We're seeing reports at OtherInbox of spam emails sent to email lists that are hosted at iContact. Our users give each website a different email address so it's easy to see when they get abused. I received an email with the subject "Pharmacy Best Product Vicodin.Viagra!!!!!" to an email address that was only given to Shoeboxed.com (a great service that I love).
Other users are reporting emails to other companies that have no affiliation to Shoeboxed – but the one common thread seems to be that they all use iContact. Another list that is hosted at iContact and seems to be stolen is eApps.com. We know of at least 8 different companies affected by this so far.
Marek Isalski did a great job documenting the breach here.
There may be another explanation, so we've reached out to iContact on Twitter and are watching their blog for more info but so far they have not responded. Understandably, they are probably doing their own research before they make any announcements. (update: iContact has updated their blog acknowledging the issue but with few other details.)
Is your list hosted at iContact? Do you have any unique seeds on it? If so, leave a message in the comments and tell me if you received this same spam email.
Last 5 posts by Joshua Baer
- Please take a minute to vote for email panels at #SXSW 2012 - September 1st, 2011
- Looking Toward The Next Generation of Delivery Solutions - May 13th, 2011
- Welcome Green Arrow! - April 21st, 2011
- Wake up! @SilverPop adds a new feature to "Snooze" instead of Unsubscribe - April 21st, 2011
- Naturally Curly Seeks Email Marketing Manager - March 20th, 2011
Hi there,
Glad to read about this starting to get exposure. Just a small thing: maz/maznu is my alias, but Marek Isalski is my proper name =)
Take care,
Maz
It looks like Laura Atkins was right on top of this too… she blogged about it here yesterday http://blog.wordtothewise.com/2010/01/esps-leaking-email-addresses/
Done a bit more research, which is inconclusive, at http://blog.maz.nu/post/357792275/icontact-update
It would appear that one of the addresses that iContact.com have on file for me hasn't been compromised… or maybe I'm still waiting for the spam to be sent to it?
I'm starting to get reports from my site members about spam coming to their email address used to sign-up on my site. NOW it's starting to make sense since i use iContact for my newsletter.
Damn it.
We're digging into this over at Sneakemail because of many user complaints and because of suspiciously increased traffic.
http://sneakemail.com/bulk_cracked
we have lot's of unique email address used to subscribe to different lists, more then 20 used for lists hosted by icontact.
All of those address are now receiving spam
iContact has updated their blog acknowledging the breach. They don't allow comments, so I guess people just comment here instead!
http://www.icontact.com/blog?blog=6&paged=2
I came across this while doing some research on Icontact. Does anyone know if the situation has been resolved?
I came across this while doing some research on Icontact. Does anyone know if the situation has been resolved?
I want to know the result of it,if there don't permit the comment.
They don't allow comments, so I guess people just comment here instead!
I used aweber to store my contact lis