[LINK] RFI: Gumtree Security Breach?

Christian Heinrich christian.heinrich at cmlh.id.au
Sat Apr 30 06:59:29 AEST 2016 

Roger,

The PII has not been published on Pastebin et al yet.

In addition to https://haveibeenpwned.com/account/rawsclarke@xamax.com.au,
you can enter your e-mail address on:

https://hacked-emails.com/
https://breachalarm.com/
https://pwnedlist.com/ (down for maintence at the moment)

LeakDB from Abusix was shut down at the end of January 2016.

On Fri, Apr 29, 2016 at 3:50 PM, Roger Clarke <Roger.Clarke at xamax.com.au> wrote:
> Anyone have the low-down on this?
>
> I see nothing obvious in the email to suggest it's a spoof, a competitor's attempt to harm reputation, or a phish.
>
> _______________________________________
>
> From: "Gumtree Australia" <<mailto:email at news.gumtree.com.au>email at news.gumtree.com.au>
> Date: 29 April 2016 5:00:59 GMT+2
> To: <mailto:rawsclarke at xamax.com.au>
> Subject: Important message about your customer information
> Reply-To: <mailto:GumtreeAustralia.6mtv0gchv3.d52k at news.gumtree.com.au>GumtreeAustralia.6mtv0gchv3.d52k at news.gumtree.com.au
>
> We are writing to let you know that some of your Gumtree account information was compromised in a security attack last weekend. The attackers accessed your email address. Contact names and phone numbers, which are made publicly available on the site if provided, were also accessed.
>
> Your Gumtree account password was not accessed. Payment details were also not compromised; we don't store any payment information on our site.
>
> We resolved the isolated attack within minutes of discovering it and since then we've taken extra steps to protect your information.
>
> We encourage you to follow the tips below to help protect yourself from scam and phishing attempts:
>
> 1.      Watch out for phishing scams: Phishing scammers use fraudulent emails or SMS to trick users to access fake websites or share personal information in the hope of accessing private account or login information. You can find more information about phishing scams <http://l.news.gumtree.com.au/u.d?CYGucWZBCzyt0L87IZ19u=721&utm_2source=tactical&utm_2medium=email&utm_2campaign=notification_2april>here.
>
> 2.      Keep your account details secure: Choose usernames and passwords carefully and don't use the same sign-in information for more than one online account.
>
> 3.      Spotting a fake email: Fake emails can include a company logo and will usually ask you to reply to the message with confidential information or ask you to change a password. They may even include an attachment. Gumtree will never send you a link to change your password unless you click the 'Forgot your password' option on the site.
>
> 4.      Reporting fake emails: Please report suspicious emails which you don't think are from Gumtree. Simply forward to <mailto:spoof at gumtree.com.au>spoof at gumtree.com.au so we can investigate and de-activate any fake site links. Do not click on links or take any other action requested in those suspicious emails.
>
> The safety of our community remains our number one priority and we apologise that you've been affected by this. For more information about staying safe online, visit Gumtree's <http://l.news.gumtree.com.au/u.d?d4GucWZBCzyt0L87IZ19r=731&utm_2source=tactical&utm_2medium=email&utm_2campaign=notification_2april>Scam Security Centre.
>
> If you have any queries about this email, please contact us <http://l.news.gumtree.com.au/u.d?a4GucWZBCzyt0L87IZ190=741&utm_2source=tactical&utm_2medium=email&utm_2campaign=notification_2april>here.
>
> Sincerely,
>
> Gumtree Australia
>
> Marktplaats B.V (trading as Gumtree), Wibautstraat 224-2, 1097 Amsterdam, DN, The Netherlands Copyright © 2016 eBay International AG.
>
>
> --
> Roger Clarke                                 http://www.rogerclarke.com/
>
> Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
> Tel: +61 2 6288 6916                        http://about.me/roger.clarke
> mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/
>
> Visiting Professor in the Faculty of Law            University of N.S.W.
> Visiting Professor in Computer Science    Australian National University
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link



-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact

More information about the Link mailing list