[ale] OT(ish) Sold or stolen?

Alex Carver agcarver+ale at acarver.net
Tue Sep 2 21:49:26 EDT 2014 

I agree. :)  I just want to really know from them whether they sold it
(against their claims that they don't sell that particular information)
or they have a bigger problem on their hands.

But boy did they fight to try and point the finger anywhere but themselves.

On 2014-09-02 18:46, Jim Kinney wrote:
> Sounds "leaked" to me. 
> 
> On September 2, 2014 9:42:29 PM EDT, Alex Carver <agcarver+ale at acarver.net> wrote:
>> I did change the alias at AT&T to a newly generated one.  I have
>> several
>> dozen other aliases on the server and none of them are being hit with
>> attempts.  All the activity is confined to that single alias I had
>> given
>> to AT&T.  I'm certain nothing has happened to my server, already triple
>> checked all the logs just in case and there is nothing out of the
>> ordinary beyond the increased attempts to use that particular email
>> alias.
>>
>> On 2014-09-02 18:28, Jim Kinney wrote:
>>> The timing is suspicious but it very well could be just a
>> coincidence.
>>> Create a few more random name accounts on the same server, don't give
>> those
>>> out and watch for a few days for activity.
>>>
>>>
>>> On Tue, Sep 2, 2014 at 8:37 PM, Alex Carver
>> <agcarver+ale at acarver.net>
>>> wrote:
>>>
>>>> I have cell service with AT&T and, in their section of the account
>> for
>>>> handling billing information, there's a spot to add an email address
>> for
>>>> billing notifications.  I have long ago opted out of all marketing
>>>> options offered and for many years didn't get much except notices
>> the
>>>> bill is due.
>>>>
>>>> Two years ago I decided to give them a new email address which was a
>>>> randomly generated alias at my domain and hosted on my own server. 
>> I
>>>> had done that with several other companies (bank, credit card,
>> etc.),
>>>> just hadn't gotten around to AT&T yet.
>>>>
>>>> Two years and all was fine.  A few days ago, I suddenly start
>> receiving
>>>> tons of spam attempts (usually blocked by an RBL) and connection
>>>> attempts on my server.  I always have the exim logs showing on my
>>>> screen, I can see emails coming in as it happens including the
>> failures.
>>>>  This was the first time that any of my random aliases were used by
>>>> someone other than the company that has it.  Until this point no one
>>>> tried these addresses because they weren't advertised anywhere by
>> any
>>>> mechanism.
>>>>
>>>> I never gave anyone else that particular alias, I don't use it as a
>>>> username for my online account access, it's not stored in my phone
>> or on
>>>> any address books, and I don't send email from it (receive only
>> alias).
>>>>
>>>> I've already called their fraud department who proceeded to spend 40
>>>> minutes on the phone with me using various levels of technical
>> jargon
>>>> plus pointing fingers to shift the blame away from them (at one
>> point
>>>> they actually said "A third party must have your email address.")
>>>>
>>>> Do you think it was sold and they got caught with their hand in the
>>>> cookie jar or stolen and they don't know there's a breach in
>> progress?
>>>>
>>>> Aside from the fraud group which has advised me that they are
>> opening an
>>>> investigation (maybe) would you suggest I talk to anyone else?
>>>>
>>>>
>>>> Exim's logs show attempts coming in from a vast array of countries
>>>> including Italy, Canada, Switzerland, Brazil, Romania, Argentina,
>>>> Bulgaria, Portugal, Serbia, Germany, Austria, Israel, India, Turkey,
>>>> Spain, Croatia, Venezuela, Columbia, Poland, Iraq (by way of Al
>>>> Jazeera's servers of all things) and quite a few servers within the
>> US
>>>> plus many, many more that I didn't spend time looking up just yet.
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
> 
> --
> Jim Kinney
> Linux Systems Analyst
> Physicist/Brewer
> http://jimkinney.us
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mail.ale.org/pipermail/ale/attachments/20140902/26f95802/attachment.html>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> 
>

More information about the Ale mailing list