I suspect whoever hacked into Monster.com also sold the e-mail addresses they found

Certifications

RSS

Last Google search to here

administrative template Outlook conferencing
OCS set P-Asserted-Identity
powershell tests prometric
forefront client security hotfixes
telephonymode communicator

Monday, September 17. 2007

I suspect whoever hacked into Monster.com also sold the e-mail addresses they found

The reason I state this is due to the influx of spam coming from an e-mail address that is only used at Monster.com. I haven't been to the site in ages, but I was informed of the security breach earlier this year.

Whenever I need to setup an account with a company, I typically will put the name of the company as the e-mail address combined with one of the domain names I own.

A good example would be if there was a company called SuperWidgets and I setup an account with them, I would set my e-mail address for them as superwidgets@somedomainnameiown.com.

If I suddenly receive spam coming into that address, I know they have either sold my e-mail address without my permission or snuck it into a terms-of-service update without me catching it or someone has obtained the list of e-mail addresses.

If I don't want to deal with the company anymore or the spam associated with it, I will deactivate that e-mail alias on my domain. It can become a bit cumbersome to maintain but it is any excellent way to pre-whitelist or ban certain e-mail addresses without giving out your main e-mail address or domain.

I suspect my Monster e-mail alias is going to buh-bye shortly if this spam trend continues. Keep an eye out for increased spam to your Monster.com's e-mail addresses and please let me know if you notice it too.

in IT, Personal, Security at 14:43 | Comments (2)

1161 hits

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

Similar to that is what I like about gmail.. you can add your own spaceless comment by adding a "+" then the word. So instead of me@gmail.com I could do me+monster@gmail.com. The only drawback is some email validation scripts consider the "+" as an invalid character. I have included it in my validation scripts going forward and recommend everyone else follow suite. It's great for filtering and knowing where your email addy is heading off to until they start implement cleaner scripts to remove it.

#1 bLiTzJoN (Homepage) on 2007-09-18 10:05 (Reply)

I started getting spam soon after registering at Monster.com. I had my gmail account for more than a year without one single piece of spam. Now I'm getting 1-2 a day. It's the only time I registered that email with a single website. The only people that use that email are close friends and family. They also sent it to military.com, which started spamming the crap out of me too saying that they got my email from Monster and I needed to update my military.com profile, which I dont have. Thanks Monster!

#2 Andrew on 2007-12-05 15:03 (Reply)

Add Comment