Daniel

Apology to our members, iContact got hacked

About a week ago one of our members came to us and reported that he was suddenly getting spammed on an account that he had only ever used for our site.

We started doing some looking but as it was "only one" we figured that it was most likely something on their end.

Then the second one came in. And another.

All these customers were rather unhappy. Which is completely understandable. I would be angry too if a site was giving away my email address or not looking after their security enough that it was compromised.

More than two reports means that something is more than likely wrong at our end, so we started scouring our server for possible issues, fearing that had been hacked.

We spent a few days pouring over server logs, doing file comparisons between the copy of our site on the server and vanilla installations of Joomla and installed components looking for traces of a hacker.

We read seemingly endless security reports looking for any related to our installed versions of extensions.

After several sleepless nights and a lot of hair-pulling, we still couldn't find out how they got in and got increasingly stressed. If we had been hacked, that is one thing, but if we can't find them or stop them then we are more than just hacked, we are sunk.

Just as our panic was reaching a fever pitch we found the leak. iContact, who hosts our Ninja Mail mailing list, was hacked a couple of weeks ago, and their mailing lists were compromised.

Firstly, thanks for letting us know iContact that you handed our private member's data out!

As a result we have canceled our account at iContact and we sincerely apologize from the bottom of our hearts to our members for any inconvenience this has caused.

Luckily though, no user passwords or accounts were compromised, simply email addresses.

If it makes you feel any better, all the NF staff are also getting more spam too as a result.... :'(

If you have a list at iContact, then I suggest that you notify your subscribers that their details have likely been passed onto spammers. (and try out Mail Chimp instead)

Comment from: Brian Teeman [Visitor] · http://brian.teeman.net
I wonder if any of these services are secure. Aweber, icontact and campaignmonitor have all been hacked in the last few months http://brian.teeman.net/internet-applications/who-do-you-trust-with-your-email.html
17/02/10 @ 16:01
Comment from: David-Andrew [Visitor] Email · http://www.chillcreations.com
I feel sorry for you guys! We known you are honest so it sucks to see you getting a bad name because a service provider got hacked. Hope this blows over quickly and Mail Chimp is more secure for you!
18/02/10 @ 01:14
Comment from: Dan [Visitor] · http://www.newlocalmedia.com
*****
Good work and not your fault! Who are you using for mass mail now? iContact is now off my list.
25/02/10 @ 19:26
Comment from: JAnne [Visitor] · http://thesimplehomeschool.com
Looks like I canceld iContact just in time. I had them for over a year and the service got steadily worse each month.
28/03/10 @ 21:57

This post has 2 feedbacks awaiting moderation...

Leave a comment


Your email address will not be revealed on this site.

Your URL will be displayed.
PoorExcellent
(Line breaks become <br />)
(Name, email & website)
(Allow users to contact you through a message form (your email will not be revealed.)
« Ninjaboard Beta5 On The HorizonNinjaboard Public Alpha released »