Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Guiz... I made a big mistake.
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Guiz... I made a big mistake.

RalliasRallias Member
edited July 2016 in Providers

Guiz... I made a big mistake... it ain't delimiters fault.

So... today I got an email. Fancy that, eh? Except... oh my... it's to the email address I only used with delimiter (it also lists a couple spamcop report addresses for reports I filed, 1 which went to Quadranet, one to Hudson Valley Host, one to a host I never heard of, and one to yahoo).

So... did someone leak a database and not tell anybody?

2016-07-18 06:38:36 1bP6se-0017Mv-4d H=mail.nudt.edu.cn (nudt.edu.cn) [61.187.54.11]:10193 Warning: Message has been scanned: no virus or other harmful content was found
2016-07-18 06:38:36 1bP6se-0017Mv-4d <= [email protected] H=mail.nudt.edu.cn (nudt.edu.cn) [61.187.54.11]:10193 P=esmtp S=5038 [email protected] T="new experience" for [email protected]
2016-07-18 06:38:36 1bP6se-0017Mv-4d => the+XXXX <[email protected]> R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 <[email protected]> 0b7WNby/jFdVEQQAd1PlkA Saved"
2016-07-18 06:38:36 1bP6se-0017Mv-4d Completed

Comments

  • tommytommy Member

    how dare you claim they hacked, they are super secure!

  • jarjar Patron Provider, Top Host, Veteran

    It's both good and sad that database leaks don't even bother me anymore. Reached the ultimate point of what is already out there from other leaks vs what can be leaked further. Frankly, I've got nothing else to lose in any new leaks. My old passwords I used everywhere, publicly available. My contact information, publicly available.

    It's an oddly empowering moment to say... There's really nothing left to expose of me :)

    Hope it's not the case for delimiter's sake of course, and for any customer who may not be at the point I am.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    jarland said: It's an oddly empowering moment to say... There's really nothing left to expose of me :)

    Wait until someone jacks your google account and dumps your browser history.

    MY EYES

    Francisco

  • jarjar Patron Provider, Top Host, Veteran

    @Francisco said:

    jarland said: It's an oddly empowering moment to say... There's really nothing left to expose of me :)

    Wait until someone jacks your google account and dumps your browser history.

    MY EYES

    Francisco

    2FA I'm good ;)

    Thanked by 1netomx
  • jarland said: Hope it's not the case for delimiter's sake of course, and for any customer who may not be at the point I am.

    I hope so too, unfortunately, the preponderance of evidence I have is that it is the case.

    Francisco said: Wait until someone jacks your google account and dumps your browser history.

    Jokes on them, I use private browsing for porn.

    Thanked by 1netomx
  • @Rallias said:
    Jokes on them, I use private browsing for porn.

    Thn wait until one of your friend from the ISP dump your history ;)

  • tr1ckytr1cky Member

    @jarland said:

    @Francisco said:

    jarland said: It's an oddly empowering moment to say... There's really nothing left to expose of me :)

    Wait until someone jacks your google account and dumps your browser history.

    MY EYES

    Francisco

    2FA I'm good ;)

    I guess your sim card is registered under your real name? Then 2FA means nothing.

    Thanked by 1GCat
  • jarjar Patron Provider, Top Host, Veteran
    edited July 2016

    @tr1cky said:

    @jarland said:

    @Francisco said:

    jarland said: It's an oddly empowering moment to say... There's really nothing left to expose of me :)

    Wait until someone jacks your google account and dumps your browser history.

    MY EYES

    Francisco

    2FA I'm good ;)

    I guess your sim card is registered under your real name? Then 2FA means nothing.

    Actually, it isn't haha

  • GCatGCat Member

    @jarland said:

    @Francisco said:

    jarland said: It's an oddly empowering moment to say... There's really nothing left to expose of me :)

    Wait until someone jacks your google account and dumps your browser history.

    MY EYES

    Francisco

    2FA I'm good ;)

    Yeah, rely on 2FA, because clearly that can save you from a sophisticated attack

  • jarjar Patron Provider, Top Host, Veteran
    edited July 2016

    @GCat said:

    @jarland said:

    @Francisco said:

    jarland said: It's an oddly empowering moment to say... There's really nothing left to expose of me :)

    Wait until someone jacks your google account and dumps your browser history.

    MY EYES

    Francisco

    2FA I'm good ;)

    Yeah, rely on 2FA, because clearly that can save you from a sophisticated attack

    Well nothing can save you from a gun to your head but at some point you still have to close your eyes at night, I mean come on ;)

    We're talking about database leaks here not coming after people like a James Bond movie. Sophisticated personalized attacks would be an entirely different topic ;)

    Thanked by 1netomx
  • blackblack Member

    How long have you been a customer there?

  • netomxnetomx Moderator, Veteran

    Care to explain @Rallias ?

    Thanked by 1Falzo
  • NeoonNeoon Community Contributor, Veteran

    @jarland said:
    2FA I'm good ;)

    lel, I thought the same until i saw this Vid from LTT:

    Should check that Jarland.

    Thanked by 1doghouch
  • GCatGCat Member

    @jarland said:

    @GCat said:

    @jarland said:

    @Francisco said:

    jarland said: It's an oddly empowering moment to say... There's really nothing left to expose of me :)

    Wait until someone jacks your google account and dumps your browser history.

    MY EYES

    Francisco

    2FA I'm good ;)

    Yeah, rely on 2FA, because clearly that can save you from a sophisticated attack

    Well nothing can save you from a gun to your head but at some point you still have to close your eyes at night, I mean come on ;)

    We're talking about database leaks here not coming after people like a James Bond movie. Sophisticated personalized attacks would be an entirely different topic ;)

    Well, SS7 attacks would work nicely, or just get another sim card that is for yours, etc. would be the easiest, sophisticated attacks if you wanted to target someone.

  • emgemg Veteran

    I have detected a lot of spam that can be directly traced to customer database leaks at companies large and small. Surprisingly, several have been from well-known security and technology companies who should know better. The modus operandi is:

    • (Often, but not always the case) Company is using SalesForce for its customer database.
    • All sales and marketing personnel have full, unrestricted access to the company's customer database. Company does not invest the effort to limit access to the customer database for their personnel, based on need to know.
    • Sales and marketing personnel do not know, understand, or follow good security hygiene. In most cases, an employee opens a spam email attachment and gets their laptop infected.
    • The attacker steals passwords from the infected computer.
    • The attacker uses the passwords to connect to the Company's customer database and steals all the data.
    • Customers receive spam at email addresses that were stolen from the customer database.

    To be honest, I am surprised that we aren't seeing more ransomware-style attacks on customer databases. I assume it is because the companies are still maintaining good backup practices, or perhaps SalesForce has ways of detecting and preventing fraudulent broadscale database changes.

  • jarjar Patron Provider, Top Host, Veteran
    edited July 2016

    @GCat said:

    @jarland said:

    @GCat said:

    @jarland said:

    @Francisco said:

    jarland said: It's an oddly empowering moment to say... There's really nothing left to expose of me :)

    Wait until someone jacks your google account and dumps your browser history.

    MY EYES

    Francisco

    2FA I'm good ;)

    Yeah, rely on 2FA, because clearly that can save you from a sophisticated attack

    Well nothing can save you from a gun to your head but at some point you still have to close your eyes at night, I mean come on ;)

    We're talking about database leaks here not coming after people like a James Bond movie. Sophisticated personalized attacks would be an entirely different topic ;)

    Well, SS7 attacks would work nicely, or just get another sim card that is for yours, etc. would be the easiest, sophisticated attacks if you wanted to target someone.

    Right so not a generic database leak. I'm not into the security dick swinging thing where we theorize on every potential attack vector until the end of time just to prove everyone wrong for ever mentioning a security measure that they trust, elevating our own self image in the process, culminating in a declaration that we must set the world on fire to obtain flawless data security.

    It's a database leak we're talking about. Database leak. Not a team of ninjas dropping in from the ceiling :P

    Thanked by 1GCat
This discussion has been closed.