New ask Hacker News story: Xfinity Data breach detected through email alias service
Xfinity Data breach detected through email alias service
2 by encryptluks2 | 2 comments on Hacker News.
This is a warning to Xfinity customers. Today, I got a sophisticated spam email to an email address that was only ever provided to Xfinity. Note I am no longer an Xfinity customer since a few months ago, but my account still exists with Xfinity. I am using SimpleLogin to generate unique email addresses for every service that I signup for. Due to the way SimpleLogin forwards emails, I only have limited email header information. The email appears to be an invoice from Quickbooks for Norton AntiVirus suggesting I have a balance due of 256.89 for 5 copies of AntiVirus. The phone number provided, 1 (850) 806-2408, has a live person answer when called immediately suggested that I provide my credit card to cancel the order. The email appears to have been sent from Teamnort@saless.cc. Interestingly enough when trying a WHOIS on saless.cc it appears the domain is not registered. However, according to this article the TLDs have been hijacked before: https://ift.tt/2LzVTwu I immediately tried calling Xfinity to explain the issue to their security team, but their entry-level employees couldn't understand the issue. I did some searches and appears that other Xfinity customers have experienced similar phishing emails. In this instance, the only way someone could have gotten that email is if an Xfinity employee is leaking emails or there has been a data breach with customer emails. This email was updated in April of 2021, so the breach would have had to occur after that time. The email is unique enough that it wouldn't have been randomly sent, and note this is the first phishing email I've ever received from someone to my 400+ aliases that I'm using currently.
2 by encryptluks2 | 2 comments on Hacker News.
This is a warning to Xfinity customers. Today, I got a sophisticated spam email to an email address that was only ever provided to Xfinity. Note I am no longer an Xfinity customer since a few months ago, but my account still exists with Xfinity. I am using SimpleLogin to generate unique email addresses for every service that I signup for. Due to the way SimpleLogin forwards emails, I only have limited email header information. The email appears to be an invoice from Quickbooks for Norton AntiVirus suggesting I have a balance due of 256.89 for 5 copies of AntiVirus. The phone number provided, 1 (850) 806-2408, has a live person answer when called immediately suggested that I provide my credit card to cancel the order. The email appears to have been sent from Teamnort@saless.cc. Interestingly enough when trying a WHOIS on saless.cc it appears the domain is not registered. However, according to this article the TLDs have been hijacked before: https://ift.tt/2LzVTwu I immediately tried calling Xfinity to explain the issue to their security team, but their entry-level employees couldn't understand the issue. I did some searches and appears that other Xfinity customers have experienced similar phishing emails. In this instance, the only way someone could have gotten that email is if an Xfinity employee is leaking emails or there has been a data breach with customer emails. This email was updated in April of 2021, so the breach would have had to occur after that time. The email is unique enough that it wouldn't have been randomly sent, and note this is the first phishing email I've ever received from someone to my 400+ aliases that I'm using currently.
Comments
Post a Comment