FCP Groton - Customer Emails (and possibly other data) leaked.

[P0234]

So whenever I order from a place, I use a unique email address just for that transaction. I was checking my spam folder and a funny email was in there addressed to the address I used for an order with FCP. I did a quick search of their site and didn't see anything mentioned about a release of personal data. So its one of two things:

- They sold customer email addresses
- Their customer database was compromised

Neither is really better than the other I think, just wanted to let folks know since they didn't.

[Staz]

great !

[FCPGroton]

My name is Max Rossi and I am the Vice President of Sales/Customer Relations at FCP. I saw your post and just wanted to respond and let everyone know that we absolutely under no circumstance at all sell customer data to anyone. I can promise you that this is something we have never done and will never do in the future. This is actually the first and only claim we have been made aware of but I can assure you we will still look into further. If possible can you email me directly at max@fcpgroton.com with your email address so we can look into further for you?

Sincerely,
Max Rossi

[P0234]

I'm curious what you are going to look into? The email I used was fcpg@mydomain.com . As it stands, I now have four emails in my spam bin to that same address. I never used that address anywhere but for F_C_P_G_roton. The first was 12/31/11, so it appears whoever harvested the email list just started using it.

[black99.5a4]

you do understand that bots roll through servers and grab email addresses, regardless if you used them or not. Make a new one and send an email to your other email account... you'll start getting spam. Someone doesn't have to sell your account for your address to get out.

[Seerlah]

FWIW, my hotmail account got hacked to sh*t by spammers who kept sending out emails with my address. That account has thus been deleted and now I use gmail.

[P0234]

you do understand that bots roll through servers and grab email addresses, regardless if you used them or not. Make a new one and send an email to your other email account... you'll start getting spam. Someone doesn't have to sell your account for your address to get out.

I'm sorry, I'm a software engineer, so you'll have to explain that, its a totally new concept to me. How does a bot "roll" through a server? Do you mean attempt to connect to the mail server and try to verify an smtp recipient? If so, you are stuck back in 1996, mail servers don't acknowledge recipients anymore. If you mean rolling through a whole list of addresses by spamming them, then I'd have more email through various iterations of that address, which I don't. Are you proposing a man in the middle attack with FCP? Your theory about sending email back and forth doesn't hold water either. I've used HUNDREDS of unique email addresses for various businesses. Just under a dozen have ended up in the wrong hands. I actually let TD Ameritrade in on their data compromise several years back, because the same thing happened.

I keep a tight lid on my email addresses, and there are two possible ways that someone got my address used with FCP, hacked or sold.

[P0234]

FWIW, my hotmail account got hacked to sh*t by spammers who kept sending out emails with my address. That account has thus been deleted and now I use gmail.

No one needs to even hack your mail to send mail as you. SMTP envelope FROMs can be set to anything. Its just like mailing a regular envelope in the mail, you can put whatever you want as your from address. The issue at hand is how its possible that someone "guessed" my fcpg@mydomain.com address. I've had the domain for over 10 years, no email to that address before I ordered from FCP. Then a few months afterwards, I get email to that unique address.

There are 137,286,762 registered domains. multiply that by the four alpha characters (they' actually use more as well as numbers) and you have a 1 in 786622394025312 chance. Yeah, I was that lucky.

[Slow4]

I sent FCPGroton an email about one of the products, the control arms kit for a B5 S4. I have yet to receive any PMs.....

....its ok though, I ended up buying a new car.

Thanks FCP Groton