Epsilon Email Leak Means You Will See More Spam

Epsilon, an email marketing company used by many major companies, reported that their server security was breached early in April, and that thousand of email addresses had been harvested by hackers.  The affected email addresses were from marketing lists for companies such as Best Buy, Walgreens, US Bank, Capitol One, Fry’s, Wal-Mart, TiVo, JP Morgan Chase, Disney Destinations, Marriot rewards, McKinsey, Beachbody, 1-800Flowers, marks & Spencer, Hilton, Lacoste, and presumably others.  If you did business with these companies on-line, you have probably been notified by email, as I have.  Your email address is in the wild.

The good news is that all that was lost was names and email addresses.  No personal information, credit card, or financial data were stored on the affected servers.

The bad news is that this list of email addresses is considered by spammers to be a gold mine of verified email addresses.  The list will be sold over and over to spam purveyors around the world, and if you received notification from one of your on-line vendors or service providers, you can expect to see an increase in the junk mail hitting your inbox.

What can you do?  If you are not taking advantage of some form of spam filtering in your email account, you might want to start.  Many email providers have spam filtering available if you enable it, some charge extra for this service.  If you read your email in MS Outlook 2003, 2007, or 2010 version, junk mail filtering is part of the package, just make sure you have allowed Windows Update to update your Office applications as well, so you continue to receive updates to the junk mail filtering components.  Most major Internet Security Suites contain a spam filtering component as well, but again you need to be reading your mail in Outlook, Outlook Express, Windows Mail or a similar email software product, and not on the web.  if you use a browser to read your email, spam filtering software will not help.

You could open an  new email account, notify everyone of the new address, and begin the lengthy process of updating all of your on line services with the new address.  This is complicated by the fact that many web sites and on-line stores use your email address as the user ID.  you will want to leave the old email account open until you are positive everyone had been notified and all you on-line accounts have been updated.

There are worse things that can happen to you on-line, so this event, while not trivial, falls more in the nuisance category that the threat category.  But be aware that you may be getting more convincing phishing type emails.  A healthy dose of suspicion is always a good idea when you get “problem” emails from vendors.  It will be wise to be wary for a while.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.