User comments on ISPs
  >> PlusNet plc


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | 5 | (show all)   Print Thread
Standard User RobertoS
(elder) Sat 15-Dec-18 22:45:08
Print Post

Suspected personal information leak


[link to this post]
 
I am an ex Plusnet customer. I left a few years ago.

I have received a more than usually nasty email, of the type that demands money via Bitcoin not to encrypt my files, or alternatively that they have malware on my equipment that has used my face-facing camera to film me during a certain sex act.

This one threatens an acid attack to my eyes. (… splashing sourness in your visage. Standard order - fast, painfully, forever. Without too much fuss.)

My email address used is one I provided to Plusnet on signup to notify me of upcoming Direct Debits and such. Also used for the Community forums. It is unique to Plusnet and never provided to any other contact.

Has anyone else received this particular threat recently please? Using the email address Plusnet has, or has had. I'm wondering if the replacement billing system either has a security leak, or the old one is now unsecured.

The worrying aspect in this case, different from the others, is that if a hacker has obtained this from PlusNet's files they probably also have my address.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.

Edited by RobertoS (Sat 15-Dec-18 22:50:07)

Standard User XRaySpeX
(eat-sleep-adslguide) Sun 16-Dec-18 00:46:58
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
Have you checked that email addy at Have I Been Pwned?

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC
Standard User RobertoS
(elder) Sun 16-Dec-18 02:00:12
Print Post

Re: Suspected personal information leak


[re: XRaySpeX] [link to this post]
 
No. But a great suggestion, thanks. Your link replies
Oh no - pwned!

Pwned on 1 breached site and no pastes (subscribe to search sensitive breaches)
Sleep time next, but seeing as it is a unique address it’s a bit worrying because although probably ignorable the possibility of my home address being known alters the scare/risk factor considerably.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.


Register (or login) on our website and you will not see this ad.

Standard User kasg
(knowledge is power) Sun 16-Dec-18 08:07:58
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
I haven't received any emails like that to my Plusnet address but, as it happens, https://haveibeenpwned.com/ does report my unique Plusnet address as having been pwned by:

"Onliner Spambot (spam list): In August 2017, a spambot by the name of Onliner Spambot was identified by security researcher Benkow moʞuƎq. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titled Inside the Massive 711 Million Record Onliner Spambot Dump."

I think this is the most common breach that comes up and I'm not sure it necessarily implies that Plusnet's security has been compromised.

The safest thing to do is to retire/change the address.

Kevin

plusnet Unlimited Fibre Extra - sync 79999/20000 at around 450m - BQM
Using OpenDNS
Domains and web hosting with TSOHOST
Standard User Brib
(newbie) Sun 16-Dec-18 09:25:18
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
Hi,

Yes, it's quite a good one isn't. Rung my bell for a few minutes. It's been around a few months now. Very convincing, and upsetting. I had a similar one it contained an old password in the subject line.

I suspect hundreds of thousands of people received them.

Try not to worry about it.

PLus keep renewing the those passwords regularly.

Best wishes

Brian

Info :-
Line: Length 875m metres to cabinet
Modem router:HG612 bridged to HomeHub 5 B
IP Profile = Down 49.19 Mbps Up 20 Mbps
Now: BT infinity 1 FTTC SyncDown: 53138kbps SyncUp: 8120
2017: BT infinity 1 FTTC SyncDown: 54999SyncUp: 8608
2015: BT infinity 1 FTTC SyncDown: 40000kbps SyncUp: 9278
2013: BT Broadband ADSLMax 8Mbp Down: 6.79 Mbps Up: 0.36Mbps
2007: Newnet ADSLMax 8Mbp Down: 5986 kbps Up: 376 kbps
2005: Freedom2Surf ADSL Down: 5143 kbps Up: 374 kbps
Standard User greenglide
(experienced) Sun 16-Dec-18 10:10:36
Print Post

Re: Suspected personal information leak


[re: kasg] [link to this post]
 
I think this is the most common breach that comes up and I'm not sure it necessarily implies that Plusnet's security has been compromised

But if the email address has only ever been given to Plusnet (I also use the save technique as RobertoS and have my own domain and give each site a unique email address} then it would be unlikely that anyone but Plusnet could have dropped the ball?

BT Infinity 2 - IP profile 77 / 20 - super fast!
Previously BE Unlimited - 21,000 Download 1,200 Upload but then moved house - 6,500 Down, 1Mb/s up - gutted!
Ex <n>ildram , been to SKY MAX - 15,225 Download
Standard User RobertoS
(elder) Sun 16-Dec-18 10:11:39
Print Post

Re: Suspected personal information leak


[re: kasg] [link to this post]
 
That was the further detail haveI gave me as well Kevin.

The point is not the email address itself, which is obviously irrelevant. Comes in on a catch all.

The concern is that my house address would probably be in the same database, along with my landline phone number.

House addresses are not easily “retired”. wink

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.

Edited by RobertoS (Sun 16-Dec-18 10:15:31)

Standard User RobertoS
(elder) Sun 16-Dec-18 10:18:33
Print Post

Re: Suspected personal information leak


[re: Brib] [link to this post]
 
In reply to a post by Brib:
Plus keep renewing the those passwords regularly.
Passwords are not the issue. The other data in any hacked database like this is.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.
Standard User jchamier
(eat-sleep-adslguide) Sun 16-Dec-18 11:17:56
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
In reply to a post by RobertoS:
The concern is that my house address would probably be in the same database, along with my landline phone number.

Pretty sure that assumptions are being made, that whilst possible, are not guaranteed. Not discounting a leak, but there are other ways to get email addresses created by spammers.

If the domain is created from words (any language) or names, then assume these are in dictionaries. Then if the local part is the company name, then this will also be in a dictionary. If these are popular business names (e.g. frequent TV advertising) then they will exist.

Eventually the spammers just use aaaaaa then aaaab etc, to create every combination. Its quite easy to do programatically frown

No hacking/leaking/exposure has to occur for plusnet@myname.com to be created, along with millions of derivatives. plusnet1@ bills@plusnet.myname.com

The spammers just send all these anyway. They just invent this.

Most anti-spam campaigners recommend not using catch-all inboxes, but to specify addresses used, and refuse everything else. Note this is not bounce, or filter, this is refuse. Uses a lot less CPU to say "Not for me mate" at the SMTP level.

plusnet 80/20 (2/jun/14) at 470m - sync 19/Sep/18: 61,689 / 8,831 - G.INP & 3.0 dB SNRm
19 years of broadband, from 1999's ntl:cable modem trial - Live BQM
Standard User jchamier
(eat-sleep-adslguide) Sun 16-Dec-18 11:20:01
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
In reply to a post by RobertoS:
In reply to a post by Brib:
Plus keep renewing the those passwords regularly.
Passwords are not the issue. The other data in any hacked database like this is.

Agreed, if you think there is a possible leak contact Plusnet and the ICO.

https://ico.org.uk/your-data-matters/raising-concerns/

plusnet 80/20 (2/jun/14) at 470m - sync 19/Sep/18: 61,689 / 8,831 - G.INP & 3.0 dB SNRm
19 years of broadband, from 1999's ntl:cable modem trial - Live BQM

Edited by jchamier (Sun 16-Dec-18 11:20:41)

Standard User steve195527
(learned) Sun 16-Dec-18 12:04:16
Print Post

Re: Suspected personal information leak


[re: greenglide] [link to this post]
 
one thing to remember about these leaks is that if somebody wanted to find out things about you re your address/phone number etc they can and have been able to use the electoral roll to do exactly that allied to an old fashioned phone book for donkeys years,all the electronic data bases have done is make things easier for crooks to gather info on people
Standard User RobertoS
(elder) Sun 16-Dec-18 12:25:54
Print Post

Re: Suspected personal information leak


[re: jchamier] [link to this post]
 
I run a catch all mailbox on all my domains, including this one. Spammers, phishes and the like have no need to determine what comes before the @.

It is therefore extremely unlikely that the unique prefix for Plusnet would result in an email to me using it unless the Plusnet database provided it.

I still suspect it will be from the redundant billing system.

There is no email address on the website for the accounts department else I would have sent one earlier. A phone call on Monday is probably best. Or do an online search for the CEO’s email address, which would probably be the most productive and least hassle option.

Which all puts me back to the original question. Are people getting this particular email, or any other in fact, to a unique Plusnet address. People who have a multiple-use email address won’t know of course.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.
Standard User steve195527
(learned) Sun 16-Dec-18 13:03:55
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
In reply to a post by RobertoS:
I run a catch all mailbox on all my domains, including this one. Spammers, phishes and the like have no need to determine what comes before the @.

It is therefore extremely unlikely that the unique prefix for Plusnet would result in an email to me using it unless the Plusnet database provided it.

I still suspect it will be from the redundant billing system.

There is no email address on the website for the accounts department else I would have sent one earlier. A phone call on Monday is probably best. Or do an online search for the CEO’s email address, which would probably be the most productive and least hassle option.

Which all puts me back to the original question. Are people getting this particular email, or any other in fact, to a unique Plusnet address. People who have a multiple-use email address won’t know of course.

Once an email address has been compromised/harvested(whatever term is used it means basically the same thing)other than changing to a new strong password what can be done,can an email addy be totally disabled by the holder of the domain it is linked to or is like most things put on the web "there for all time"?
Standard User mrkevlh
(newbie) Sun 16-Dec-18 13:24:06
Print Post

Re: Suspected personal information leak


[re: steve195527] [link to this post]
 
The advantage of having your own domain is that when an email is compromised like this you can just move to another alias (and delete the old one). I've been doing this for years and I've lost count of the number of times I've had to change my paypal address (3rd party sellers yo). Because of this i get zero spam.

Edited by mrkevlh (Sun 16-Dec-18 13:25:52)

Standard User steve195527
(learned) Sun 16-Dec-18 13:38:22
Print Post

Re: Suspected personal information leak


[re: mrkevlh] [link to this post]
 
In reply to a post by mrkevlh:
The advantage of having your own domain is that when an email is compromised like this you can just move to another alias (and delete the old one). I've been doing this for years and I've lost count of the number of times I've had to change my paypal address (3rd party sellers yo). Because of this i get zero spam.

how easy is it to get a 3rd party to do this ? and how can you be 100% sure they have even if they say they have?I suppose trying to send to and from that address could give an " almost sure" they have done but still not 100%
I suppose the good thing about there being a limitless number of unique email addresses out there is the ability to find a new one that hasn't been hacked in some way
Identity theft isn't a new phenomenon but is becoming more widespread and easier to do,or as it always been relatively easy but not talked about as much?

Edited by steve195527 (Sun 16-Dec-18 13:42:09)

Standard User jchamier
(eat-sleep-adslguide) Sun 16-Dec-18 13:51:25
Print Post

Re: Suspected personal information leak


[re: steve195527] [link to this post]
 
In reply to a post by steve195527:
how easy is it to get a 3rd party to do this ?

Easy with Office 365/Exchange Online. You configure the domain's MX records to point to Microsoft, and then on Microsoft's control panel you buy mailboxes per human being.

Then you assign addresses to the mailboxes, e.g. bill@domain.dom and sales@domain.dom and accounts@domain.dom goes to mailbox1. Anything not listed is rejected at the SMTP level, so no email flows.

If you accept everything *@domain.dom then you have to filter once you receive. This is wasteful as spam emails are getting larger and larger (in some cases tens of megabytes).

Many anti-spam researchers say there is no point in this, it just adds complexity for you. I can't find the research right now.

plusnet 80/20 (2/jun/14) at 470m - sync 19/Sep/18: 61,689 / 8,831 - G.INP & 3.0 dB SNRm
19 years of broadband, from 1999's ntl:cable modem trial - Live BQM
Standard User RobertoS
(elder) Sun 16-Dec-18 14:22:12
Print Post

Re: Suspected personal information leak


[re: jchamier] [link to this post]
 
Blacklisting at the server end is fine, but useless unless you also only allow specific email addresses that you have set up. I.e. have a White List.

That is far too much bother when you are handing out unique addresses to every supplier you deal with. To take it to its logical conclusion you also need to give a unique one to all your contacts.

Back to the Plusnet one though, the domain name is not a dictionary word. Which means to alight on me it needs to be effectively randomly generated as somebody posted. As well as the prefix to the @. Then, such a generator sending out spam to every address generated would surely be trapped somewhere on the net as being illegitimate? (Maybe not, but routers everywhere would be flooded).

Finally, in the UK the hacker would almost certainly initially append .co.uk. I do have that domain as well as the one this email came to. I would expect to have received this on the .co.uk version, not where I did.

Far too many coincidences. It has to have been leaked or the database hacked.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.
Standard User jchamier
(eat-sleep-adslguide) Sun 16-Dec-18 14:58:10
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
This is why those that run the mega-large mail systems suggest not worrying about giving different organisations specific email addresses. You will find large companies (e.g. BP, Intel etc) don't have catch all.

Its not white listing or black listing, its saying "my address is viz, seb@thinkbroadband" and not accepting anything else to that domain. Then handling spam to that address as a separate topic.

You are hypothesising that your address has been obtained by a leak. I am countering that no leak needs to have happened. (Not that it hasn't, just that use of your email doesn't prove cause).

Spammers can query DNS, and can look at WHOIS services - they can also generate addresses. They just flood the network until some deliver. They don't care about deliver-ability statistics, hence the problem of 'back scatter'.

plusnet 80/20 (2/jun/14) at 470m - sync 19/Sep/18: 61,689 / 8,831 - G.INP & 3.0 dB SNRm
19 years of broadband, from 1999's ntl:cable modem trial - Live BQM
Standard User RobertoS
(elder) Sun 16-Dec-18 17:24:29
Print Post

Re: Suspected personal information leak


[re: jchamier] [link to this post]
 
Too many coincidences, as I explained.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.
Standard User jchamier
(eat-sleep-adslguide) Sun 16-Dec-18 17:40:32
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
In reply to a post by RobertoS:
Too many coincidences, as I explained.

Then contact them, and maybe BT Security, and the ICO.
Probably worth letting your bank and credit card companies knowing you think your data has been leaked.

plusnet 80/20 (2/jun/14) at 470m - sync 19/Sep/18: 61,689 / 8,831 - G.INP & 3.0 dB SNRm
19 years of broadband, from 1999's ntl:cable modem trial - Live BQM
Standard User steve195527
(learned) Sun 16-Dec-18 17:50:10
Print Post

Re: Suspected personal information leak


[re: jchamier] [link to this post]
 
In reply to a post by jchamier:
In reply to a post by steve195527:
how easy is it to get a 3rd party to do this ?

Easy with Office 365/Exchange Online. You configure the domain's MX records to point to Microsoft, and then on Microsoft's control panel you buy mailboxes per human being.

Then you assign addresses to the mailboxes, e.g. bill@domain.dom and sales@domain.dom and accounts@domain.dom goes to mailbox1. Anything not listed is rejected at the SMTP level, so no email flows.

If you accept everything *@domain.dom then you have to filter once you receive. This is wasteful as spam emails are getting larger and larger (in some cases tens of megabytes).

Many anti-spam researchers say there is no point in this, it just adds complexity for you. I can't find the research right now.

That isn't what I meant,what I was meanining was if you say signed up with plusnet for example and they issued with or you chose an email address or a few email addresses and some of those got compromised how easy would be for you or I to get a company like Plusnet like plusnet to completely disable those email addresses,what obligation do they have to do so?In fact would that make any difference to the ability of the hacker sending emails pretending to be you or I?
I don't worry about spam I just rely on mailwasher to get rid of the [censored] I don't want before it gets to my pc

Edited by steve195527 (Sun 16-Dec-18 17:53:45)

Standard User jchamier
(eat-sleep-adslguide) Sun 16-Dec-18 17:59:00
Print Post

Re: Suspected personal information leak


[re: steve195527] [link to this post]
 
In reply to a post by steve195527:
That isn't what I meant,what I was meanining was if you say signed up with plusnet for example and they issued with or you chose an email address or a few email addresses and some of those got compromised how easy would be for you or I to get a company like Plusnet like plusnet to completely disable those email addresses,what obligation do they have to do so?


I don't know with PN as I don't use or pay for their email service. I would personally just stop using such an address, and use something else - and tell PN so they can block the junk on their mail server, stopping it affecting other users.

plusnet 80/20 (2/jun/14) at 470m - sync 19/Sep/18: 61,689 / 8,831 - G.INP & 3.0 dB SNRm
19 years of broadband, from 1999's ntl:cable modem trial - Live BQM
Standard User RobertoS
(elder) Sun 16-Dec-18 18:20:40
Print Post

Re: Suspected personal information leak


[re: steve195527] [link to this post]
 
Nobody should ever use an ISP-provided email address. It's always a PITA and an impediment to migrating. It is also the most likely email service to fail.

You need Gmail, Outlook (ex Hotmail) or best of all for flexibility paid-for email. Dirt cheap at under £2 per month and yours for life so long as you keep paying.

You never need to change it when you change ISP, and with all reputable companies have at least one domain and a huge number of email addresses based on that domain.

I have several domains for various reasons, some with Tsohost and some with Ionos (ex 1 & 1). Ionos may be the better of the two if you want websites as well as email. I also have two or three very private Gmail addresses used for seamlessness to sync my calendar and other things.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.

Edited by RobertoS (Sun 16-Dec-18 18:21:23)

Standard User steve195527
(learned) Sun 16-Dec-18 19:14:01
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
problem with gmail is it's a google company ,and if there is one company I think is the least trustworthy re keeping users data confidential/safe its anything google,even their OS still tracks folk physically and electronically even when they think they have turned off all the tracking in it
Standard User RobertoS
(elder) Sun 16-Dec-18 19:47:40
Print Post

Re: Suspected personal information leak


[re: steve195527] [link to this post]
 
I agree. I don't recommend it unless someone has a specific need outside their main email needs.

Your main email and any webspace you need should be via a cheap paid-for service as I explained. They are specialists and have huge backup and security systems.

ISPs used to provide email and a tiny bit of webspace free decades ago, but it always was just a marketing tool. Nowadays it is just a legacy product and a sideline.

Some ISPs allow you to keep an address you have with them if you migrate away, often charging a ridiculously high amount per month. Others don't let you.

Have you ever had the hassle of migrating your broadband and having to let all your contacts know, and change all shop accounts and suchlike inside a day or two? Inevitably missing some.

Do it once to your own domain and change over at leisure. Start sending from the new one, and listen on new and the ISP mail. Within a few days all your main email will be coming to your new one and you can safely migrate away from the ISP without losing any emails or sleep.

You never have to do it again.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.

Edited by RobertoS (Sun 16-Dec-18 19:48:15)

Standard User scopio
(committed) Mon 17-Dec-18 00:08:00
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
I have in the past couple of days received first an email held by PlusNet pertaining to be from Amazon that a gift card for the value of $250.00 was ordered and sent to and they link an email address and links to Amazon to confirm and check the transaction. I of course deleted the email and the logged in to my Amazon account to check my orders and nothing about this transaction appears on my account.
Today I received two more emails again pertaining to be from Amazon stating that the Gift card has been sent to an email and another email stating that it has been cashed. I of course deleted the emails just as before.
Checking on https://haveibeenpwned.com/ it says the same as for kasg
“Onliner Spambot (spam list): In August 2017, a spambot by the name of Onliner Spambot was identified by security researcher Benkow mo&#670;u&#398;q. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords.”

PC Full Tower - Self Build OS Windows 10 64bit Laptop Dell Inspiron 1545 - OS Windows 8.1 Home Premium 32bit Stardock8
ISP was O2 All Rounder now PlusNet Unlimited Broadband SamKnows Whitebox connected on 14:02:2013
http://www.thinkbroadband.com/speedtest/button/13669...
http://speedtest.net/result/2668600210.png
Standard User jelv
(knowledge is power) Mon 17-Dec-18 10:23:17
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
I have a couple of active email addresses that have only ever been used for the Plusnet portal and community. Neither show up at https://haveibeenpwned.com/

jelv

AAISP November 2016
(Previous ISP Plusnet November 2001 to October 2016) Why I left Plusnet
Telephone rental: Pulse8
Standard User ambrougham
(newbie) Mon 17-Dec-18 11:16:16
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
Still ( rather stupidly :rolleyes: ) a customer but I'm not seeing any evidence of a shiny new leak of PN held personal data. Just the continued abuse of data hacked from insecure and out of date webmail systems in May 2007 and the subsequent leaks including those that PN claim never happened of course. Nothing apparently recent though ... famous last words and all that !

No shortage of the usual abuse to leaked and random addresses in general. Numerous e-mails of the bitcoin/malware/video form described here sent to addresses that only PN were party to several years ago. Also a surge in Polish and Russian language spam sent to addresses hacked from PUG via a PN data leak occurring long after the 2007 hack when all personal data had been changed. Not seen any acid-related messages so far though.

Interestingly, https://haveibeenpwned.com/ reports "Good news — no pwnage found" for some addresses that were definitely leaked donkey's years ago and are receiving abuse.

Edited by ambrougham (Mon 17-Dec-18 11:28:36)

Standard User RobertoS
(elder) Mon 17-Dec-18 12:01:28
Print Post

Re: Suspected personal information leak


[re: ambrougham] [link to this post]
 
Thanks jelv and ambrougham. Two encouraging posts, from different aspects.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.
Standard User caffn8me
(eat-sleep-adslguide) Mon 17-Dec-18 12:15:38
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
It seems that there has been a Plusnet data breach affecting some customers and it related to their billing systems;

Plusnet customers peeped others' deets during system upgrade

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User RobertoS
(elder) Mon 17-Dec-18 12:51:28
Print Post

Re: Suspected personal information leak


[re: caffn8me] [link to this post]
 
Thanks Sarah. That's a possibility. I expect my details were still present although I left in August 2015.

Even if they weren't transferred to the new system a leak like that could still have disclosed them, and they may be keeping them for seven years anyway.

Though it would add another coincidence. That a Plusnet customer is involved in some way in the scam.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.
Standard User XRaySpeX
(eat-sleep-adslguide) Mon 17-Dec-18 13:37:56
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
I get no spam to my unlimited email addy paid-for domain but when I was with Freeserve I had an unlimited email addy sub-domain of theirs & got a fair amount of spam to my unique email addys that I gave to various online sites like insurance, comparison sites, …

Once I started receiving spam to a particular email addy of mine, I just coded a filter into my mail client using 2 rules for each occurrence (using your case here):
  1. If To: or CC: == Your email addy given to PN Then Continue to next rule.
  2. If From: != PN's domain Then Delete from Server.
Thus never even seeing further spam.

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC

Edited by XRaySpeX (Mon 17-Dec-18 13:52:32)

Standard User jabuzzard
(member) Mon 17-Dec-18 16:59:42
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
In reply to a post by RobertoS:
My email address used is one I provided to Plusnet on signup to notify me of upcoming Direct Debits and such. Also used for the Community forums. It is unique to Plusnet and never provided to any other contact.


There is the possibility that it was harvested while in transit at some point. Seen that happen.

Also the little f"£$^ers guess stuff, so plusnet@mydomain.com is tried randomly just in case it might work.
Standard User jabuzzard
(member) Mon 17-Dec-18 17:20:00
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
Nope. At some point that email was used to send you an email. That email most likely went through a server that was not controlled by either you or plusnet. If that server was compromised then your email address could have been harvested. It could also have been compromised from a plusnet email relay without any other details being compromised.
Standard User RobertoS
(elder) Mon 17-Dec-18 18:35:17
Print Post

Re: Suspected personal information leak


[re: XRaySpeX] [link to this post]
 
Blocking that, or any specific, email address isn't the point of this thread. Nor is it difficult - I am not clueless.

It is the fact that my home address may also have been obtained, and the threat of an acid attack with a demand for several thousand dollars in bitcoin is rather more serious that the usual ransomware.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.
Standard User RobertoS
(elder) Mon 17-Dec-18 18:36:29
Print Post

Re: Suspected personal information leak


[re: jabuzzard] [link to this post]
 
In reply to a post by jabuzzard:
Also the little f"£$^ers guess stuff, so plusnet@mydomain.com is tried randomly just in case it might work.
I am not that stupid. As explained above.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.
Standard User jchamier
(eat-sleep-adslguide) Mon 17-Dec-18 18:48:39
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
In reply to a post by RobertoS:
It is the fact that my home address may also have been obtained, and the threat of an acid attack with a demand for several thousand dollars in bitcoin is rather more serious that the usual ransomware.

One to report to your local constabulary.

plusnet 80/20 (2/jun/14) at 470m - sync 19/Sep/18: 61,689 / 8,831 - G.INP & 3.0 dB SNRm
19 years of broadband, from 1999's ntl:cable modem trial - Live BQM
Standard User sneekyhen
(learned) Mon 17-Dec-18 18:48:55
Print Post

Re: Suspected personal information leak


[re: RobertoS] [link to this post]
 
Funnily enough Plusnet are changing their Email from POP to IMAP ? https://community.plus.net/t5/Service-Information/We...
Standard User kasg
(knowledge is power) Mon 17-Dec-18 18:58:24
Print Post

Re: Suspected personal information leak


[re: jabuzzard] [link to this post]
 
In reply to a post by jabuzzard:
Nope. At some point that email was used to send you an email. That email most likely went through a server that was not controlled by either you or plusnet. If that server was compromised then your email address could have been harvested. It could also have been compromised from a plusnet email relay without any other details being compromised.

I think that is far more likely than a Plusnet data breach. The majority of spam I get I believe is due to email addresses having got out "into the wild" in transit rather than through a data breach.

Kevin

plusnet Unlimited Fibre Extra - sync 79999/20000 at around 450m - BQM
Using OpenDNS
Domains and web hosting with TSOHOST
Standard User longedge
(committed) Mon 17-Dec-18 19:15:25
Print Post

Re: Suspected personal information leak


[re: sneekyhen] [link to this post]
 
In reply to a post by sneekyhen:
Plusnet are changing their Email from POP to IMAP

Where does it say that? I can see they're going to prevent people from using their own email servers but no mention of POP3/IMAP. Am I looking and simply not seeing (again)?

Edited by longedge (Mon 17-Dec-18 19:16:42)

Standard User kasg
(knowledge is power) Mon 17-Dec-18 19:41:57
Print Post

Re: Suspected personal information leak


[re: longedge] [link to this post]
 
In reply to a post by longedge:
In reply to a post by sneekyhen:
Plusnet are changing their Email from POP to IMAP

Where does it say that?

It doesn't. The linked post clearly states you can continue to use POP3 or IMAP.

Kevin

plusnet Unlimited Fibre Extra - sync 79999/20000 at around 450m - BQM
Using OpenDNS
Domains and web hosting with TSOHOST

Edited by kasg (Mon 17-Dec-18 19:43:28)

Standard User jelv
(knowledge is power) Mon 17-Dec-18 20:29:17
Print Post

Re: Suspected personal information leak


[re: sneekyhen] [link to this post]
 
They've supported both POP3 and IMAP for probably 15 years or more! Nowhere does it suggest that is changing.

I'm guessing from the post that they will be introducing SPF records.

Edit: That is what they are doing - see https://community.plus.net/t5/Email/We-re-making-cha...

It won't affect anyone using their own domain - only xyz@username.plus.com etc

jelv

AAISP November 2016
(Previous ISP Plusnet November 2001 to October 2016) Why I left Plusnet
Telephone rental: Pulse8

Edited by jelv (Mon 17-Dec-18 20:34:01)

Standard User sneekyhen
(learned) Tue 18-Dec-18 07:27:51
Print Post

Re: Suspected personal information leak


[re: jelv] [link to this post]
 
Sorry my mistake i misread the link frown
Standard User TinyMongomery
(eat-sleep-adslguide) Tue 18-Dec-18 08:04:37
Print Post

Re: Suspected personal information leak


[re: jchamier] [link to this post]
 
There are millions of similar spam emails. The only harm they do is the noise created by people discussing them. Just use a decent mail filter and you can forget about them.

The only thing we have to fear is fear itself.

--------------------------------------------------------------------------
Everyone is entitled to his own opinions, but not to his own facts.
Standard User jchamier
(eat-sleep-adslguide) Tue 18-Dec-18 08:59:16
Print Post

Re: Suspected personal information leak


[re: TinyMongomery] [link to this post]
 
In reply to a post by TinyMongomery:
There are millions of similar spam emails. The only harm they do is the noise created by people discussing them. Just use a decent mail filter and you can forget about them.

Exactly, a server side filter, so you don't have to download is even better. The "big boys" of email (Google, Yahoo, Microsoft) have some great filters due to their scale.

plusnet 80/20 (2/jun/14) at 470m - sync 19/Sep/18: 61,689 / 8,831 - G.INP & 3.0 dB SNRm
19 years of broadband, from 1999's ntl:cable modem trial - Live BQM
Standard User sheephouse
(member) Tue 18-Dec-18 11:13:02
Print Post

Re: Suspected personal information leak


[re: jelv] [link to this post]
 
I find it amazing that an ISP of Plusnet's size hasn't been using SPF records before now. No wonder people report problems with e-mail not being delivered to some domains!
Standard User jelv
(knowledge is power) Tue 18-Dec-18 11:59:31
Print Post

Re: Suspected personal information leak


[re: sheephouse] [link to this post]
 
I won't ask you for your thoughts on them only supporting no connection security (sending and receiving) with plain text passwords.

jelv

AAISP November 2016
(Previous ISP Plusnet November 2001 to October 2016) Why I left Plusnet
Telephone rental: Pulse8
Standard User Oliver341
(eat-sleep-adslguide) Tue 18-Dec-18 13:12:01
Print Post

Re: Suspected personal information leak


[re: sheephouse] [link to this post]
 
In reply to a post by sheephouse:
I find it amazing that an ISP of Plusnet's size hasn't been using SPF records before now.

Not nearly as amazing as the fact that they STILL have not implemented SSL on POP/IMAP.

Edit: as jelv says.

Oliver.

Edited by Oliver341 (Tue 18-Dec-18 13:12:40)

Standard User jabuzzard
(member) Tue 18-Dec-18 13:41:31
Print Post

Re: Suspected personal information leak


[re: steve195527] [link to this post]
 
In reply to a post by steve195527:
[
That isn't what I meant,what I was meanining was if you say signed up with plusnet for example and they issued with or you chose an email address or a few email addresses and some of those got compromised how easy would be for you or I to get a company like Plusnet like plusnet to completely disable those email addresses,what obligation do they have to do so?In fact would that make any difference to the ability of the hacker sending emails pretending to be you or I?
[/quote]

Easy you just assign that email address to a new box rather than say the catch all and then ignore it. Or alternatively log on and issue a delete every now and then.
Pages in this thread: 1 | 2 | 3 | 4 | 5 | (show all)   Print Thread

Jump to