Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog

Hackers attack Epsilon database, phishing spree anticipated

Created: 13 Apr 2011 • Updated: 28 Sep 2012 • 2 comments
Dianne W's picture
0 0 Votes
Login to vote

The email communications firm Epsilon suffered a database hack on March 30. The Epsilon database hack exposed the names and email addresses of millions of consumers at credit card corporations and major retailers. Many major charge card holders are receiving warnings from banks about the breach, which is likely to spawn a spate of spam in the form of phishing emails. Article source - Epsilon database hack exposes millions to phishing attacks by MoneyBlogNewz.

Epsilon clients hit by database hack

There were millions of email addresses and names stolen in the database hack at Epsilon. This could make history with how large it was. Friday, Epsilon declared that customer files were hacked meaning emails and other information at web sites may have been stolen as Epsilon sends over 40 billion marketing emails for 2,500 businesses annually.

At least a dozen companies were impacted. Customers at banks for instance Capital One, Barclays Bank, U.S. Bancorp, Citigroup, J.P. Morgan Chase have to be on the lookout for phishing attacks. Customers who have done business with retailers for instance HSN, Best Buy, TiVo, Walgreens and Kroger have also been exposed. Student email addresses from SAT organization, College Board, might have been stolen as well for about 5,900 universities and colleges.

How to spot a phishing scam

It is likely the stolen names and emails in the Epsilon database hack will be used to target spam. The “phishing scam” could possibly be very effective this time. This is because individuals with actual accounts and information will be targeted. Fake accounts are put together for the phishing emails. Then, the customer is confident to log in so the information can be stolen. The hacker can discover more information on Facebook about a person after a name and email address is found. This will make the email seem real. Phishing scams often ask consumers to update charge card information or urgently warn that if a response isn't really received the account will be closed. Sometimes the phishing con will say the account is compromised. They will say information needs to be updated because of this.

Making history with this breach

There were a limited number of customers which were caught in the Epsilon database hack, the company said. Still, it has yet to be released how many customers and students need to worry about this. Epsilon clients already mentioned were not the only ones at risk. AstraZeneca, Kraft Foods, Hilton Hotels and Verizon Communications might also be at risk. The biggest attack recognized in U.S. history for identity theft is currently the Heartland Payment Systems hack, which the Epsilon database hack may have surpassed. Notorious cyber-criminal Albert Gonzalez was sentenced to 20 years in prison after being convicted of leading a ring of hackers that broke into Heartland Payment Systems and stole more than 40 million payment card numbers.

Articles cited

Associated Press
finance.yahoo.com/news/Banks-creditcard-issuers-warn-apf-754015157.html?x=0&sec=topStories&pos=main&asset=&ccode=

MSN Money

money.msn.com/identity-theft/news.aspx?feed=OBR&date=20110403&id=13261200

Computer world

computerworld.com/s/article/print/9215443/Update_Bank_customers_warned_after_breach_at_Epsilon_marketing_firm?taxonomyName=Security&taxonomyId=17

<p>Microsoft</p>

<p>microsoft.com/security/online-privacy/phishing-symptoms.aspx</p>

Comments 2 CommentsJump to latest comment

Jimmi holes's picture

Phishing packets efftect the overall performance of internet while they are great in numbers. Internet is a place for every nation. Several nations try to get over the control over the internet so they can access data of everyone. Most of people are hit by the hackers because they don't have any idea that stolen data how can damage the things. Inforamtion that how they can be protected is easily available on internet so its time to take look. 

+7
Login to vote
NormanSwe's picture

Nice article. I am glad you recommend using a password manager. I can recommend Sticky Password manager (http://www.stickypassword.com) as I use it for couple years and I am very satisfied. It is pretty sad that many internet users are not considering their online identity as vulnerable and think they can use one password for all their accounts.

0
Login to vote