Has Spark's Xtra email provider been hacked?

Forums › Spark New Zealand › Has Spark's Xtra email provider been hacked?

res

13 posts

Geek
+1 received by user: 3

# 249045 22-Apr-2019 13:32

Hi all,

In the last few days I've noted that similar themed junk/scam mail started arriving not just on my base xtra email address but also on all 5 of its alias addresses.

I don't believe that it is my account that has been hacked, it has a reasonably strong password, and there are no signs of unexpected activity there.

Curiously, one of the aliases is not guessable and has not been used, while another was created soley to log on to a single web site.

A web search didn't find any news items about any Xtra breach,but I'm still thinking someone has got a very complete list of Xtra addresses, but not passwords.

So have any others seen spam just start arriving on what should be unknown Xtra aliases?

Cheers,

res

hio77

'That VDSL Cat'
10507 posts

Uber Geek
+1 received by user: 2527

Trusted

Spark

Subscriber

# 2222170 22-Apr-2019 13:41

No it hasn't..
If your concerned, I'd change your password and check if any forwarders have been added.

It's more likely your accounts have traveled past a database which has leaked emails or another person's email account that has been accessed and scraped for potentional victims. Could very well be just pure coincidence that it's come to all your addresses.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

sbiddle

27989 posts

Uber Geek
+1 received by user: 7470

Moderator

Trusted

Biddle Corp

Lifetime subscriber

# 2222172 22-Apr-2019 13:45

One person supports this post

Out of curiosity have you tried the email addresses on haveibeenpwned?

res

13 posts

Geek
+1 received by user: 3

# 2222543 23-Apr-2019 09:40

hio77: No it hasn't..
If your concerned, I'd change your password and check if any forwarders have been added.

It's more likely your accounts have traveled past a database which has leaked emails or another person's email account that has been accessed and scraped for potentional victims. Could very well be just pure coincidence that it's come to all your addresses.

There's the issue though. How does an alias I haven't used get scraped from someone else's address-book? And I've already checked my account looking for forwarders or any signs of entry and could see nothing.

To me there only seem two options - I've been hacked despite complex password, or the email service has been (memories of Yahoo come flooding back!). I don't see how I can rule out either?

res

13 posts

Geek
+1 received by user: 3

# 2222544 23-Apr-2019 09:42

sbiddle:

Out of curiosity have you tried the email addresses on haveibeenpwned?

I'm always reluctant to use these services, since they are a risk also, but I did run two of the addresses through it. One was a hit, the other was not found.

freitasm

BDFL - Memuneh
63912 posts

Uber Geek
+1 received by user: 14377

Administrator

Trusted

Geekzone

Lifetime subscriber

# 2222547 23-Apr-2019 09:46

3 people support this post

That service is certainly not a risk.

Sharesies investment funds | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Honeyminer (1000 Satoshi signup bonus)

My technology disclosure | Digital Transformation | Enterprise Content Management | Customer Relationship Management | Data Insights, Business Intelligence and Advanced Analytics

chevrolux

4082 posts

Uber Geek
+1 received by user: 1768

Subscriber

# 2222584 23-Apr-2019 09:54

One person supports this post

I would of thought all the xtra addresses were totally screwed (in terms of being on every spammer's mail list) from the Yahoo breaches.

Why anyone still uses them is beyond me... but that's been discussed on here too many times to count so back to the OP.

hio77

'That VDSL Cat'
10507 posts

Uber Geek
+1 received by user: 2527

Trusted

Spark

Subscriber

# 2222589 23-Apr-2019 10:38

res:

There's the issue though. How does an alias I haven't used get scraped from someone else's address-book? And I've already checked my account looking for forwarders or any signs of entry and could see nothing.

So your account sounds good, Great news.

Unfortunately it's always possible that someone has their password set to "password" and they happen to be someone you have emailed with.

I'm not saying this IS how you would have gotten on a list, but it's a perfectly valid Vector, it might even be that they arent an xtramail customer at all.

As others have mentioned i'd give the email a check on haveibeenpwned. That will tell you if you were on any known leaks.

I'm in disbelief that you would have an alias setup that has been spammed without being a known address out there...

I've gone and logged into my xtramail test account which has one alias. I've used this on exactly 4 different addreses overtime, My work email, one customer's email to validate an issue (which was then fixed) and my other two personal accounts.

Going back a full year, this account has had 1 email ever. that was when i reset the password.

I've also validated on the back-end that it's not just spam was being caught before the inbox, it literally has nothing.

Based on that, I'd say i can quantify my disbelief with validation that there has been no leaked addresses.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

LesF

171 posts

Master Geek
+1 received by user: 26

# 2222590 23-Apr-2019 10:38

One person supports this post

I have had my xtra email address seemingly forever and I would like to keep it, even tho Yahoo made a mess of things. It's a nostalgia thing, I first used it over a dial-up modem.

Recently I made a big mistake signing up for a discount card at a local supermarket, in that I trusted them and gave my xtra address.

Almost immediately (in the biggest coincidence I have ever seen) I started receiving emails claiming to be from that same supermarket chain, offering me $$ for surveys, $$ in coupons just because "you have been chosen" and other obviously fake phishing type offers. Then they started faking every other large retailer in the North Island, with exactly the same scams, from the same sender addresses.

I complained to the supermarket company which appeared to have triggered this but they denied everything, they would never give my email address away! My suspicion is somebody saw a quick way to make some cash by selling off email lists, but there is no way to prove such things so the company in question will remain nameless.

The spammer is using a set of templates which they insert local retailer names and logos into, they also seem to prefer compromised email relays as they are often sending from NZ companies. This spam has been nearly constant for many months now and it doesn't look like it will stop. Sadly the xtra spam filters (if they exist) cannot pick the obvious similarities in these bulk mailouts.

Technofreak

3181 posts

Uber Geek
+1 received by user: 698

Trusted

# 2222591 23-Apr-2019 10:40

chevrolux:

I would of thought all the xtra addresses were totally screwed (in terms of being on every spammer's mail list) from the Yahoo breaches.

Why anyone still uses them is beyond me... but that's been discussed on here too many times to count so back to the OP.

I don't understand the "hate" you seem to have on Xtra. Their problems were caused by a mainstream provider, which they ditched. My personal experience with Xtra has been pretty damn good. I certainly prefer them to the intrusiveness of the likes of Google and Gmail.

Sony Xperia X running Sailfish OS. https://sailfishos.org The true independent open source mobile OS
Samsung Galaxy Tab S3
Nokia N1
Dell Inspiron 14z i5

hio77

'That VDSL Cat'
10507 posts

Uber Geek
+1 received by user: 2527

Trusted

Spark

Subscriber

# 2222592 23-Apr-2019 10:41

One person supports this post

LesF:

The spammer is using a set of templates which they insert local retailer names and logos into, they also seem to prefer compromised email relays as they are often sending from NZ companies. This spam has been nearly constant for many months now and it doesn't look like it will stop. Sadly the xtra spam filters (if they exist) cannot pick the obvious similarities in these bulk mailouts.

i can confirm they do exist.

the last little while has been very heavy with spam.

The thing that everyone isnt aware of is, while some does get through. there is a far greater quantity that is filtered out before it even hits the platform.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

technico

6 posts

Wannabe Geek

# 2222732 23-Apr-2019 15:55

I'm in disbelief that you would have an alias setup that has been spammed without being a known address out there...

I've had my stem email address plus two UNUSED aliases also spammed - same as the OP.
Have checked on haveibeenpwned - all 3 are clear.

I run a tight ship as far as security goes - something badly wrong here.
Who is the bolt-on NZ email provider?

dfnt

defiant
900 posts

Ultimate Geek
+1 received by user: 491

Lifetime subscriber

# 2222739 23-Apr-2019 16:13

2 people support this post

How unique are these aliases though, a spammer doesn't just use known email addresses.. they'll use dictionary based names for recipient names as a shotgun approach

hio77

'That VDSL Cat'
10507 posts

Uber Geek
+1 received by user: 2527

Trusted

Spark

Subscriber

# 2222744 23-Apr-2019 16:48

One person supports this post

dfnt:

How unique are these aliases though, a spammer doesn't just use known email addresses.. they'll use dictionary based names for recipient names as a shotgun approach

Exactly this.

I'm yet to see any evidence that confirms the opinions shared.

Please, feel free to DM me examples and i'll give the box a shake see if any gems of information fall out..

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

MadEngineer

1862 posts

Uber Geek
+1 received by user: 548

# 2222793 23-Apr-2019 18:41

LesF:
I have had my xtra email address seemingly forever and I would like to keep it, even tho Yahoo made a mess of things. It's a nostalgia thing, I first used it over a dial-up modem.

Recently I made a big mistake signing up for a discount card at a local supermarket, in that I trusted them and gave my xtra address.

Almost immediately (in the biggest coincidence I have ever seen) I started receiving emails claiming to be from that same supermarket chain, offering me $$ for surveys, $$ in coupons just because "you have been chosen" and other obviously fake phishing type offers. Then they started faking every other large retailer in the North Island, with exactly the same scams, from the same sender addresses.

I complained to the supermarket company which appeared to have triggered this but they denied everything, they would never give my email address away! My suspicion is somebody saw a quick way to make some cash by selling off email lists, but there is no way to prove such things so the company in question will remain nameless.

The spammer is using a set of templates which they insert local retailer names and logos into, they also seem to prefer compromised email relays as they are often sending from NZ companies. This spam has been nearly constant for many months now and it doesn't look like it will stop. Sadly the xtra spam filters (if they exist) cannot pick the obvious similarities in these bulk mailouts.

do you still have a copy of the t&c of that sign up?

technico

6 posts

Wannabe Geek

# 2223111 24-Apr-2019 10:28

hio77:

dfnt:

How unique are these aliases though, a spammer doesn't just use known email addresses.. they'll use dictionary based names for recipient names as a shotgun approach

Exactly this.

I'm yet to see any evidence that confirms the opinions shared.

Please, feel free to DM me examples and i'll give the box a shake see if any gems of information fall out..

Although there are no degrees of 'unique', I can say you would sit until cobwebs engulfed you trying to discover the aliases, even with the best dictionary attack tools.
Now, spam from the same Chinese (?) loan provider (?) has appeared on 4 aliases, 3 with same timestamp and template.