On the day I posted Suspected Data Security Breach at iContact.com I was contacted via Facebook by someone with an email address @icontact.com. I forwarded them the same information that I sent to their abuse team. I’ve not heard anything back since.
I have been contacted by one of the sites/services whose address-list has been breached, simply to ask to be kept in the loop with iContact.com’s response.
I have done some further research into my mail folders. I have found one address which iContact.com have on record which has not yet received any spam. As a result, this address hasn’t been compromised and has been replaced by HIDDEN on this public website. iContact’s abuse team has been provided with the full details, however:
Received: from smtp7.icpbounce.com ([::ffff:216.27.93.119])
by faelix.net with esmtp; Tue, 01 Jan 2008 01:12:36 +0000
id 000013C1.47799384.00003B72
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp7.icpbounce.com (Postfix) with ESMTP id 43D6197750
for <HIDDEN>; Mon, 31 Dec 2007 19:54:34 -0500 (EST)
Date: Mon, 31 Dec 2007 19:54:34 -0500
This address hasn’t received any emails this month:
The last email sent to this address was via iContact.com on 17th July 2009:
Received: from smtp15.icpbounce.com ([::ffff:216.27.93.111])
by faelix.net with esmtp; Fri, 17 Jul 2009 23:30:51 +0100
id 000010FE.4A60FB9D.000039C9
Received: from localhost.localdomain (localhost [127.0.0.1])
by smtp15.icpbounce.com (Postfix) with ESMTP id D37AA6A0C98
for <HIDDEN>; Fri, 17 Jul 2009 18:01:58 -0400 (EDT)
Date: Fri, 17 Jul 2009 18:01:58 -0400
Timeline
March 2002
photonlight@maz.nu receives its first iContact.com mail
1st January 2008
HIDDEN receives its first iContact.com mail
7th Feb 2009
macheist.com@maz.nu receives its first iContact.com mail
1st April 2009
macheist.com@maz.nu receives its last iContact.com mail (address now blacklisted)
2nd April 2009
bloomsbury.com@maz.nu receives its first iContact.com mail
14th May 2009
slimes@maz.nu receives its first iContact.com mail
17th July 2009
HIDDEN receives its last iContact.com mail (address still valid)
27th July 2009
bloomsbury.com@maz.nu receives its last iContact.com mail (address now blacklisted)
30th December 2009
photonlight@maz.nu receives its last iContact.com mail (address now blacklisted)
18th January 2010
slimes@maz.nu receives its last iContact.com mail (address now blacklisted)
At first I wondered if the anomalous address, HIDDEN, was an indicator that perhaps only addresses recently sent a newsletter by iContact.com had been breached (i.e. those contacted after 17th July 2009). The counter-example is macheist.com@maz.nu which has been receiving emails only via Google’s mailers since April 1st 2009, so that theory doesn’t hold water. However, it would appear that not all of my addresses on file at iContact have been spammed yet, so perhaps this isn’t a total breach… or perhaps I’m still waiting for HIDDEN to be hit!
Update: Likely Data Security Breach at iContact.com
On the day I posted Suspected Data Security Breach at iContact.com I was contacted via Facebook by someone with an email address @icontact.com. I forwarded them the same information that I sent to their abuse team. I’ve not heard anything back since.
Others have picked up on this likely breach at iContact.com:
iContact have answered some concerns: they are looking into the problem.
I have been contacted by one of the sites/services whose address-list has been breached, simply to ask to be kept in the loop with iContact.com’s response.
I have done some further research into my mail folders. I have found one address which iContact.com have on record which has not yet received any spam. As a result, this address hasn’t been compromised and has been replaced by HIDDEN on this public website. iContact’s abuse team has been provided with the full details, however:
Received: from smtp7.icpbounce.com ([::ffff:216.27.93.119]) by faelix.net with esmtp; Tue, 01 Jan 2008 01:12:36 +0000 id 000013C1.47799384.00003B72 Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp7.icpbounce.com (Postfix) with ESMTP id 43D6197750 for <HIDDEN>; Mon, 31 Dec 2007 19:54:34 -0500 (EST) Date: Mon, 31 Dec 2007 19:54:34 -0500This address hasn’t received any emails this month:
The last email sent to this address was via iContact.com on 17th July 2009:
Received: from smtp15.icpbounce.com ([::ffff:216.27.93.111]) by faelix.net with esmtp; Fri, 17 Jul 2009 23:30:51 +0100 id 000010FE.4A60FB9D.000039C9 Received: from localhost.localdomain (localhost [127.0.0.1]) by smtp15.icpbounce.com (Postfix) with ESMTP id D37AA6A0C98 for <HIDDEN>; Fri, 17 Jul 2009 18:01:58 -0400 (EDT) Date: Fri, 17 Jul 2009 18:01:58 -0400Timeline
At first I wondered if the anomalous address, HIDDEN, was an indicator that perhaps only addresses recently sent a newsletter by iContact.com had been breached (i.e. those contacted after 17th July 2009). The counter-example is macheist.com@maz.nu which has been receiving emails only via Google’s mailers since April 1st 2009, so that theory doesn’t hold water. However, it would appear that not all of my addresses on file at iContact have been spammed yet, so perhaps this isn’t a total breach… or perhaps I’m still waiting for HIDDEN to be hit!