Epsilon breach used four-month-old attack

By on
Epsilon breach used four-month-old attack

ReturnPath had warned partners of breach in November.

A data breach exposing the customer details of the likes of Citigroup, Hilton Hotels and Dell Australia was part of a series of socially-engineered attacks first reported by an Epsilon technology partner some four months ago, iTnews can reveal.

The world’s largest email service provider, Epsilon, disclosed on April 1, 2011 that the data it manages on behalf of a subset of its 2500 global clients had been accessed by hackers the day prior.

Today iTnews can reveal that Epsilon has been aware of the vulnerability behind this attack for some months.

In late November, Epsilon partner ReturnPath – which provides monitoring and authentication services to email service providers - warned customers about a series of coordinated phishing and hacking attacks levelled at the mailing list industry.

Neil Schwartzman, senior director of security strategy at Return Path’s ‘Email Intelligence Group’ warned its partners of “an organized, deliberate, and destructive attack clearly intent on gaining access to industry-grade email deployment systems”.

He said that the phishing attacks were targeted specifically at employees at email service providers that had specific access to email operations.

Schwartzman offered an example to illustrate:

“Hey Neil, it’s Michelle here, it has been a long time huh ? how’re you doing ? how’s your work with Return Path ? Is everything ok there ? Hey, can you believe it! I got married to Brian ! Yes I did. I tried to call but you did not answer. You have changed your number, haven’t you? Just give meyour current telephone number if you read this mail. It’s really a pity that we did not see you in our wedding. I wanted to invite you so much. Well, here I’m sending you a few pics taken in our wedding:


Let’s keep in touch then.


Michelle & Brian”

The link in the body of the email took the user to a page that downloaded three malware programs – one that disables anti-virus software, another (iStealer) that is a Trojan keylogger to steal passwords, and a third (CyberGate) which offers hackers remote administration of the infected machine.

“The potential consequences should ESP [email service provider] client mailing lists be compromised at this time of the year is unimaginable,” Schwartzman told customers.

Schwartzman’s nightmare came true within days.

By December 10, drugstore giant Walgreens – today an Epsilon customer - revealed that it had been the victim of a phishing attack levelled at its customers.

On December 13, fellow email service provider Silverpop Services revealed that it too had “recently detected suspicious activity in a small percentage of customer accounts”, and responded by changing all passwords and engaging the FBI’s cybercrime division.

In the days that followed, it was revealed that McDonalds and Play.com customers had been hit with phishing attacks as a result of this breach.

In an update on December 15, Silverpop chief executive Bill Nussey revealed that the company was “working with industry peers to share what we have learned” from the attack.

Epsilon – the world’s largest email service provider and a ReturnPath partner – subsequently installed systems designed to alert administrators to unusual patterns in the downloading of data.

It was this system that kicked in on March 30, 2011 and the company subsequently informed its clients of a data breach affecting two percent of its large customer base.

“Epsilon is working with Federal authorities, as well as other outside forensics experts, to both investigate this matter and to ensure that any additional security safeguards needed will be promptly implemented,” the company said in a statement overnight.

The challenge for Epsilon will be to now convince its clients that it had done enough to protect their data, considering the number of months it had known of the vulnerability.

Copyright © iTnews.com.au . All rights reserved.

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register


New Windows 10 users, are you upgrading from...
Windows 8
Windows 7
Windows XP
Another operating system
Windows Vista
How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
ISPs should foot the whole bill
Government should chip in a bit
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

|  Forgot your password?