[Asterisk-biz] Data leak at Packet8 turns customers into
phishing targets
Robert Webb
asterisk at ropeguru.com
Wed Sep 14 05:04:29 MST 2005
On Tue, 13 Sep 2005 21:57:38 -0700
"Trevor G. Hammonds" <trevor at skyhost.net> wrote:
> VoIP provider spills customer emails
> Data leak at Packet8 turns customers into phishing
>targets
> ----------------------------------------------------------
> Tom Sanders in California, vnunet.com 13 Sep 2005
> ----------------------------------------------------------
> Internet telephony provider Packet8 has accidentally
>disclosed the email
> addresses of 21,000 of its subscribers.
>
> Packet8 sells internet telephony services to consumers
>and businesses in
> North America, allowing them to place telephone calls to
>regular phone
> numbers at a discounted rate. The VoIP provider has more
>than 73,000
> subscribers.
>
> Joan Citelli, director of corporate communications at
>Packet8, told
> vnunet.com that the data leak occurred when an employee
>accidentally
> attached a spreadsheet containing the email addresses to
>the monthly Packet8
> email newsletter sent last Thursday.
>
> The file contained no data other than the email
>addresses of subscribers of
> the opt-in newsletter.
>
> Packet8 has instituted additional checks to prevent
>future security lapses.
> "It was a one-time fluke. I do not expect it to happen
>again," said Citelli.
>
>
> The firm sent an email to customers on Friday
>apologising for the data
> disclosure.
>
> Andrew Lockhart, director of product marketing at email
>security vendor
> Postini, said that Packet8 customers are likely to
>become the target for
> phishing attacks if criminals get hold of the list.
>
> "This just makes it easier for the spammers and
>phishers," he told
> vnunet.com.
>
> Knowing that the addresses on the list are all Packet8
>customers, phishers
> could send emails that appear to come from Packet8.
>
> The email could then fool them into disclosing
>confidential information by
> asking them to re-enter credit card information or
>log-in name and password.
>
>
> "The fact that this list is identifiable as being of
>customers of the
> service makes it potentially more dangerous," said
>Lockhart.
>
> The mishap could have easily been prevented, he added,
>as there are numerous
> tools available that scan outgoing email messages for
>unwanted content and
> attachments.
>
> Permalink to this story
> www.vnunet.com/2142205
>
Yeah right... One time my A$$!!! Here is a copy of a post
from BroadBand Reports in a thread about this. Apparently
it happened back in 2003 also??
http://www.dslreports.com/forum/remark,14330593
"Dear Packet8 subscriber,
On Friday, January 3 [2003], our marketing team
erroneously attached a partial list of Packet8
subscribers' e-mail addresses to a billing notice that was
sent to your e-mail address. We apologize for this
accidental disclosure and assure you that it will not
happen again. 8x8 respects your privacy and values our
customer relationships. The complete text of the Packet8
privacy policy can be found at
www.packet8.net/about/privacy.asp for your reference.
As we continue to improve the Packet8 service and its
offerings, we would appreciate any feedback you may wish
to provide. You can reach me on Packet8 at 1-408-404-3033
or at the e-mail address above.
-Bryan Martin
President & CEO, 8x8, Inc."
More information about the asterisk-biz
mailing list