitcardmayhem @ mse..... " . I opt for no contact on the "real debit address" and lo I get the same spam to each ergo it must be from spamft , not explaining too well but hey it has been free beer day .

asbokid

debitcardmayhem wrote: »

take away first letter (A=10,B=11,9=9,etc ...ok it only keeps me going til 2015) then eg
use your linux box and do enter "echo spamft | od -xc" then you get 7073 6d61 7466 000a ie 7370616d6674 @ a throwaway com. So I register as that and also for "debitcardmayhem @ mse..... " . I opt for no contact on the "real debit address" and lo I get the same spam to each ergo it must be from spamft , not explaining too well but hey it has been free beer day .

blimey! i wish i had never asked!

anewman has posted elsewhere, and he too reports getting spam to the mailbox he only uses for pixmania..

did you read this?

http://www.boards.ie/vbulletin/showthread.php?p=70778012

read lower down and someone adds the caveat that just because some scrote says he has hacked a server, doesn't necessarily mean that he has..