Plusnet data leak?

I have just received an email advertising:- Heavily discounted, fully tenanted Doncaster city centre apartments from 90,000 pounds

It has come from an email address on one of my domains, with the part before the @ uniquely issued to and used on my Plusnet account for sending emails to me.

I migrated from Plusnet to AAISP several years ago.

Are you sure it came from a PlusNet server rather than from a spoofed address? I get lots of emails from my email addresses but they do not come from my email server. If it didn't come from a PlusNet server and you have ever used that email address before then it is likely the "leak" was from somewhere else - ie one of the services that had your email address. You can put the email address in https://haveibeenpwned.com/ and see if it has been added to any leaked email address lists.

In reply to a post by RobertoS:

I have just received an email advertising:- Heavily discounted, fully tenanted Doncaster city centre apartments from 90,000 pounds

It has come from an email address on one of my domains, with the part before the @ uniquely issued to and used on my Plusnet account for sending emails to me.

I migrated from Plusnet to AAISP several years ago.

All I can say is don't buy, there are no nice apartments in Doncaster for that price

I don't think he's saying that the email was sent by plusnet but that it was sent to a unique email address which should only be known and used by plusnet. I do the same thing - I use the format [email protected] for every company I deal with and have had the same thing happen multiple times. Often it's a rogue employee (often in call centres) selling contact details but occasionally it will be a hack and leak/dump of data.
I've found responses hard to get from most companies - I wish I could name and shame as some companies were superb in engaging and others were utterly abysmal and in denial (one international company were fined for a massive data leak in 2017 but I'd had issues with them over a decade beforehand and they were not interested in any proof or any help I offered whereas another UK pc supplier held daily calls with me for a fortnight even after I'd given them all I could, they still wanted to update me, getting me to liaise with the Incident Response team they brought in and I couldn't fault their investigation or response)

Do try to see if you can track the sender (use something like https://whatismyipaddress.com/trace-email) but it'll probably just be a gmail account. Any info you can gather will help

It is worth alerting the cybersecurity team in Plusnet but also the DPO (snail mail only ironically);
FAO: The Data Protection Officer
Plusnet Plc
The Balance
2 Pinfold Street
Sheffield
S1 2GU

If you can't get any link to the security team from their website or forums then look on linkedin - I usually find that if I politely approach people that way and ask to be directed to the right person to discuss a potential breach I get a reasonable response.

Also factor in that this may not have been Plusnet at all. It could have also been any service in between i.e your email provider.

They will have logs of who you send mail to and receive mail from and a leak could have been from there also.

Matt

I don't think he's saying that the email was sent by plusnet but that it was sent to a unique email address which should only be known and used by plusnet.

OK, re-reading it I think you are right.

However, putting the address on haveibeenpwned would show if it has been part of a known data leak and what that leak was.

Thanks Jenny. Exactly as you say, except it was a bit more complex than "company name". That would be a fairly simple one for a scammer or whatever to experiment with.

I'll do some checks later.

I have sneaking feeling/memory that there was a publicised Plusnet leak a few years ago.

It isn't an address that I ever emailed or replied to either. The sign-up/login type.

That's a good point Matt, but I think unlikely in this case. Otherwise I would expect similar to have happened on several domains through the same mail host, over several decades.

I do the same thing, use a unique bit before the @ as I have my own domain for email. I've had numerous leaks as well, a couple of times it has been companies long since closed, then all of a sudden emails start coming in to the email address. I assume in these cases some hardware has been found and spun up and data has then been extracted.

I've tried contacting companies and letting them know and I've never been able to get any of them to take any interest and its usually denials so now just don't bother.

It's become much less of a problem in recent years though for me, I can't remember the last time an email address that was unique to me has started getting spammed so companies seem to be taking it more seriously.

The adobe hack in 2013 I still get emails to this day, I never see them in my inbox though as the email address is black listed, but just see them now and again if I'm checking in the trash for something. Once hacked those emails seem to keep on coming.

I have had Linkedin leak an email address I used as part of their big data loss.

Also, Curse (gaming add-ons), Gotowebinar, IWOOT and William Hill have all had unique addresses that are now used for spam. I don't know if it was because they had a data breach or another means but it seems to happen a lot. Only Linkedin and William Hill show up on haveibeenpwned as being spotted in dark web lists so not sure why the others get spam.