This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
Did someone gain access to 1Password registration emails?
techmonkey
Junior Member ✭
The email I used to register 1Password all of a sudden received 6 SPAM emails in a row about an hour ago. Ive never gotten anything else with that email accept announcement from Agile.
Flag
0
Comments
-
Please contact us by e-mail at [email]support@agile.ws[/email] with the full messages (headers included) and we'll look further into the situation. Also to be sure we're looking at the correct places are these addresses also signed up for the Agile newsletters or just your software registration?Flag 0
-
[quote name='bwoodruff']That's quite odd. I create an email address for every company I do business with[/QUOTE]
Same here. I own the domain bridgehead.de, so when registering with a company, I just put their name as address in front. Thus, [email]1password@bridgehead.de[/email] tells me exactly, which account has been misused. As would [email]apple@bridgehead.de[/email], [email]omnigraffle@brigehead.de[/email], [email]microsoft_office_mac@bridgehead.de[/email].
I've received two waves of exactly 7 mails each, with a pause of some hours inbetween. Since then, it's quiet again. But fact is, that there *is* somebody using this very unique address to send spam.
[quote name='bwoodruff']...and I haven't received any spam to my agile-related address...[/QUOTE]
Maybe those data is older and your e-mail is just not in it yet. Or could it be that your spamfilter has already filtered them out? (I'm not using one, since I usually receive no spam... lucky me... :-) )
Maybe it's not the registration database, but the forum software (I am using [email]1password@bridgehead.de[/email] as contact address for my account here as well).
Or it could be the database of some marketing company that has once been given the job to inform us about new products (if those were ever involved).
We'll probably never find out. But still, reporting it is important, for agile might want to find out about any insecurity they might not be aware of, otherwise.Flag 0 -
I hadn't made the connection, but I too had the spam pattern others described.
It's an excellent idea to use [I]unique[/I] email addresses for registrations. I haven't gone quite that far, but it seems like a good idea, provided you can create an email catchall mailbox.Flag 0 -
[quote name='MartyS']Please contact us by e-mail at [email]support@agile.ws[/email] with the full messages (headers included) and we'll look further into the situation. Also to be sure we're looking at the correct places are these addresses also signed up for the Agile newsletters or just your software registration?[/QUOTE]
Just sent an email.Flag 0 -
[quote name='bwoodruff']That's quite odd. I create an email address for every company I do business with, and I haven't received any spam to my agile-related address...[/QUOTE]
Neither have I.Flag 0 -
[quote name='maelcum']Same here. I own the domain bridgehead.de, so when registering with a company, I just put their name as address in front. Thus, [email]1password@bridgehead.de[/email] tells me exactly, which account has been misused. As would [email]apple@bridgehead.de[/email], [email]omnigraffle@brigehead.de[/email], [email]microsoft_office_mac@bridgehead.de[/email].
I've received two waves of exactly 7 mails each, with a pause of some hours inbetween. Since then, it's quiet again. But fact is, that there *is* somebody using this very unique address to send spam. [/QUOTE]
My guess is your address got harvested by a spambot. You just posted 4 emails here in clear text that any bot can find b/c this forum is accessible by the general public. I suspect your Apple and Omnigroup emails will be spammed soon :)Flag 0 -
Those emails will all be be flooded with spam now that they are out in public. Welcome to the world of spam email.Flag 0
-
[quote name='dteare' timestamp='1276975952' post='4627']
My guess is your address got harvested by a spambot.
[/quote]
Well... No.
It hadn't been posted anywhere before.
At least give me credit that I checked for that, before I posted here.
But then - what do you care, eh dteare?
[quote name='dteare' timestamp='1276975952' post='4627']
You just posted 4 emails here in clear text that any bot can find b/c this forum is accessible by the general public. I suspect your Apple and Omnigroup emails will be spammed soon <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />
[/quote]
I wouldn't be as stupid as to post those here.
Each has a domain suffix to it. How would I be able to tell amazon.com from amazon.fr from amazon.de?
Thanks so much for trying to make me look stupid. I'm glad techmonkey and MartyS have not brushed it off as lightly as you.
So much for making your guys aware of something that could just as well be a problem on your side.
Good to see how you value your customers experience.
It'll be a lesson to me.Flag 0 -
Spammers can be clever.
If they have the second part of your address it would be easy for them to combine it with a first part such as 1password. The only reason why this is unlikely is that there don't seem to be spams to other first parts.
Incidentally, this ease of getting addresses is a good reason not to use things like 1password, apple, as the first part of the address. At least change it to something like danco1password, dancoapple (I didn't use your name so that no-one can harvest it; I'm not planning to use this kind of address myself).
If there had been a real breach of security on agile's part, one would expect many more people getting spam.Flag 0 -
[quote name='danco' timestamp='1282030117' post='8981']
If there had been a real breach of security on agile's part, one would expect many more people getting spam.[/quote]
And reporting it, as I definitely would have if it happened to me.
Awhile ago I reported an ongoing problem with legitimate AWS mailings being mistaken as spam. X-Spam-* headers from one of those messages about a week ago:
[code]X-Spam-Score: 9.8
X-Spam-Check: Enabled,6.0,13.0,1,1,42,1,0,0,1,0,0,0,0,[SPAM],
X-Spam-Status: Yes, score=9.8 threshold=6.0,13.0
X-Spam-Sys-BayesResult: No, 0.002560
X-Spam-Report: Content analysis details:
4.1 ENV_FROM_SPAMSOURCES RBL: Envelope sender listed in spamsources.mxes.net
4.1 URIBL_SPAMSOURCES Contains an URL listed in the spamsources.mxes.net blocklist
[URIs: streamsend.com]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_IMAGE_RATIO_08 BODY: HTML has a low ratio of text to image area
4.1 RCVD_IN_SPAMSOURCES Received via a relay in spamsources.mxes.net
-2.5 SYSTEM_BAYES 0.002560
X-Spam-Flag: Yes
X-Spam-Junkmail: Yes
X-Spam-Scoring: 12,3
[/code]Flag 0 -
[quote name='maelcum' timestamp='1281952905' post='8874']
Thanks so much for trying to make me look stupid.
[/quote]
This was certainly not my intent. I'm sorry my post came off that way. It is very hard to communicate emotions here.
[quote name='danco' timestamp='1282030117' post='8981']If there had been a real breach of security on agile's part, one would expect many more people getting spam.
[/quote]
This was my feeling as well.
[quote name='sjk' timestamp='1282069189' post='9020']Awhile ago I reported an ongoing problem with legitimate AWS mailings being mistaken as spam. X-Spam-* headers from one of those messages about a week ago[/quote]
Thanks for the report sjk!
We switched newsletter providers about 6 months ago. I think we'll try the old one again; they are more expensive but I think they did a better job in this regard. Please let us know if the next newsletter gets flagged as spam again.Flag 0 -
[quote name='dteare' timestamp='1282154392' post='9101']
Please let us know if the next newsletter gets flagged as spam again.[/quote]
Will do.Flag 0
![[Deleted User]](https://w8.vanillicon.com/v2/8a7668570eb1cf4d559c46e43898b35a.svg)