Eset Selling Email Addresses?

Today I received a hoax email regarding my PayPal account. As every site domain I access and every business I interact with has a unique disposable email address assigned to it, I referenced which site/business had revealed my email address. I was suprised to see nod32.com as the site associated with this address -- the very same address that was used to purchase my Eset Nod32 subscription.

I think it's important to note that I do not use an email program locally; instead I use a paid web-email service (so a worm or email address harvester is unlikely.) I have received less than five spam emails since I've been a member of this email service for the past three years.

I don't want to quickly point fingers or make accusations, but I'm extremely concerned about how this address was acquired -- either by being sold or illegally obtained.

Just for your info, this is the WHOIS data on the IP address of the email that was sent. The email was (IMHO) very well designed, at least from a cosmetic standpoint.

Country: CHINA

Looking up 61.152.219.2 at whois.apnic.net.


% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 61.152.216.0 - 61.152.219.255
netname: SHANGHAI-SONGJIANG-ONLINE
descr: Shanghai SongJiang Telecom Bureau
country: CN
admin-c: ZH72-AP
tech-c: HZ47-AP
mnt-by: MAINT-CHINANET-SH
status: ASSIGNED NON-PORTABLE
changed: ********@mail.online.sh.cn 20010409
changed: **********@apnic.net 20040927
source: APNIC

person: Zheng Haifeng
address: 339 LeDu Road,SongJiang,Shanghai,201600
country: CN
phone: +86-21-67812121
fax-no: +86-21-67812124
e-mail: ***@sj.net.cn
nic-hdl: ZH72-AP
mnt-by: MAINT-CHINANET-SH
changed: ******@online.sh.cn 20000522
source: APNIC

person: Hu Zhiwen
address: 339 South Renmin Road,SongJiang,Shanghai,201600
country: CN
phone: +86-21-57815421
fax-no: +86-21-67812124
e-mail: *******@sj.net.cn
nic-hdl: HZ47-AP
mnt-by: MAINT-CHINANET-SH
changed: ******@online.sh.cn 20000522
source: APNIC

 

While I understand the security measures you have in place, I have no doubt whatsoever that Eset would never sell their own customer email database to anyone, it would be a highly foolish move. More likely that your email address and theirs has been harvested in some form or another and used in the process that you are seeing.

Cheers

 

Thanks for the reply.

I doubt it was harvested because I use a web-email provider, and the email address hasn't been used since September (and then only twice). The address was never publically displayed in any way.

I, too, would hope that it was not sold. But I am still concerned about the level of security Eset has inplace if this type of abuse occurs.

 

Also note that the affected email address was not posted in this, or any other forum, at any time. You're right; that would be looking for trouble.

 

Many spams on my old unused free-web-email address... - spammers are trying random emails (or mails from wordlist)

I must disable (delete) my primary email - becuase i got over 200 spams per day... After half year inactivity i try to enable that account again. And - another 50 spams in ONE DAY. Half year inactive email and it is still on many spam lists :-(

Eset is not mad - they aren't selling emails...

 

Hi Sflorack,

I can assure you Eset does keep all customers' details confidential and does not sell any information to 3rd parties. I presume the thing is you kept the original email from Eset in your mail client and a certain spyware / worm harvested all email addresses and sent it to someone else.

I wonder if you could send the email from Paypal you got along with the email address you used for registration to support@nod32.com with a link to this thread.

 

The email service I use is not Yahoo, and as I said earlier, I have received 5 spam emails in 3-4 years.

The email address that was hoaxed is not a dictionary word, nor a common name. Actually, here is an example of my assigned email addresses:

lg3f5y-tkn49a@mydomain.com

If you think someone randomly guessed this, you give people more credit than I do.

 

I don't use a POP/IMAP mail client such as Thunderbird, Outlook, or Eudora. I use a web-email service (FastMail) that would be unaffected by worms attempting to harvest addresses. I also utilize Nod32 locally, and they have Kaspersky on their mail servers. I have over 300 customized email addresses given out to specific sites/companies, and the one assigned to nod32.com has been the only one ever hoaxed or spammed.

I will be emailing support this afternoon. I'll be sure to let everyone know what they say.

 

There's a good chance that it could have been spoofed off of someone's elses address book or email system.

 

Nah, that is impossible. I know many guys at Eset, and they are good people that will never make things like that. I've a license for 5 computers and many friend has NOD too with his/her licenses and we haven't problems like that. Maybe you've a keylogger or a spyware in your PC.

 

That would be appreciated.

Cheers

 

The topic of this email hits a hot button for me since it is a direct accusation and later in the thread it is learned that this sensitive topic had not been presented to the vendor (ESET) prior to a public posting? I ran a large ISP for many years and these types of postings consume significant corporate resources and set the wrong impression in potential customers minds.

SPAM is a very tough world. I recognize that you believe that you have taken significant measures in an attempt to reduce/eliminate SPAM in your world (don't we all). However, the marketing companies are getting more creative every day and there are several different possibilities including a security breach at your web/email hosting company, packet sniffing (sorry, encryption isn't good enough), router logfile capture, etc. Not to mention the fact that the marketing companies will pull known "words" and repackage them against every email/hosting/IP providers name in hopes of hitting someone real.

Forums such as this are excellent sources of information for making product decisions, sharing ideas, etc. Unfortunately, posting such as this position unnecessary doubt in the minds of potential consumers/customers of reputable vendors such as ESET.

Without a stronger foundation for the accusation, I think it would be appropriate to remove this thread until a resolution is obtained between ESET and the original poster.

OK, I'm off my soap box.

 

I agree. There's a time and place for everything, and this isn't the place, IMO. However, it's similar to the postings in this forum like "NOD32 Misses Viruses Other AV's Detect!"

All in a day's work for ESET, I suppose...

 

The address isn't in anyone's address book as it is an address uniquely assigned to Eset. If it was taken from an email system, it would probably have been Eset's.

 

Let's leave all assumptions as just that, until Eset are given a chance to investigate further.

Thanks

Blackspear.

 

I have also been very thorough in protecting my email address. Recently, I received my first ever phishing email "from" my bank. Although I do not have any evidence that it is related to NOD32/Eset in any way, it is a little bit suspicious.

NOTE: I am not blaming Eset at all, only adding my experiences.

 

This thread has now been closed until further investigations are made by Eset, at which time it will be reopened.

Blackspear.

 

Just a little note...

Then it would be available in the cache of your browser. Many things harvest local html files. Local harvesting is my guess too..