Posted by: Ken Harthun
Hacking, spam, Spear phishing, Zero-day exploit, Zero-day vulnerability
I just got this from a friend of mine, Arindam Chakraborty, who is also a fellow Internet marketer: Warning About EFTPS Tax Phishing Emails!Like me and many, many other marketers, he uses AWeber Communications email marketing service to manage his subscriber lists. It seems that AWeber was hacked last Saturday. Here is their official notice: Email Subscriber Data Accessed; What We’re Doing About It. Here’s an excerpt.
Over the weekend, AWeber was the target of a deliberate and successful attempt to mine email addresses.
On Saturday, October 16th, an unknown person gained unauthorized access to databases containing email subscriber information.
This incident appears to be part of a broader series of similar successful attacks on a number of email service providers (ESPs).
This happened 2009 December as well:
December 21, 2009
AWeber was recently the victim of an intentional attack to mine email addresses.
We’d like to take this opportunity to share what happened, what was (and was not) affected and what we’re doing as a result of this attack.
Apparently, the attackers found a zero-day vulnerability in AWeber’s systems, though they’re not saying exactly what that was:
On a daily basis, a few thousand attempts are made to attack AWeber. This sounds like a lot (and it is), but it’s no different at any other sizable web-based application.
We use a combination of in-house and third-party security solutions to scan our network for possible “holes” in security, and to monitor, block and analyze the many attempts made to gain unauthorized access to AWeber. On the whole, these solutions are very good at what they do and this approach serves us well. Unfortunately, both the in-house and third-party solutions failed to detect or stop this particular attack.
I’d sure like to know what those “third-party solutions” are so I can patch them if they exist on any of my clients’ systems!