Friday, April 15, 2011

Epsilon security breaches

I received at least four notifications from various companies that have my personal information, notifying me that my email address and potentially other information had been exposed to an unauthorized third party as a result of a security breach at their marketing partner, Epsilon. All being the same format and verbiage. Telling me that Epsilon legal was potentially the source for the text.

This breach might have some people ask themselves: So why would someone steal email addresses? This breach seem to be just the first step in a much larger scheme. Back in 2008 PWC's job web site was breached, stealing thousands of email addresses and passwords. Initially nobody could understand why someone would go after such a site till cases of Paypal attacks surfaced and got connected to the PWC case. The individuals that had gained access to the emails and passwords were using them to access sites like Paypal, exploiting the fact that we all like to re-use passwords.

Read the official Epsilon press release

1SSA - Security Consulting, Training and Products