User comments on ISPs
  >> PlusNet plc


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | 5 | (show all)   Print Thread
Standard User RobertoS
(elder) Sat 15-Dec-18 22:45:08
Print Post

Suspected personal information leak


[link to this post]
 
I am an ex Plusnet customer. I left a few years ago.

I have received a more than usually nasty email, of the type that demands money via Bitcoin not to encrypt my files, or alternatively that they have malware on my equipment that has used my face-facing camera to film me during a certain sex act.

This one threatens an acid attack to my eyes. (… splashing sourness in your visage. Standard order - fast, painfully, forever. Without too much fuss.)

My email address used is one I provided to Plusnet on signup to notify me of upcoming Direct Debits and such. Also used for the Community forums. It is unique to Plusnet and never provided to any other contact.

Has anyone else received this particular threat recently please? Using the email address Plusnet has, or has had. I'm wondering if the replacement billing system either has a security leak, or the old one is now unsecured.

The worrying aspect in this case, different from the others, is that if a hacker has obtained this from PlusNet's files they probably also have my address.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.

Edited by RobertoS (Sat 15-Dec-18 22:50:07)

Standard User XRaySpeX
(eat-sleep-adslguide) Sun 16-Dec-18 00:46:58
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
Have you checked that email addy at Have I Been Pwned?

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC
Standard User RobertoS
(elder) Sun 16-Dec-18 02:00:12
Print Post

Re: Suspected personal information leak


[re: XRaySpeX] [link to this post]
 
No. But a great suggestion, thanks. Your link replies
Oh no - pwned!

Pwned on 1 breached site and no pastes (subscribe to search sensitive breaches)
Sleep time next, but seeing as it is a unique address it’s a bit worrying because although probably ignorable the possibility of my home address being known alters the scare/risk factor considerably.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.


Register (or login) on our website and you will not see this ad.

Standard User kasg
(knowledge is power) Sun 16-Dec-18 08:07:58
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
I haven't received any emails like that to my Plusnet address but, as it happens, https://haveibeenpwned.com/ does report my unique Plusnet address as having been pwned by:

"Onliner Spambot (spam list): In August 2017, a spambot by the name of Onliner Spambot was identified by security researcher Benkow moʞuƎq. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titled Inside the Massive 711 Million Record Onliner Spambot Dump."

I think this is the most common breach that comes up and I'm not sure it necessarily implies that Plusnet's security has been compromised.

The safest thing to do is to retire/change the address.

Kevin

plusnet Unlimited Fibre Extra - sync 79999/20000 at around 450m - BQM
Using OpenDNS
Domains and web hosting with TSOHOST
Standard User Brib
(newbie) Sun 16-Dec-18 09:25:18
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
Hi,

Yes, it's quite a good one isn't. Rung my bell for a few minutes. It's been around a few months now. Very convincing, and upsetting. I had a similar one it contained an old password in the subject line.

I suspect hundreds of thousands of people received them.

Try not to worry about it.

PLus keep renewing the those passwords regularly.

Best wishes

Brian

Info :-
Line: Length 875m metres to cabinet
Modem router:HG612 bridged to HomeHub 5 B
IP Profile = Down 49.19 Mbps Up 20 Mbps
Now: BT infinity 1 FTTC SyncDown: 53138kbps SyncUp: 8120
2017: BT infinity 1 FTTC SyncDown: 54999SyncUp: 8608
2015: BT infinity 1 FTTC SyncDown: 40000kbps SyncUp: 9278
2013: BT Broadband ADSLMax 8Mbp Down: 6.79 Mbps Up: 0.36Mbps
2007: Newnet ADSLMax 8Mbp Down: 5986 kbps Up: 376 kbps
2005: Freedom2Surf ADSL Down: 5143 kbps Up: 374 kbps
Standard User greenglide
(experienced) Sun 16-Dec-18 10:10:36
Print Post

Re: Suspected personal information leak


[re: kasg] [link to this post]
 
I think this is the most common breach that comes up and I'm not sure it necessarily implies that Plusnet's security has been compromised

But if the email address has only ever been given to Plusnet (I also use the save technique as RobertoS and have my own domain and give each site a unique email address} then it would be unlikely that anyone but Plusnet could have dropped the ball?

BT Infinity 2 - IP profile 77 / 20 - super fast!
Previously BE Unlimited - 21,000 Download 1,200 Upload but then moved house - 6,500 Down, 1Mb/s up - gutted!
Ex <n>ildram , been to SKY MAX - 15,225 Download
Standard User RobertoS
(elder) Sun 16-Dec-18 10:11:39
Print Post

Re: Suspected personal information leak


[re: kasg] [link to this post]
 
That was the further detail haveI gave me as well Kevin.

The point is not the email address itself, which is obviously irrelevant. Comes in on a catch all.

The concern is that my house address would probably be in the same database, along with my landline phone number.

House addresses are not easily “retired”. wink

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.

Edited by RobertoS (Sun 16-Dec-18 10:15:31)

Standard User RobertoS
(elder) Sun 16-Dec-18 10:18:33
Print Post

Re: Suspected personal information leak


[re: Brib] [link to this post]
 
In reply to a post by Brib:
Plus keep renewing the those passwords regularly.
Passwords are not the issue. The other data in any hacked database like this is.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.
Standard User jchamier
(eat-sleep-adslguide) Sun 16-Dec-18 11:17:56
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
In reply to a post by RobertoS:
The concern is that my house address would probably be in the same database, along with my landline phone number.

Pretty sure that assumptions are being made, that whilst possible, are not guaranteed. Not discounting a leak, but there are other ways to get email addresses created by spammers.

If the domain is created from words (any language) or names, then assume these are in dictionaries. Then if the local part is the company name, then this will also be in a dictionary. If these are popular business names (e.g. frequent TV advertising) then they will exist.

Eventually the spammers just use aaaaaa then aaaab etc, to create every combination. Its quite easy to do programatically frown

No hacking/leaking/exposure has to occur for plusnet@myname.com to be created, along with millions of derivatives. plusnet1@ bills@plusnet.myname.com

The spammers just send all these anyway. They just invent this.

Most anti-spam campaigners recommend not using catch-all inboxes, but to specify addresses used, and refuse everything else. Note this is not bounce, or filter, this is refuse. Uses a lot less CPU to say "Not for me mate" at the SMTP level.

plusnet 80/20 (2/jun/14) at 470m - sync 19/Sep/18: 61,689 / 8,831 - G.INP & 3.0 dB SNRm
19 years of broadband, from 1999's ntl:cable modem trial - Live BQM
Standard User jchamier
(eat-sleep-adslguide) Sun 16-Dec-18 11:20:01
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
In reply to a post by RobertoS:
In reply to a post by Brib:
Plus keep renewing the those passwords regularly.
Passwords are not the issue. The other data in any hacked database like this is.

Agreed, if you think there is a possible leak contact Plusnet and the ICO.

https://ico.org.uk/your-data-matters/raising-concerns/

plusnet 80/20 (2/jun/14) at 470m - sync 19/Sep/18: 61,689 / 8,831 - G.INP & 3.0 dB SNRm
19 years of broadband, from 1999's ntl:cable modem trial - Live BQM

Edited by jchamier (Sun 16-Dec-18 11:20:41)

Pages in this thread: 1 | 2 | 3 | 4 | 5 | (show all)   Print Thread

Jump to