Did someone gain access to 1Password registration emails?

techmonkey
edited December 1969 in Lounge
The email I used to register 1Password all of a sudden received 6 SPAM emails in a row about an hour ago. Ive never gotten anything else with that email accept announcement from Agile.

Comments

  • maelcum
    maelcum
    Community Member
    edited December 1969
    Same here. The E-Mail I used to register is used only here and only once, so yes, there definately is a breach of security of some kind. Very annoying, since putting that address on a blacklist would defer all legitimate mails from Agile.
  • MartyS
    MartyS
    Community Member
    edited December 1969
    Please contact us by e-mail at support@agile.ws with the full messages (headers included) and we'll look further into the situation. Also to be sure we're looking at the correct places are these addresses also signed up for the Agile newsletters or just your software registration?
  • Ben
    Ben
    edited December 1969
    That's quite odd. I create an email address for every company I do business with, and I haven't received any spam to my agile-related address...
  • maelcum
    maelcum
    Community Member
    edited December 1969
    bwoodruff wrote:
    That's quite odd. I create an email address for every company I do business with


    Same here. I own the domain bridgehead.de, so when registering with a company, I just put their name as address in front. Thus, 1password@bridgehead.de tells me exactly, which account has been misused. As would apple@bridgehead.de, omnigraffle@brigehead.de, microsoft_office_mac@bridgehead.de.

    I've received two waves of exactly 7 mails each, with a pause of some hours inbetween. Since then, it's quiet again. But fact is, that there *is* somebody using this very unique address to send spam.

    bwoodruff wrote:
    ...and I haven't received any spam to my agile-related address...


    Maybe those data is older and your e-mail is just not in it yet. Or could it be that your spamfilter has already filtered them out? (I'm not using one, since I usually receive no spam... lucky me... :-) )

    Maybe it's not the registration database, but the forum software (I am using 1password@bridgehead.de as contact address for my account here as well).
    Or it could be the database of some marketing company that has once been given the job to inform us about new products (if those were ever involved).
    We'll probably never find out. But still, reporting it is important, for agile might want to find out about any insecurity they might not be aware of, otherwise.
  • Ned
    Ned
    edited December 1969
    I hadn't made the connection, but I too had the spam pattern others described.

    It's an excellent idea to use unique email addresses for registrations. I haven't gone quite that far, but it seems like a good idea, provided you can create an email catchall mailbox.
  • maelcum
    maelcum
    Community Member
    edited December 1969
  • techmonkey
    edited December 1969
    MartyS wrote:
    Please contact us by e-mail at support@agile.ws with the full messages (headers included) and we'll look further into the situation. Also to be sure we're looking at the correct places are these addresses also signed up for the Agile newsletters or just your software registration?


    Just sent an email.
  • MartyS
    MartyS
    Community Member
    edited December 1969
    techmonkey wrote:
    Just sent an email.


    Thanks! I've responded to your email.
  • stevenc317
    stevenc317
    Community Member
    edited December 1969
    bwoodruff wrote:
    That's quite odd. I create an email address for every company I do business with, and I haven't received any spam to my agile-related address...


    Neither have I.
  • dteare
    edited December 1969
    maelcum wrote:
    Same here. I own the domain bridgehead.de, so when registering with a company, I just put their name as address in front. Thus, 1password@bridgehead.de tells me exactly, which account has been misused. As would apple@bridgehead.de, omnigraffle@brigehead.de, microsoft_office_mac@bridgehead.de.

    I've received two waves of exactly 7 mails each, with a pause of some hours inbetween. Since then, it's quiet again. But fact is, that there *is* somebody using this very unique address to send spam.


    My guess is your address got harvested by a spambot. You just posted 4 emails here in clear text that any bot can find b/c this forum is accessible by the general public. I suspect your Apple and Omnigroup emails will be spammed soon :)
  • Special Ed
    edited December 1969
    Those emails will all be be flooded with spam now that they are out in public. Welcome to the world of spam email.
  • maelcum
    maelcum
    Community Member
    edited August 2010
    dteare wrote:

    My guess is your address got harvested by a spambot.

    Well... No.
    It hadn't been posted anywhere before.
    At least give me credit that I checked for that, before I posted here.
    But then - what do you care, eh dteare?



    dteare wrote:

    You just posted 4 emails here in clear text that any bot can find b/c this forum is accessible by the general public. I suspect your Apple and Omnigroup emails will be spammed soon :)


    I wouldn't be as stupid as to post those here.
    Each has a domain suffix to it. How would I be able to tell amazon.com from amazon.fr from amazon.de?

    Thanks so much for trying to make me look stupid. I'm glad techmonkey and MartyS have not brushed it off as lightly as you.
    So much for making your guys aware of something that could just as well be a problem on your side.
    Good to see how you value your customers experience.
    It'll be a lesson to me.

  • danco
    danco
    Volunteer Moderator
    Spammers can be clever.

    If they have the second part of your address it would be easy for them to combine it with a first part such as 1password. The only reason why this is unlikely is that there don't seem to be spams to other first parts.

    Incidentally, this ease of getting addresses is a good reason not to use things like 1password, apple, as the first part of the address. At least change it to something like danco1password, dancoapple (I didn't use your name so that no-one can harvest it; I'm not planning to use this kind of address myself).

    If there had been a real breach of security on agile's part, one would expect many more people getting spam.
  • sjk
    sjk
    1Password Alumni
    danco wrote:

    If there had been a real breach of security on agile's part, one would expect many more people getting spam.

    And reporting it, as I definitely would have if it happened to me.

    Awhile ago I reported an ongoing problem with legitimate AWS mailings being mistaken as spam. X-Spam-* headers from one of those messages about a week ago:

    X-Spam-Score: 9.8
    X-Spam-Check: Enabled,6.0,13.0,1,1,42,1,0,0,1,0,0,0,0,[SPAM],
    X-Spam-Status: Yes, score=9.8 threshold=6.0,13.0 
    X-Spam-Sys-BayesResult: No, 0.002560
    X-Spam-Report:  Content analysis details:
      4.1 ENV_FROM_SPAMSOURCES   RBL: Envelope sender listed in spamsources.mxes.net
      4.1 URIBL_SPAMSOURCES      Contains an URL listed in the spamsources.mxes.net blocklist
        [URIs: streamsend.com]
      0.0 HTML_MESSAGE           BODY: HTML included in message
      0.0 HTML_IMAGE_RATIO_08    BODY: HTML has a low ratio of text to image area
      4.1 RCVD_IN_SPAMSOURCES    Received via a relay in spamsources.mxes.net
      -2.5 SYSTEM_BAYES   0.002560
    X-Spam-Flag: Yes
    X-Spam-Junkmail: Yes
    X-Spam-Scoring: 12,3
    
  • dteare
    edited August 2010
    maelcum wrote:

    Thanks so much for trying to make me look stupid.


    This was certainly not my intent. I'm sorry my post came off that way. It is very hard to communicate emotions here.

    danco wrote:
    If there had been a real breach of security on agile's part, one would expect many more people getting spam.


    This was my feeling as well.

    sjk wrote:
    Awhile ago I reported an ongoing problem with legitimate AWS mailings being mistaken as spam. X-Spam-* headers from one of those messages about a week ago


    Thanks for the report sjk!

    We switched newsletter providers about 6 months ago. I think we'll try the old one again; they are more expensive but I think they did a better job in this regard. Please let us know if the next newsletter gets flagged as spam again.
  • sjk
    sjk
    1Password Alumni
    dteare wrote:

    Please let us know if the next newsletter gets flagged as spam again.

    Will do.
  • sjk wrote:

    Will do.


    Just curious if you got the recent newsletter?
This discussion has been closed.