07.31.07
Further acunetix update
I have receive a couple of emails and one post to this site from someone at Acunetix on this matter.
Although he denies that the company or it’s employees send spam or sell email addresses to spammers, the question still remains as to how the email address uniquely used on their site received spam.
It certainly wasn’t as the result of a brute force scan for guessable email addresses, as my mail server responds the same to both valid and invalid addresses, and there were no server logs indicating attempts to send spams to other common names.
It is unlikely that acunetix monitor the actions of their staff 24/7, so there is still a chance a rogue employee sold/leaked email addresses without the company as a whole knowing, similarly there is always the chance of one or more of their servers, or those of their isp being compromised.
So, i ask other people who have signed up to acunetix.com some time ago if they have started receiving spam on the address they used.
Many people use unique email addresses for such signups, but often put the company name in the address (as I often do too), however an unscrupulous company would likely filter these. Indeed, i have never received spam through a company where i put their sitename in the signup address.
Dan said,
November 4, 2007 at 6:48 pm
Me too.
I have started getting a fair amount of spam to acunetix.com@MyDomain.com. This isn’t the first time someone has leaked my email address but when I email them they generally own up to getting hacked.
There is a lot of malware available that harvests email addresses. It could be that someone with our addresses on their local computer got infected. Oe they could have gotten hacked. They made some pretty dramatic claims about web security a while back. That might have attracted a black hat or two.
It would be pretty embarrassing to admit that they got hacked themselves, especially if it was through a web vulnerability 🙂
Dan
Martin said,
January 27, 2009 at 1:40 pm
Me three.
The exact same problem. I have a formula for all sites shops-SITENAME@mydomain.com and I am getting spammed like crazy on shops-acunteix.com@mydomain.com
When I contacted Acunetix, they claim it’s impossible, that someone guessed the unique address.
Dan said,
January 2, 2010 at 2:18 am
Me four.
I just ran a quick analysis on over 56,000 spam messages. There were 26 messages to acunetix.com@mydomain.com.
I have been using yourdomain@mydomain.com addresses since 1996. Acunetix is the first company that has leaked my address in years. I think the last leak was 2002.
If Acunetix is denying it, I think they must be dirty.