Security Alert: Update on ESP Phishing Attack
As you saw from our blog post yesterday, we have become aware of a serious phishing attack aimed in part specifically at ESPs, some direct mailers, and other sites.
Since the time of our posting and into late evening yesterday we received data from our ESP partners and some clients responding to our post that make us suspect that some of our data within Return Path may have been compromised as part of this same phishing scheme.
We immediately kicked off a formal internal investigation yesterday evening and want to proactively keep the email community informed as to the steps we are taking, to be as transparent in this investigation process as possible.
Our concern at this point is that a fairly small list of our client email addresses (those used to receive system alerts from us) might have been compromised. Even though this is a small list, it is still a serious issue since many of the addresses on the list themselves have downstream access to larger email lists. As a reminder, Return Path does not warehouse large consumer mailing lists or deploy any client email campaigns directly.
The fact that any of our data might have been illegally accessed and used in this malicious way is at the very least appalling and upsetting. We are tackling the problem head-on and will post updates as appropriate with more information as we learn it.
If you suspect that any email addresses that you use in connection with Return Path might have received an email as part of this phishing campaign, please contact Neil Schwartzman – email@example.com Senior Director, Security Strategy immediately. We plan to get back to the email community as information becomes available over the US holiday and over the next few days.
About Matt Blumberg
Matt Blumberg founded Return Path in 1999 because he believed the world needed email to work better. Matt is passionate about enhancing the online relationship between email subscribers and marketers so that both sides of the equation benefit. It is with great pride that he has watched this initial creation grow to a company of more than 400 employees with the market leading brand, innovative products, and the email industry’s most renowned experts. Before Return Path, Matt ran marketing, product management, and the internet group for MovieFone, Inc. (later acquired by AOL). Prior to that he served as an associate with private equity firm General Atlantic Partners and was a consultant with Mercer Management Consulting. He holds a B.A. from Princeton University. You can learn much more about Matt by reading his email marketing and entrepreneurship blog Only Once – one of the first CEO blogs on the Internet. Last year he wrote a book, Startup CEO: A Field Guide to Scaling Up Your Business.