[ale] OT(ish) Sold or stolen?

Jim Kinney jkinney at jimkinney.us
Tue Sep 2 21:46:44 EDT 2014


Sounds "leaked" to me. 

On September 2, 2014 9:42:29 PM EDT, Alex Carver <agcarver+ale at acarver.net> wrote:
>I did change the alias at AT&T to a newly generated one.  I have
>several
>dozen other aliases on the server and none of them are being hit with
>attempts.  All the activity is confined to that single alias I had
>given
>to AT&T.  I'm certain nothing has happened to my server, already triple
>checked all the logs just in case and there is nothing out of the
>ordinary beyond the increased attempts to use that particular email
>alias.
>
>On 2014-09-02 18:28, Jim Kinney wrote:
>> The timing is suspicious but it very well could be just a
>coincidence.
>> Create a few more random name accounts on the same server, don't give
>those
>> out and watch for a few days for activity.
>> 
>> 
>> On Tue, Sep 2, 2014 at 8:37 PM, Alex Carver
><agcarver+ale at acarver.net>
>> wrote:
>> 
>>> I have cell service with AT&T and, in their section of the account
>for
>>> handling billing information, there's a spot to add an email address
>for
>>> billing notifications.  I have long ago opted out of all marketing
>>> options offered and for many years didn't get much except notices
>the
>>> bill is due.
>>>
>>> Two years ago I decided to give them a new email address which was a
>>> randomly generated alias at my domain and hosted on my own server. 
>I
>>> had done that with several other companies (bank, credit card,
>etc.),
>>> just hadn't gotten around to AT&T yet.
>>>
>>> Two years and all was fine.  A few days ago, I suddenly start
>receiving
>>> tons of spam attempts (usually blocked by an RBL) and connection
>>> attempts on my server.  I always have the exim logs showing on my
>>> screen, I can see emails coming in as it happens including the
>failures.
>>>  This was the first time that any of my random aliases were used by
>>> someone other than the company that has it.  Until this point no one
>>> tried these addresses because they weren't advertised anywhere by
>any
>>> mechanism.
>>>
>>> I never gave anyone else that particular alias, I don't use it as a
>>> username for my online account access, it's not stored in my phone
>or on
>>> any address books, and I don't send email from it (receive only
>alias).
>>>
>>> I've already called their fraud department who proceeded to spend 40
>>> minutes on the phone with me using various levels of technical
>jargon
>>> plus pointing fingers to shift the blame away from them (at one
>point
>>> they actually said "A third party must have your email address.")
>>>
>>> Do you think it was sold and they got caught with their hand in the
>>> cookie jar or stolen and they don't know there's a breach in
>progress?
>>>
>>> Aside from the fraud group which has advised me that they are
>opening an
>>> investigation (maybe) would you suggest I talk to anyone else?
>>>
>>>
>>> Exim's logs show attempts coming in from a vast array of countries
>>> including Italy, Canada, Switzerland, Brazil, Romania, Argentina,
>>> Bulgaria, Portugal, Serbia, Germany, Austria, Israel, India, Turkey,
>>> Spain, Croatia, Venezuela, Columbia, Poland, Iraq (by way of Al
>>> Jazeera's servers of all things) and quite a few servers within the
>US
>>> plus many, many more that I didn't spend time looking up just yet.
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://mail.ale.org/mailman/listinfo/ale
>See JOBS, ANNOUNCE and SCHOOLS lists at
>http://mail.ale.org/mailman/listinfo

--
Jim Kinney
Linux Systems Analyst
Physicist/Brewer
http://jimkinney.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140902/26f95802/attachment.html>


More information about the Ale mailing list