Spam Emails from Flickr?
October 21, 2009 by Mike Wong • 11 Comments
Update: 10/27/09
I need to clarify my comment below about "the flickr/yahoo servers were breached in some fashion". I received an email from a Flickr employee today to let me know that the flickr systems WERE NOT breached. The spam is occurring due to an abuse in the share this feature of the flickr website. No systems were breached. My apologies for my earlier inaccurate statement below. There are two posts about this here and here.
We are still investigating what could have happened on our end for an email that was registered only ever with us to have gotten out. When we find out what happened, we'll post something on the blog here. In the meantime, if you have received one of these emails using an address you only ever submitted to onOne, I would appreciate it if you could contact me so we can ask a couple of questions to help narrow down where and how this could have occurred.
Specifically, we're looking to see (1) when you submitted that email address; (2) what kind of form did you submit your email on? Was it a trial download request? product registration? product purchase? tech support or customer service request? forum sign up? blog sign up? photo contest entry?
Thank you in advance for your assistance and patience.
-------------------------
I received a couple of emails from some onOne customers today because they received some spam emails from what appears to be the flickr domain. Apparently the email address that they received the spam email to was only ever used at onOne Software to register for a demo or purchase. We take this very seriously as we do not, have not, nor ever intend to sell, share or otherwise provide any information you provide to onOne to a third-party.
We have had our IT engineers examine our systems and there is no evidence that any of our systems, or customer databases were breached. Further, there is no evidence that our customer databases were exposed to anyone outside of onOne. Additionally, there is no evidence that any of our email service provider databases have been breached either. From what we have read online, it appears that the Flickr/Yahoo servers were breached in some fashion and allowed the spam to occur, likely sending to a large number of email addresses that may or may not have been associated with Flickr accounts.
I have received two of these "flickr" spam emails to two of my personal email addresses that I know for a fact, are not in any of the onOne customer databases. Neither of those email addresses are associated with Flickr either, so I'm not sure what is going on, but I can assure you that we at onOne Software have not sold or otherwise made available any email addresses that have been registered with onOne Software via our web site.
Here is a link on the Flickr help forum about this topic as well: http://www.flickr.com/help/forum/110000/?search=spam
I’m another who’s received spam to an email address I created solely for interaction with onOne, which is something I do for every company and site specifically so that I’ll know exactly from whence my spam originates.
That address will now be going away.
I received each set of emails twice, to two separate email addresses. Both were email addresses I had used to interact with onOne, and one of them I used exclusively with onOne.
Your engineers may say that there’s been no breach, but there’s clearly been one. It’s quite possible that the spammers using Flickr’s servers are using a list that comprises more than just onOne-harvested email addresses, but you can’t seriously deny that email addresses given only to onOne have gotten into their hands.
I was one of the people complaining about this. (And I didn’t hear anything from your Customer Support, BTW.)
I can tell you that I still DO know for a fact that my one-time email address was taken from a database that OnOneSoftware is responsible for. It was the unique address I used for downloading demo software. And OnOne sent me an email newsletter on this address for a while. Maybe emailroi.com “stole” your list of customers / prospects?
I too have just received flickr spam to 2 different e-mail addresses that where only used with onOne.
The first was sent last night to onone@MYDOMAIN, filtering my e-mails shows this address was only used to download the demo of “Genuine Fractals Print Pro 5″ on 3rd October last year.
The second was sent to ononesoftware@MYDOMAIN which has only ever been used to download DSLR Remote Server on 27 August 2009, and PhotoTools 2 Lite on 20 September 2009.
It is clear that your database has somehow been breached.
Yip, I’m the same – “onone@mydomain” – created for just this sort of reason and never used elsewhere. You might as well just apologise – even if you can’t find the source, it does look like your database has been compromised in some way.
Same problem here, also got spam on an email address onone@mydomain, never used it for any other purpose, only here on the blog and to send email with your support center.
Thanks for the comments everybody. We’re digging deeper into the issue. I am sorry for any inconvenience this has caused.
Thanks for the post about this Mike. I got the emails in question too, I went to the page and thought it was strange. Thanks for the info.
I’ll add one more complaint to the pool. I too created a unique email address specifically for the purpose of downloading trial software. Until the spam started seeping in, this address had only received a confirmation from onOne upon applying for the trial copy. Never once was it used for any other purpose.
I have received two .different. spam email messages to an email address I specifically created for correspondence with your company, ononesoftware@domain. And like everyone here, I create a unique email address with every company I do business with on the internet so I know .exactly. where my spam is coming from. Like the other commentators, the email address was never used for any other correspondence.
I only received the spam after I clicked on a link in your latest newsletter which announced the expected release of your new software suite. I signed up for a trial of genuine fractal about 1-2 years ago – but I used my yahoo account for that. When I submitted my Plug-In Suite 4.5 purchase order on or about Fri, 19 Jun 2009, I supplied my unique email address: ononesoftware@domain, to your online order form.
It is very obvious to me that private data has been stolen from your servers and the only reason you are hearing about it is because of people like us who create unique email addresses with each online company we purchase from.
What should be worth noting that this is the second time, in the last 8 months, that a unique email address provided to a particular online provider has been harvested/stolen/leaked in all of the 13 years I have been purchasing items online.
@Zoe: We are still looking into the cause and source of the leak. I hope to be able to share more information with everybody on this next week as a new blog entry. While I can’t yet rule it out, I don’t think the link in the newsletter had anything to do with the spam you’re receiving. Several others, including myself, have been receiving these spam messages before the newsletter went out. I suspect that your email that was registered with us in the demo download of Genuine Fractals is the where the spammers got it from.
I am really sorry that this is happening to everybody. Again, I will post as much information (how it happened, what we’re doing to prevent it again, etc) as I can as soon as our team gets to the bottom of it.