SCAM EMAIL BEING SENT

[nwiles]

While its good to hear you aren't storing CC data, you are storing PII (Personal Identifying Information) and it seems that some or all of that data has been disclosed.

Most people fail to understand that ANY information leak / disclosure is to much.

Cyber criminals collect data, all data, and build databases of information. They correlate and cross reference this information.
The criminals then use the combined data to better target fraud.

So having your name, email address, shipping address (which many times is the Credit Card Billing address) is really valuable.
If they have your card number and email from a different data breach, now they would have your address which makes the card data more valuable.

Further, they can scrape the emails and build relationship graphs. Fill in additional details from other data breaches.

From a legal perspective any disclosure of PII information is considered a data breach. Multiple US States have specific disclosure rules and the EU / GDPR rules also have specific rules that need to be followed.

sirhc, please seek out help to sort out how and where they got the information.

John Brown, CISSP (Certified Information Systems Security Professional)
While I run a WISP, I also do cyber security as part of my $dayjob

I agree, well said John Brown.

[ckoehler]

Your server probably isn't grounded correctly.

[sirhc]

Your server probably isn't grounded correctly.

[sirhc]

HOW LONG HAS THIS BEEN GOING ON!!!

We were first notified of this Monday. - 9/9/2019 by a distributor.

We had I think 4 people report this email.

3 of the 4 are Distributors which have their email address listed on our Distributor ReSeller page.

I reported this the same day it was reported by a non Distributor / Reseller which their email address was not clearly listed on our web site but that person is an Associate and their info can be found in the forum in posts.

You seem all upset for something that most likely is nothing but a possible annoying fake email from me offering a businesses deal to get you to provide information.

Again I do not think it was our web store(Magento) which even if it was we only store addresses, past orders, serial numbers, but no credit card or financial info.

If we were hacked or exploited it would be our mail server which is just email addresses, or our Forum but again no financial info.

Simply letting people know that any email they get from us that seems weird probably is weird and fake and to ignore it there is no evidence of any financial loss risk just annoying fishers which we advise you to ignore.

[sirhc]

While its good to hear you aren't storing CC data, you are storing PII (Personal Identifying Information) and it seems that some or all of that data has been disclosed.

Most people fail to understand that ANY information leak / disclosure is to much.

Cyber criminals collect data, all data, and build databases of information. They correlate and cross reference this information.
The criminals then use the combined data to better target fraud.

So having your name, email address, shipping address (which many times is the Credit Card Billing address) is really valuable.
If they have your card number and email from a different data breach, now they would have your address which makes the card data more valuable.

Further, they can scrape the emails and build relationship graphs. Fill in additional details from other data breaches.

From a legal perspective any disclosure of PII information is considered a data breach. Multiple US States have specific disclosure rules and the EU / GDPR rules also have specific rules that need to be followed.

sirhc, please seek out help to sort out how and where they got the information.

John Brown, CISSP (Certified Information Systems Security Professional)
While I run a WISP, I also do cyber security as part of my $dayjob

I can't say a leaked email address is a particular concern to me, nor you I assume since you've got your Name/Email/Location displayed on a public forum..

From what I can see so far all that have gotten emails either have their emails listed on our website as Disti/Reseller or users who have their email addresses as their username or elected under their forum profile settings to allow them to be emailed directly which means they simply harvested email addresses.

[sirhc]

HOW LONG HAS THIS BEEN GOING ON!!!

If you have not tried to cover this up and hide information, I find this sorely disappointing. I expect to not be told about a hack/information disclosure for MINIMALLY 3 months after it has happened, do you know what this is going to do to my calendar?!?!?!

Honestly, just reporting the possibility of an information disclosure is frustrating. I expect better from a company that does business internationally.

Please take a page out of Equfax's security notebook, they at least have the decency to not even report being hacked to the authorities until after their C level employees have had the chance to sell off stock.

The inability to follow standard industry practices these days is beginning to make me think these Millennials will really be the end of us all.

P.S. I have not gotten one of these emails, even more disappointing.

LOL I just re-read this. FUNNY SHIT !

[Steve_Bogons]

Bring it on Scammer, I'm ready for ya!!!

[maurizio@videobyte]

Thanks for the info

[sporkman]

FWIW, I've never received any such email, nor has the address that our company uses for any interactions via the store.

I'd be more likely to assume this is from a distributor or some other entity that deals largely with WISPs...

[sakita]

Just received an email this morning titled "New private message has arrived" from forum@netonix.com -

Hello sakita,

You have received a new private message from "Danielowent" to you account on "" with the following subject:

Khoa hoc ke toan thuc hanh

You can view your new message by clicking on the following link:

Link

You have requested that you be notified on this event, remember that you can always choose not to be notified of new messages by changing the appropriate setting in your profile.

_

Netonix

So, I logged in to the forum and there is no such mail or user named "Danielowent" - I cannot tell you what the link was because our email uses a tool that substitutes all links in emails.

The line "Khoa hoc ke toan thuc hanh" is Vietnamese that Google translates to "Complete Accounting Science"