I just received some spam at an email address that I’ve used only to sign up for eMusic. It seems I’m not the only one, either: http://trainedmonkey.com/2006/11/17/privacy_breach_at_emusic_.
There seems to be three distinct possibilities here:
- Their security was compromised (either internally or externally) and someone got a hold of their customer list.
- They blatantly gave away email addresses.
- Some spammer decided to randomly send spam to emusic@ a whole lot of domains.
1 & 2? Plausible.
3? Implausible. If you want a message to get through, you’re going to use info@, support@, sales@, etc. The number of people who would have emusic@ forwarding to anything remotely useful is significantly lower. Do spammers send mail to other user accounts? On occasion, but usually they use made-up user accounts as part of bogus “from” addresses, not “to” addresses.
I forwarded the message to eMusic’s support team yesterday, but haven’t heard anything back. I’ll give them a call on Monday and see what they say.
To everyone else – did you get this message on an email address that you used to sign up for eMusic?
Here’s the actual message:
Subject: Credit tips enclosed – 58tks01
Date: November 30, 2006 3:58:17 AM PST
To: ( My EMusic Address )
My name is Michael Matson and I wanted to connect with you briefly because
I am offering a new eBook all about credit, credit repair, the credit
reporting agencies, and how to boost your credit score by applying a few
simple concepts which I will be sharing with subscribers.
For those who act right away, I will be giving away some very powerful
bonus items at no cost.
Please register for the course here: http://www64.MyOwnCreditCoach.com
There is absolutely zero risk, and it will definatly give you a leg-up to
make your credit rating soar with eagles.
Again here is the link: http://www00.MyOwnCreditCoach.com
Feel free to share this with a friend but send it today, because I’m not
sure how long I am going to keep the price so low!
Thanks for being open to trying my mini-course and I’ll see you on the
This communications was sent to: (address). We have no desire to send you
information at (address) that is unwanted.
If you want to be excluded from future Afilliate Ventures, SA mailings
please submit a REM0VE ME: http://www11.MyOwnCreditCoach.com/r/
I too received several emails from ‘Michael Matson’ addressed to the unique email address I used to sign up to eMusic, never used anywhere else.. it can only have been distributed (my email address that is, not the spam) by eMusic.com
Today I received one from Karen Peterson, telling me to contact an agent who has US$1.5M waiting for me.. again to the email address I soley used to subscribe to eMusic dot com.
I wrote a letter of complaint to them after I received the first email from Michael Matson on the 26/11/2006, and received no reply. I received three further emails from ‘Michael Matson’ on 01/12/2006, 08/12/2006 and 11/12/2006.
I dislike companies that do not appreciate the concept of data protection, I dislike companies even more for ignoring complaints and trying to ‘sweep it under the carpet’. I would be very interested to locate more people suffering Michael Matson syndrome so we can put our heads together to give eMusic the rude awakening they obviously deserve.
I get spam all the time to an address that only emusic have ever been given. Like Nick Askew, I find it’s mostly advance fee fraud (“419”) spam. Emusic has clearly had a security breach. No reply from them when I reported the problem though, except for a request for a copy of some of the emails; then silence. Perhaps they’d claim as other hacked companies have done, that it could be a dictionary attack. I know I haven’t ever been subjected to a dictionary attack: no-one has ever tried to deliver an email to an address I haven’t given out.
I’ve about six companies leak unique email addresses to spammers, but emusic is much the biggest of these companies. We need laws to require companies to come clean when they let our personal information be stolen.
I found this old blog post of after searching for other people who’ve gotten spam at their emusic-only address. I wanted to find out if there was indeed a pattern… Interestingly, my first UCE just showed up today (more 419 crapola) though I’ve been with emusic for a couple of years now.
I don’t really want lossy 160kbps tunage anyway.
I just started receiving spam on my emusic-only e-mail account.
I don’t think it’s a security breach, or it’s been going on for more than two years??
I think they just sell e-mails to get some money. It’s to be expected from a company whose revenue model seems quite fragile.
Anyway, time to update the virtual user table.