corsasport.co.uk
 

Corsa Sport » Message Board » Off Day » partsgateway.co.uk data breach » Post Reply

Post Reply
Who Can Post? All users can post new topics and all users can reply.
Icon:
Formatting Mode:
Normal
Advanced
Help

Insert Bold text Insert Italicized text Insert Underlined text Insert Centered text Insert a Hyperlink Insert Email Hyperlink Insert an Image Insert Code Formatted text Insert Quoted text
Message:
HTML is Off
Smilies are On
BB Code is On
[img] Code is On
Post Options: Disable smileys?
Turn BBCode off?
Receive email notification of new replies?

evilrob

posted on 15th Feb 17 at 22:30

:lol:


Ian

posted on 15th Feb 17 at 20:07

teenagechristianity.com :lol:

That well known automotive parts supplier


Ian

posted on 15th Feb 17 at 20:06

Dear Mr Ian,Thank you for placing an order with us.For your reference your order number isCGD8168BHHX. Please note this is an automated email. Please do not reply to this email. teenagechristianity.com/notification/notification-processing-CGD8168BHHX.doc Your order has been placed and items in stock will be sent to the address shown below. Please check all the details of the order to ensure they are correct as we will be unable to make changes once the order has been processed. You will have been notified at the point of order if an item is out of stock already with expected delivery date.

[Edited on 21-04-2020 by Ian]


Ian

posted on 15th Feb 17 at 15:39

quote:
Originally posted by evilrob
they've only warned those they know could trace the data back to them rather than a full disclosure to their customer base.


That's exactly what's happened!


evilrob

posted on 15th Feb 17 at 14:14

Reason I asked was to see if they'd only sent it to those with partsgateway or similar in their email address - i.e. they've only warned those they know could trace the data back to them rather than a full disclosure to their customer base.

Sneaky.

So I can delete the email address. Should I also move house as well?

I appreciate it's going to take them some time to sort out but they should really take it offline until they are sure it's secure! They should also warn other customers to look out for the phishing scam.

[Edited on 15-02-2017 by evilrob]


Ian

posted on 15th Feb 17 at 14:00

No not had that one, if only it were that easy eh.

Might be that they've only sent that to people who are using PG in the address so they've figured its a throw-away box.


evilrob

posted on 15th Feb 17 at 13:29

quote:
Hi,

We have been made aware of a spam email being targeted to partsgateway@[mydomain].co.uk. Unfortunately we were the victims of an attack where the perpetrators were able to gain access via a V Bulletin work forum to access the user database. We must stress no financial records are stored.

We are currently going through every line of code from the last 16 years, taking various parts of the site offline and reviewing all security layers but as a small site with limited resources this will take some time. We are also due to migrate to new servers which will further bolster our defences.

In the meantime can you please delete the email account partsgateway@[mydomain].co.uk to avoid any future exposure. We have also removed all traces of your details on the server. Please accept our sincere apologies for the inconvenience this has caused.

Regards

User Support
www.partsgateway.co.uk


evilrob

posted on 15th Feb 17 at 13:26

Hey Ian - you seen the hilarious email from PartsGateway this morning confirming they've been breached and suggesting you delete your email address?


evilrob

posted on 14th Feb 17 at 15:44

That's the one!


Ian

posted on 14th Feb 17 at 15:04

I got one this morning

Dear Mr Ian,

Thank you for placing an order with us.

For your reference your order number isN30120961-721.

Please note this is an automated email. Please do not reply to this email.

http://azurebiosystems.net/customerarea/notification-processing-N30120961-721.doc

Your order has been placed and items in stock will be sent to the address shown below. Please check all the details of the order to ensure they are correct as we will be unable to make changes once the order has been processed. You will have been notified at the point of order if an item is out of stock already with expected delivery date.

No house number though although the rest of it is right for a flat I moved out of last year.

[Edited on 21-04-2020 by Ian]


evilrob

posted on 14th Feb 17 at 14:37

This issue has made it into the tech press:

http://www.theregister.co.uk/2017/02/14/uk_car_parts_website_insecure_worries/


ed

posted on 7th Feb 17 at 18:41

I do that trick too - good to see who's been selling your data on! A guy I used to work with used to use company name @ domain whenever dealing with big companies - said the reaction was priceless sometimes when telling someone on the phone that his email address was something like admiralinsurance@something.com :lol:

[Edited on 07-02-2017 by ed]


Ian

posted on 7th Feb 17 at 17:52

Still a good idea. There must be a way to do it with a less obvious set of characters but without a collision with other boxes. At least to the point where its enough messing so as not to bother.


evilrob

posted on 7th Feb 17 at 15:21

quote:
Originally posted by Ian
So you can put any string after the + sign and you still get the email?

Yep! :)

quote:
Originally posted by Ian
Not completely infallible to spammers though as you could derive the main box from that, it appears not many bother?

I've not seen it yet. I'm sure it's only a matter of time.


Ian

posted on 7th Feb 17 at 14:43

So you can put any string after the + sign and you still get the email?

That's very clever and very handy.

Not completely infallible to spammers though as you could derive the main box from that, it appears not many bother?


Generation

posted on 7th Feb 17 at 11:41

MKes much more sense


evilrob

posted on 7th Feb 17 at 11:07

quote:
Originally posted by luciaadr
Trivial to do on Gmail

^ This.

quote:
Originally posted by Generation
You set up a new email for everything :lol:

Sound fkin mental

Not literally set up a new e-mail address, that *would* be mental. All the emails go into one inbox. I do something like this (works in Outlook as well):
http://www.wikihow.com/Use-Plus-Addressing-in-Gmail

You can set up rules to makes it easy to file emails as they come in or automatically delete them if the address makes its way onto a spam list or you simply don't want to hear from that company any more - way easier than going through any given "unsubscribe" process.


Generation

posted on 7th Feb 17 at 08:50

I don't remember doing that, I'm yet to see a bumper car be road worthy


luciaadr

posted on 7th Feb 17 at 08:12

Says the person who turned his corsa into a bumper car

Trivial to do on Gmail


Generation

posted on 7th Feb 17 at 08:06

You set up a new email for everything :lol:


Sound fkin mental


evilrob

posted on 6th Feb 17 at 22:31

This lot appear to have suffered a data breach; I just received a phishing e-mail that LOOKS like an order confirmation for car parts, containing an old address and phone number of mine, sent to an e-mail address unique to my Parts Gateway account (I specifically set up a new e-mail address for anything I sign up to online so I can tell where an incoming email from a naughty third party has got my data from).

Basically it looks legit, but I imagine if you click on the links you'll either download some AIDS to your computer or they'll try to get passwords or credit card details out of you.

Not a lot anyone can do about it now, but if you receive an e-mail that looks like an order confirmation for car parts with your name, address and phone number on it, report it to your e-mail provider as spam/phishing, don't click on any of the links, and complain to Parts Gateway if you can be bothered!

Please copy/paste this message to other car communities you may be a part of so hopefully fewer people get scammed.

:thumbs:

[Edited on 06-02-2017 by evilrob]