A privacy breach at eMusic?

I just received some spam at an email address that I’ve used only to sign up for eMusic. It seems I’m not the only one, either: http://trainedmonkey.com/2006/11/17/privacy_breach_at_emusic_.

There seems to be three distinct possibilities here:

  1. Their security was compromised (either internally or externally) and someone got a hold of their customer list.
  2. They blatantly gave away email addresses.
  3. Some spammer decided to randomly send spam to emusic@ a whole lot of domains.

1 & 2? Plausible.

3? Implausible. If you want a message to get through, you’re going to use info@, support@, sales@, etc. The number of people who would have emusic@ forwarding to anything remotely useful is significantly lower. Do spammers send mail to other user accounts? On occasion, but usually they use made-up user accounts as part of bogus “from” addresses, not “to” addresses.

I forwarded the message to eMusic’s support team yesterday, but haven’t heard anything back. I’ll give them a call on Monday and see what they say.

To everyone else – did you get this message on an email address that you used to sign up for eMusic?

Here’s the actual message:

From: Affiliate253@MyOwnCreditCoach.com
Subject: Credit tips enclosed – 58tks01
Date: November 30, 2006 3:58:17 AM PST
To: ( My EMusic Address )
Reply-To: Affiliate253@MyOwnCreditCoach.com

Good afternoon!

Good afternoon!

My name is Michael Matson and I wanted to connect with you briefly because
I am offering a new eBook all about credit, credit repair, the credit
reporting agencies, and how to boost your credit score by applying a few
simple concepts which I will be sharing with subscribers.

For those who act right away, I will be giving away some very powerful
bonus items at no cost.

Please register for the course here: http://www64.MyOwnCreditCoach.com

There is absolutely zero risk, and it will definatly give you a leg-up to
make your credit rating soar with eagles.

Again here is the link: http://www00.MyOwnCreditCoach.com

Feel free to share this with a friend but send it today, because I’m not
sure how long I am going to keep the price so low!

Thanks for being open to trying my mini-course and I’ll see you on the
other side!

Best regards,
Michael Matson

This communications was sent to: (address). We have no desire to send you
information at (address) that is unwanted.
If you want to be excluded from future Afilliate Ventures, SA mailings
please submit a REM0VE ME: http://www11.MyOwnCreditCoach.com/r/

2017-02-13T13:10:24+00:00 December 1st, 2006|4 Comments


  1. Nick Askew February 28, 2007 at 8:17 am

    I too received several emails from ‘Michael Matson’ addressed to the unique email address I used to sign up to eMusic, never used anywhere else.. it can only have been distributed (my email address that is, not the spam) by eMusic.com

    Today I received one from Karen Peterson, telling me to contact an agent who has US$1.5M waiting for me.. again to the email address I soley used to subscribe to eMusic dot com.

    I wrote a letter of complaint to them after I received the first email from Michael Matson on the 26/11/2006, and received no reply. I received three further emails from ‘Michael Matson’ on 01/12/2006, 08/12/2006 and 11/12/2006.

    I dislike companies that do not appreciate the concept of data protection, I dislike companies even more for ignoring complaints and trying to ‘sweep it under the carpet’. I would be very interested to locate more people suffering Michael Matson syndrome so we can put our heads together to give eMusic the rude awakening they obviously deserve.


    Nick Askew

  2. Nick June 23, 2007 at 3:02 pm

    I get spam all the time to an address that only emusic have ever been given. Like Nick Askew, I find it’s mostly advance fee fraud (“419”) spam. Emusic has clearly had a security breach. No reply from them when I reported the problem though, except for a request for a copy of some of the emails; then silence. Perhaps they’d claim as other hacked companies have done, that it could be a dictionary attack. I know I haven’t ever been subjected to a dictionary attack: no-one has ever tried to deliver an email to an address I haven’t given out.

    I’ve about six companies leak unique email addresses to spammers, but emusic is much the biggest of these companies. We need laws to require companies to come clean when they let our personal information be stolen.

  3. Troy April 22, 2008 at 1:02 am

    I found this old blog post of after searching for other people who’ve gotten spam at their emusic-only address. I wanted to find out if there was indeed a pattern… Interestingly, my first UCE just showed up today (more 419 crapola) though I’ve been with emusic for a couple of years now.

    I don’t really want lossy 160kbps tunage anyway.

  4. Nawak September 3, 2008 at 11:43 am

    I just started receiving spam on my emusic-only e-mail account.
    I don’t think it’s a security breach, or it’s been going on for more than two years??
    I think they just sell e-mails to get some money. It’s to be expected from a company whose revenue model seems quite fragile.
    Anyway, time to update the virtual user table.

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.