Page 7 of 10

Re: Ameritrade settlement

PostPosted: Fri Sep 14, 2007 11:19 pm
by SysKoll
SysKoll wrote:
jgombos wrote:I responded to Ameritrade essentially stating that investigating the attacker is inadequite, and that they need to take steps to ensure email addresses are protected from insiders. I also asked for compensation for the disclosure. Here is the body of their response:
Ameritrade wrote:We appreciate your comments and suggestions regarding the Spam e-mails you have received. We will definitely keep you posted on any information that becomes available in this matter and of any future actions we take to mitigate the improper disclosure of your e-mail address. In the meantime, I have provided a copy of your letter to our Information Security department for their review. In an effort to help make up for your frustration, I?ve credited your account with 10 commission-free Internet equity trades good until November 1, 2006. This is everything I can do in this matter.

I personally thank you for the opportunity to be of service in this matter. On behalf of TD AMERITRADE, we look forward to serving your investment needs in the future.

It's a great response. That's the response I was looking for.

Any news on their "investigation"?


Looks like there is news about Ameritrade. They got pwned, and so did clients' data! See this iWeek story.

It was kind of obvious for those who followed the Ameritrade saga that started here in 2005, but it's nice to see them confirm it, finally.

Remember, you read it here first!

PostPosted: Thu Sep 20, 2007 2:44 pm
by Odomus
word | max count | re-main-ing | sent | deleted | created (UTC) | full address
HotGiftZone | 5 | 0 | 5 | 5516 | 2007-06-05 16:42 | HotGiftZone.<username>

Oddly only 3 months, and over 5500 messages eaten? I got what I needed in the first 3 messages(which wasent real and I know what was and wasent)
Also... yes I did see the OPT-IN notice... BUT I did Opt-OUT immed by both means(Online and Writen) I also have a PO Box that is How I know how it was done(I used Firstname: Odomus // LastName: HotGiftZone)... and I used my PO Box as a return mail Place, and Man... they even Send you crap mail to there. Also, so even that place above Unregistering, and their 'Real Life' Address of:
Customer Service Department
13762 W. SR. 84, Suite 612
Davie, FL 33325
To opt out from them still havests both Email and RL addresses to send you Junk. So becareful of both.
Thankgod for PO Boxes never reached my RL address.
Stoped the junk there by PO box Thank god by just stopping it there meaning they even screen my junk I love them for doing that returning my junk back to them because my RL name is on the account there and the account doesnt match what is really there man, and here by SG... Life saver really.

But all in all this Messaage I know isnt a 'Companies that spam or sell your address!' to a poiant cause I did sign up and thei 'OPT-IN' is automatic for 3rd parties... BUT I did 'Opt-Out' As soon as I got from them the real'legit' email from them which was in the first 3 emails. Which then I immed Opted out / unsusribed and they still kept Emailing SPam/Junk and Snail Mailing Spam/Junk... so that is why I am putting this here for both reasons.

Sorry if this is long and arderous to read but it is more of a warning
than anything and this is a good place to put it.


FYI: To get past a PO Box where it says 'Not Able to deliver to a PO Box' get a Box that is at a Mail'N'More type place not a Real PO Box from the Post Office, I found depending on the Post Office you either MUST HAVE the word 'PO Box ####' which then in turn sends this to the PO in the ZipCode(which is your Area PO).
But a Mail'N'More has its own address, and you only have to use their own address plus your Box Number which looks like a Apt Address, or Business Address either way Ie: Arizona Mail Center in AZ, which is a Mail'N'More type of place all you have to have is a Sute, or even Apt, or just '#201' which makes it look either Business or Apt. Keep in mind some places do deliever to the # right off the bat till you tell them this doesnt belong to you... which is 'JUST LIKE SG!' first what 3-5(Depending on what you have as your MAX deliveries in SG) will be taken yet then poof they never get delievered there again... Great for spam, and great for RL spam I love it. Also keep in mind some places dont like this some places are deal in this so keep this in mind when looking for a place like this. I have mine which I pay for the minimum small ass box, the smallest, which runs me 5$ a month, and packages all in all in none of them the big ones which is all i get can never fit in there anyways doesnt cost extra, and they leave you a key to get either into the big recepticol... or they just have it in the back waiting for you, like a real post office does when they cant beliver a package to your RL address cause it is too big.
(Sorry for the Long FYI)

PostPosted: Mon Feb 18, 2008 3:30 pm
by sim213
Gevalia Coffee leaked an email address to spammers that I provided them with less than two months ago. This is the second time Gevalia has leaked a unique address I provided them, each time on a new account.

PostPosted: Fri Feb 22, 2008 11:30 pm
by vellire
David's Bridal sold my address to JCPenney.

Gevalia Coffee

PostPosted: Mon Feb 25, 2008 8:43 pm
by Jim27106
I got a couple of Spam from b]Gevalia[/b] Coffee (probably an affilate). I think they don't really care about the spam problem.

PostPosted: Sat Mar 08, 2008 10:43 am
by lwc
I'm speechless! I've just got a Nigerian Scam (well, two identical messagse really) from an eBay only address!!!!!! No one alive knows this address except eBay! There's no way someone guessed this because the "to" field contains a "*"!

Whenever I interacted with someone in eBay, I used the internal PM system.

I can't believe eBay sold me out.

PostPosted: Sun Mar 09, 2008 9:18 pm
by SysKoll

Are you positive there is no way for some other user of eBay to have obtained your address? Doesn't eBay automatically send a message to whoever you deal with? Doesn't this message contain your email address?

PostPosted: Mon Mar 10, 2008 2:31 pm
by lwc
I see no reason why it wouldn't be like any other online PM system. But if you have a user there, we can test it and know for sure (assuming they didn't change anything in their PM system over time). sells your address

PostPosted: Tue Mar 18, 2008 2:01 pm
by SysKoll
A few months ago, I ordered something from, a French company. No, it wasn't cheese, it was a heavy duty French layout keyboard. Obviously, I used a custom disposable containing the name of the company.

This morning, I received a spam (in French) on this disposable. Had Wifissime's machines be a victim of a virus, the spam would most certainly not have been in French, since the amount of French language spam in the total is very small. Moreover, the spam was targeting small businesses, exactly the customer base of Wifissime.

So it's pretty clear that the little buggers sell their clients' addresses.

EDIT: The plot thickens! See below.

Spam from

PostPosted: Fri Mar 21, 2008 8:52 pm
by SysKoll
Actually, the disposable was apparently never sold by Wifissime. The manager of the company, who seems to have a clue, sent me a long email vigorously denying that he solds customer contact info. We swapped the usual "check your windows machine for viruses" advices. But it seems my disposable hasn't been collected to a virus. Otherwise, I'd have gotten the usual English and Chinese spam. Instead, it is strictly French spam. Targetted. Stolen from a French company to spam French-speaking people.

Moreover, the spammer is not even hiding. It's Mailperformance, a Paris-based company owned by one St?phane Zittoun. The spammer even touts his "targetted email services" in a French website, complete with a mugshot of this revolting bastard: ... r-vos.html

They have 30 employees. Apparently, there are a lot of clueless firms out there ready to pay for aggravating people and turning potential customers into lifetime enemies. For instance, after getting a Zittoun spam for Pierre Ricaud cosmetics, I will never let people in my houshold purchase this brand. If they are stupid enough to pay for spam, they are probably subcontracting quality control to a Chinese factory that uses recycled battery acid to make skin lotion.

It remains to be seen how Zittoun got my email. I'll venture a guess and say Wifissime has a dishonest employee.

One look at the log showed me that Zittoun's servers are spewing spam by the hundred onto spamgourmet's machine, using domains such as,, etc.

Well, problem solved.

PostPosted: Mon Mar 24, 2008 9:00 am
by lwc
I will never let people in my houshold purchase this brand.

Easy enough for a brand, but not for, say, eBay as a whole. I've just had to hide my eBay only address because the few drops of spam messages turned into a flood. But what can I do? Swear I will never buy from eBay? It's like swearing I'll never buy in a supermarket...

Defense of woot

PostPosted: Wed Jun 18, 2008 3:17 am
by thormj
I've been a woot member for ~2 years now, and haven't been hit...

Re: Companies that spam or sell your address!

PostPosted: Sat Nov 29, 2008 7:10 pm
by gourmet
I just started to get a lot of spam to address that is given only to boxstr for 100% sureness.

Thank you for selling out my private email address.

Spam mail which I got seems to be most propably malware trap (using url link in email). I didn't check it out.

PostPosted: Thu Jan 08, 2009 1:48 am
by Jim27106
SysKoll wrote:Lwc,

Are you positive there is no way for some other user of eBay to have obtained your address? Doesn't eBay automatically send a message to whoever you deal with? Doesn't this message contain your email address?

eBay definitely sends out messages with your address as a reply message on occasion. I've changed my eBay disposable twice. Once was because of a virus. Someone I had dealings with must of contracted a virus because I got these messages.

I think I aslo changed it because of some spam. I know one of the live auction houses send me all sorts of messages at one point in time. It wasn't that bad because I knew I could shut them off at wonder SpamGourmet if they didn't honor an unsubscribe.

Re: Ameritrade settlement

PostPosted: Thu Jan 08, 2009 7:32 am
by gourmet
SysKoll wrote:Looks like there is news about Ameritrade. They got pwned, and so did clients' data!

It's very alarming that those kind of things can happen.

I got spam to address only given to company, but that was a few years a go. I really wonder how that's possible. Afaik, if banks, lawers and mutual fund companies sell email addresses or leak those. What else they'll leak?

My friend started to get many kinds of advertisement magazines offering all kinds of expensive stuff. When he invested half an million to one fund management company. (Not Fim) I thought that customer relation ship is strinctly confidental...