spunkarooney
Member
- Joined
- Feb 24, 2004
- Posts
- 162
Forums hacked – for the 3rd time!
23/05/2008 http://www.frequentflyer.com.au/community/open-discussion/have-changed-title-13331.html%20started%20by%20me%2023/05/2008
30/12/2009 http://www.australianfrequentflyer.com.au/community/open-discussion/forums-have-again-been-hacked-20884.html
And now again on 23/10/2010.
How many times is this going to happen?
Allow me to explain, yet again:
The email address I have used for the Australian Frequent Flyer forums is not used anywhere else. That is, only these forums and me know the email address. The email address was changed after each of the two previous security breaches.
Today I received spam to that email address, this time with the subject line “sup4r-low prices!” (the email leads to a dodgy “pharmac_” site).
I accept that this site uses third party providers for its forums and other services however this is now the 3rd time there has been such a breach.
In the years I have employed this practice of using unique email addresses for sites I subscribe to, I have never had a site with so many breaches. Other sites have had a breach, they have been informed, and there has been no further breach. What is going on here?
On 02/01/2010 the administrator stated:
The admin also stated:
So, what is AFF doing about the security of its subscriber database?
23/05/2008 http://www.frequentflyer.com.au/community/open-discussion/have-changed-title-13331.html%20started%20by%20me%2023/05/2008
30/12/2009 http://www.australianfrequentflyer.com.au/community/open-discussion/forums-have-again-been-hacked-20884.html
And now again on 23/10/2010.
How many times is this going to happen?
Allow me to explain, yet again:
The email address I have used for the Australian Frequent Flyer forums is not used anywhere else. That is, only these forums and me know the email address. The email address was changed after each of the two previous security breaches.
Today I received spam to that email address, this time with the subject line “sup4r-low prices!” (the email leads to a dodgy “pharmac_” site).
I accept that this site uses third party providers for its forums and other services however this is now the 3rd time there has been such a breach.
In the years I have employed this practice of using unique email addresses for sites I subscribe to, I have never had a site with so many breaches. Other sites have had a breach, they have been informed, and there has been no further breach. What is going on here?
On 02/01/2010 the administrator stated:
Over the last 18 months, we have invested heavily in new infrastructure, security staff and process to ensure that our forum data remains secure and confidential. I am confident that the databases that we manage are as secure as they can be.
Given the ongoing breaches, I don’t accept this.
The admin also stated:
That said, there was a security breach in the subscription database of The Frequent Flyer Gazette, our weekly newsletter which many of you receive. The Frequent Flyer Gazette is a completely separate to AFF. It has its own domain name and subscription database. We use a Aweber, the leading subscription management company and a highly reputable company, to manage this subscription list and send the weekly newsletter.
Now, I’ve just checked the blog of Aweber, and guess what? Yep, they’ve again been hacked http://www.aweber.com/blog/uncategorized/data-accessed.htm :
Over the weekend, AWeber was the target of a deliberate and successful attempt to mine email addresses.
As if to share the blame, in the vein of “we’re just as bad as the others”, the CEO states:
This incident appears to be part of a broader series of similar successful attacks on a number of email service providers (ESPs).
Seriously, if an email marketing mob can’t maintain its lists securely then who can? This is the core of that mob’s business.
So, what is AFF doing about the security of its subscriber database?