# Directv email accounts may be hacked - warning to all Directv users



## Bizarroterl (Oct 20, 2006)

I'm an IT pro. As such I tend to have a slightly more robust setup at home than most users do. Part of my home network is an Exchange (Email) server.

With this I have the ability to create as many email addresses/aliases as I like. To reduce email spam I set up an account for nearly every online contact I have. IE if I buy something from Sears I have an email address that is used only for them, or if I opened a online support case with Denon I have a specific account created and used just for them. If I start getting spam I know who let the address out and I can close the account without going through the hassle one would have if they had only one email account.

One of these accounts I have is with Directv. I have one special email address set up just for them and it isn't used anywhere else. 

Guess what? I'm now getting spam coming to this email address. This means one of two things. Either my server was hacked or Directv was. If my server was hacked I'd be getting spam to all my accounts (or at least a lot of them). I'm not.

This leaves the only answer is that the email database or a PC at Directv has been hacked. This opens some disturbing questions. As someone has hacked into Directv's systems, have they gotten the credit card database too? Getting spam is just annoying, but when your credit card number is stolen it can go beyond just being an inconvenience. 

Keep in mind that I have no indication Directv's database of credit card numbers has been hacked, just email addresses. At best only one PC has been hacked that happened to have my special Directv address on it (unlikely but possible). However if they're lax enough to allow one PC to be compromised, then more undoubtedly are.

So, this may explain part of the spam you're getting.

As for credit card info you should check your credit card statements closely for unknown charges and run a credit check regularly (freecreditreport.com). You've been warned.


----------



## Diana C (Mar 30, 2007)

It also possible that Directv sold their email list. Using Occam's Razor, that is the most likely explanation.


----------



## RobertE (Jun 10, 2006)

Another explanation is that the spammers are just carpet bombing domains.

I think its fairly safe to put the tinfoil hat away for an another day.


----------



## Xsabresx (Oct 8, 2007)

Pretty accusatory title. Surprised a self-professed "IT pro" would immediately default to a hack. I'm NOT an IT pro and I understand how spammers work. I also understand how to set up an email address.


----------



## tigerwillow1 (Jan 26, 2009)

> Pretty accusatory title. Surprised a self-professed "IT pro" would immediately default to a hack. I'm NOT an IT pro and I understand how spammers work. I also understand how to set up an email address.


I thought the point was that an email address known _only_ to DirecTV was getting spammed. I take the statement of professionals credentials only to support the believability of having an email totally dedicated to D*. Having said that, I also agree that there are ways the address could have been obtained other than from the D* database.


----------



## dpeters11 (May 30, 2007)

"Xsabresx" said:


> Pretty accusatory title. Surprised a self-professed "IT pro" would immediately default to a hack. I'm NOT an IT pro and I understand how spammers work. I also understand how to set up an email address.


It follows my own "law" on such things.

Sending spam emails is so cheap and easy (heck, the spammer practically doesn't need an Internet Connection, and bounce backs are cheap, it really isn't surprising.


----------



## RunnerFL (Jan 5, 2006)

tigerwillow1 said:


> I thought the point was that an email address known _only_ to DirecTV was getting spammed.


If you think an email address is known only by one entity I have a bridge for sale you may be interested in.


----------



## spartanstew (Nov 16, 2005)

Within how many threads are you going to try and sell that bridge?


----------



## RunnerFL (Jan 5, 2006)

spartanstew said:


> Within how many threads are you going to try and sell that bridge?


How many times are you going to attack me today? Put me on ignore if you don't like my posts.


----------



## dsw2112 (Jun 13, 2009)

Bizarroterl said:


> ...You've been warned...


While what you say may be true, your argument has faulty reasoning. In an ironic twist it reminds me of the new D* commercials.

Classic "slippery slope" reasoning...


----------



## 1dersky (Oct 9, 2007)

I too have unique e-mail addresses for every business/forum/online presence, and I am NOT seeing any SPAM whatsoever on my DirecTV address.


----------



## carl6 (Nov 16, 2005)

1dersky said:


> I too have unique e-mail addresses for every business/forum/online presence, and I am NOT seeing any SPAM whatsoever on my DirecTV address.


Same here. A couple hundred email addresses, each unique to it's own purpose/application. The one I use for DirecTV has seen no unusual or abnormal posts whatsoever.

When one of my email addresses does start showing spam, I simply shut it off and open a new one. I doubt any have ever been the result of the company being hacked. It's just way too easy to watch internet traffic and intercept something as easy as an email address.


----------



## Laxguy (Dec 2, 2010)

Another explanation is dictionary attacks. Or someone using his computer and sending an email or several using that account.


----------



## adamson (Nov 9, 2007)

I don't buy this story, furthermore all these different e-mail addresses is so not necessary...most do not care about about all the details of how you do things. This site is about Directv...were they hacked I think not.


----------



## bellaireroad (Dec 17, 2011)

My account got hacked today. I signed up less than a month ago. The password was changed. The only way this could have happened is if someone had access to my email. The secret question was changed as well. 

I got an email stating the password had changed.


----------



## NewForceFiveFan (Apr 23, 2010)

OP sounds more like a troll than a pro IT geek. He also seems to be a shill for freecreditreport.com too. How many home networks need exchange servers anyways?


----------



## Bizarroterl (Oct 20, 2006)

As I stated in the initial post, this is a unique address used nowhere else. 

Directv could have sold the address to the black market fake viagra/cialis spammers or maybe they're getting into that business. My personal opinion is that if your believe that go ahead and send a check for that bridge.

It could be a dictionary attack, however why is it that they picked up on a unique name yet failed to get all the other accounts I have active? In the past 10 years only 2 accounts I've used with businesses resulted in spam. The first was sold, as the spam was much more legitimate in nature. The other is Directv.

I won't reply to the troll posts, as it isn't my job in life to educate those that are ensconced in their ignorance.


----------



## nuspieds (Aug 9, 2008)

With a subject line of "Directv email accounts hacked," I was expecting a story about your DirecTV subscriber account information being stolen from DirecTV and used elsewhere for whatever purposes.

But then all this is about is receiving spam via an email address you used for DirecTV. Hello??!! 

Oh brother! What a waste!


----------



## njblackberry (Dec 29, 2007)

From an "IT Pro".


----------



## dualsub2006 (Aug 29, 2007)

The email address that I use with D* isn't unique to them, but I only use it for my utility and entertainment accounts. It isn't self hosted, it's Gmail. There is never more than a spam message or two a month in the spam folder, and Gmail has never let a spam message through to this accounts inbox.

I just checked: zero spam messages. Haven't had a spam message in this account in a few weeks. 

Not questioning your skills or your intelligence, just your assumption that D was hacked.


----------



## Bizarroterl (Oct 20, 2006)

nuspieds said:


> With a subject line of "Directv email accounts hacked," I was expecting a story about your DirecTV subscriber account information being stolen from DirecTV and used elsewhere for whatever purposes.
> 
> But then all this is about is receiving spam via an email address you used for DirecTV. Hello??!!
> 
> Oh brother! What a waste!


I have no control over your expectations.


----------



## Bizarroterl (Oct 20, 2006)

dualsub2006 said:


> The email address that I use with D* isn't unique to them, but I only use it for my utility and entertainment accounts. It isn't self hosted, it's Gmail. There is never more than a spam message or two a month in the spam folder, and Gmail has never let a spam message through to this accounts inbox.
> 
> I just checked: zero spam messages. Haven't had a spam message in this account in a few weeks.
> 
> Not questioning your skills or your intelligence, just your assumption that D was hacked.


Your gmail account is filtered - Google spends a lot of time and money filtering spam addressed to gmail accounts. Do you think that maybe that has something to do with the amount of spam you receive?


----------



## dpeters11 (May 30, 2007)

"NewForceFiveFan" said:


> OP sounds more like a troll than a pro IT geek. He also seems to be a shill for freecreditreport.com too. How many home networks need exchange servers anyways?


That's not all that unusual. It's one way of learning new versions of the software, on a small scale, and not all companies are willing to set up a test environment when they may not upgrade. It's especially good for contractors. And if you are given TechNet, you can easily set it up on a VM.


----------



## Bizarroterl (Oct 20, 2006)

dpeters11 said:


> That's not all that unusual. It's one way of learning new versions of the software, on a small scale, and not all companies are willing to set up a test environment when they may not upgrade. It's especially good for contractors. And if you are given TechNet, you can easily set it up on a VM.


This is true. My home office has several virtual servers set up on an ESX box with a full domain/exchange/linux etc. Not only is it used for scenario testing it's also actively used for office/consulting purposes. Almost everyone that is involved with IT network/systems design will have something set up at home that is similar. If not, then they're probably not doing consulting and have access to a full lab at work.


----------



## harsh (Jun 15, 2003)

It seems inconceivable to me that an IT Pro would install Exchange Server at home.

The key question is whether or not the OP has set up their e-mail preferences correctly with DIRECTV.

A secondary question is whether these e-mails may be "partner" communications.


----------



## dpeters11 (May 30, 2007)

But why not? There isn't necessarily any cost for software for them.


----------



## Simonjester (Jan 8, 2012)

I have a similar setup where I provide a unique email address to each company I do business with, about two weeks ago the email address that I use for D* and NO ONE else was used in a mass spam attach as the return email address. This email address was one that could not have been guessed and it not configured / used in any other system then d*'s online web page. 

So D* either sold my email address or their email database was accessed by a spammer.

The spamming attack took place on a set of servers in France...


----------



## Davenlr (Sep 16, 2006)

While I dont know where they are coming from, since I dont open them, I have seen a lot of spam lately using high ascii characters to substitute for standard ascii characters to slip by spam blockers.


----------



## alnielsen (Dec 31, 2006)

harsh said:


> It seems inconceivable to me that an IT Pro would install Exchange Server at home..


I would do it in a minute, but the Comcast agreement doesn't allow for individuals to allow servers to access the network. I presently have my domain email forwarded to my gmail account.


----------



## Earl Bonovich (Nov 15, 2005)

alnielsen said:


> I would do it in a minute, but the Comcast agreement doesn't allow for individuals to allow servers to access the network. I presently have my domain email forwarded to my gmail account.


Personal Comment; Not DIRECTV.

Why? Why run a server at home... when for about $50 a year, you can purchase a hosting site, that can give you dozens of real email accounts, with unliminted aliases?

I used to run a server in my home, 24x7... had mail servers, ftp servers, webservers on it.... Was costing me almost $50 a month in power.

Purchased a basic plan (www.winhost.com for example)... and now I don't have to worry about my own uptime, issues with my ISP and servers, and so on...


----------



## spartanstew (Nov 16, 2005)

I have 1 work Email, 1 personal Email, and 1 porn site Email.


----------



## ts7 (Nov 1, 2011)

"Earl Bonovich" said:


> Why? Why run a server at home... when for about $50 a year, you can purchase a hosting site, that can give you dozens of real email accounts, with unliminted aliases?


An independent consultant may very well be operating out of a home office. If supporting Exchange is one of their services i would be very surprised if the consultant DIDN'T have their own Exchange server.

While the OP may be jumping to some conclusions, it does raise some degree of concern. Personally I think DirecTV has made their lists available - probably indirectly and without direct knowledge - to spammers. Anyone that believes an email address can be kept private indefinitely is living in a fantasy. I believe any address that is ever used on the Internet eventually falls into the clutches of spammers.


----------



## Earl Bonovich (Nov 15, 2005)

ts7 said:


> An independent consultant may very well be operating out of a home office. If supporting Exchange is one of their services i would be very surprised if the consultant DIDN'T have their own Exchange server.


While I am not an independent consultant.... I would think that would be the absolutely MEGA reason to run it on an external ISP, that would come with a SOA.... Power outage at home? Need to do an upgrade? Hardware failure? Broadband Failure? The services I have at WinHost, give me most of the exchange functions as well (calendar and adress book).

As well as keeping my costs much lower (Since shutting down my home server this past summer... I have already reduced my electric bill by an average of $50 a month...


----------



## csgo (Oct 15, 2006)

If you read the DirecTV Privacy Policy they clearly say they share customer information with third parties, including advertisers, unless you specifically opt out. Even if you opt out they claim they will still use your information for "legitimate business purposes" (whatever that is, and I guess if you don't opt out that means they can use your information for illegitimate business purposes as well).

DirecTV is a whore that will sell as much information as they can collect about you.


----------



## dualsub2006 (Aug 29, 2007)

"Bizarroterl" said:


> Your gmail account is filtered - Google spends a lot of time and money filtering spam addressed to gmail accounts. Do you think that maybe that has something to do with the amount of spam you receive?


Sure does not. The Gmail account that I use for forum memberships and Craigslist gets hundreds of spam messages a day. Hundreds. Every single one caught by the spam filter.

Both accounts are about the same age.


----------



## bpjones (Jul 6, 2008)

Bizarroterl said:


> I won't reply to the troll posts, as it isn't my job in life to educate those that are ensconced in their ignorance.


Isn't that precisely what an _IT Pro_ does for a living?

I think many valid points were raised about this *possibility* being a result of directv selling customer contact info. How about being humble enough to admit that as a valid reason for the behavior you noticed?


----------



## bpjones (Jul 6, 2008)

To the other IT minded folks here on this thread, I too have been down the path of hosting a home server farm. Like Earl said, it's expensive to do so. I've also paid for a dedicated hosting package giving me various levels of control deepening on the size of environment. 

Having been down this path, I can now advise folks to eschew this solution and to use Amazon's EC2 capabilities instead. It allows for complete control over an entire network of your own design and constitution all the while you only pay for what you use. Using this service, I've been able o reduce my monthly costs to a couple of dollars per month. 

This would be the perfect solution for the gentleman who wants to run Exchange, but doesn't want to violate his Comcast EULA. 

Just my 2 cents. I'm just disappointed to be sharing them in such an ill-titled thread.


----------



## ATARI (May 10, 2007)

bpjones said:


> To the other IT minded folks here on this thread, I too have been down the path of hosting a home server farm. Like Earl said, it's expensive to do so. I've also paid for a dedicated hosting package giving me various levels of control deepening on the size of environment.
> 
> Having been down this path, I can now advise folks to eschew this solution and to use Amazon's EC2 capabilities instead. It allows for complete control over an entire network of your own design and constitution all the while you only pay for what you use. Using this service, I've been able o reduce my monthly costs to a couple of dollars per month.
> 
> ...


I'll second Amazon's EC2 service. Been using it for almost 9 months now. Very pleased with the service and the price.

Disclaimer: I do not work for Amazon, nor do I own stock in Amazon.


----------



## qcarm (Jan 1, 2012)

I assume you have done these?


----------



## Bizarroterl (Oct 20, 2006)

bpjones said:


> Isn't that precisely what an _IT Pro_ does for a living?
> 
> I think many valid points were raised about this *possibility* being a result of directv selling customer contact info. How about being humble enough to admit that as a valid reason for the behavior you noticed?


If you read my posts you'll see that I did state that Directv could be selling the addresses, but if they are they're selling them to the black market viagra/cialis spammers as those are they type of emails I was getting (that account is now closed).


----------



## Bizarroterl (Oct 20, 2006)

bpjones said:


> This would be the perfect solution for the gentleman who wants to run Exchange, but doesn't want to violate his Comcast EULA.


You're not in violation of the Comcast EULA if you have a business account.


----------



## Bizarroterl (Oct 20, 2006)

qcarm said:


> I assume you have done these?


No need. The Directv email address I was using has been retired. I now have a new one. Let's see how long that one works before I start getting spam again.


----------



## Bizarroterl (Oct 20, 2006)

Earl Bonovich said:


> While I am not an independent consultant.... I would think that would be the absolutely MEGA reason to run it on an external ISP, that would come with a SOA.... Power outage at home? Need to do an upgrade? Hardware failure? Broadband Failure? The services I have at WinHost, give me most of the exchange functions as well (calendar and adress book).
> 
> As well as keeping my costs much lower (Since shutting down my home server this past summer... I have already reduced my electric bill by an average of $50 a month...


Very valid thoughts. For me, my ISP connection has been ultra reliable and power outages are extremely rare (and short duration ones are covered with a UPS). Hardware failure is always a possibility (as an IT Pro I understand doing backups).

As for power, I constructed the server (ESXi) with power efficiency in mind. Yes, it's a compromise but not really that important to me. With a 4.5KW solar array on the roof my power bills are really for the utility connect (~$5/month w/~$180 year end true up).

Using Amazon/Winhost/etc is a very valid solution for many. With remote hosting or internal servers there are advantages and disadvantages to each. In my case internal is a better solution.


----------



## Drew2k (Aug 16, 2006)

I don't know how I missed this thread with such a provocative and alarmist thread title, claiming that DIRECTV email accounts were hacked, but after reading the thread I see no indication that anyone hacked DIRECTV email accounts. I would love to see an edit to the thread title ...


----------



## SPACEMAKER (Dec 11, 2007)

spartanstew said:


> I have 1 work Email, 1 personal Email, and 1 porn site Email.


That's all one should need.

Of course I have a Gmail because of Android.


----------



## camattin (Feb 6, 2003)

dualsub2006 said:


> Sure does not. The Gmail account that I use for forum memberships and Craigslist gets hundreds of spam messages a day. Hundreds. Every single one caught by the spam filter.
> 
> Both accounts are about the same age.


I echo this statement. While gmail does a fair job of making sure spam messages don't go to the inbox, they do not ever delete a message that they think is spam. This is one feature that gmail lacks and really needs to implement as I'm tired of having to create filters to delete the spam.

Personally I'm getting about 300 spam messages a day to my spam folder. 99.9% of these should be able to be auto-pruned by any reliable spam filter and just drop off into /dev/null.


----------



## ffemtreed (Jan 30, 2008)

harsh said:


> It seems inconceivable to me that an IT Pro would install Exchange Server at home.
> 
> The key question is whether or not the OP has set up their e-mail preferences correctly with DIRECTV.
> 
> A secondary question is whether these e-mails may be "partner" communications.


I am an I.T. pro and i have 2 exchange servers setup at my house.

The reason being is I like to play with things and test stuff. I would never play with a real production server, but my home exchange server is game for anything. I sometimes intentionally break it as well to see if I can fix or what data is lost.

Its how we I.T. people learn.


----------



## harsh (Jun 15, 2003)

ffemtreed said:


> I sometimes intentionally break it as well to see if I can fix or what data is lost.
> 
> Its how we I.T. people learn.


That's the Monte Carlo method. The other is to use thoughtful scientific and engineering approaches along with tried and true MTAs that don't consume our every waking moment (and malware checking CPU cycle) waiting for the next issue to be identified and deliberated.

Hoping for a quick and decisive end to TNEF e-mails in the wild!


----------



## dirtyblueshirt (Dec 7, 2008)

RobertE said:


> Another explanation is that the spammers are just carpet bombing domains.
> 
> I think its fairly safe to put the tinfoil hat away for an another day.


This. And working in intrusion analysis, it's the most common out there, next to address sales.


----------



## mjkuwp94 (Jan 16, 2012)

I agree with the OP


Bizarroterl

and

Simonjester


I took, have the 100% unique email address for DirecTV and different unique ones with many other companies - many dozens who seem to have kept my information secure. 

My spam filters are turned off because I want to see what comes through. I get exactly 0 spams using this method over the past many years until Jan 4 when two Spams showed up on the email used with DirecTV and then two more in the last couple of weeks.

I had a similar issue with Walgreens last year and soon after that Walgreens sent a bulk email essentially confessing there had been a problem. I of course changed email addresses for them and that put an end to that spam.

I haven't gotten around to shutting off the email address with DirecTV yet but I will.... and DirecTV gets a thumbs down from me.


----------



## spartanstew (Nov 16, 2005)

SPACEMAKER said:


> That's all one should need.
> 
> Of course I have a Gmail because of Android.


All of mine are Gmail, even work.


----------



## sigma1914 (Sep 5, 2006)

What's the big deal about getting spam? I just click delete or spam. I think it's funny people take that much time to have an email for every company and site. I don't care who has my addresses...it's not like I'm dumb enough to fall for the phishing.


----------



## Diana C (Mar 30, 2007)

Bizarroterl said:


> If you read my posts you'll see that I did state that Directv could be selling the addresses, but if they are they're selling them to the black market viagra/cialis spammers as those are they type of emails I was getting (that account is now closed).


DirecTV may have sold the email list to a "legitimate" partner, but who did they sell it to? And so on and so on and so on.

I don't have my own mail server, but I DO have personal and "merchant" email addresses. I only give my personal address to friends and family, while using the other address for all web based transactions. I periodically kill the merchant address and create a new one.

As any "IT pro" will tell you, harvesting email adresses from the internet is pretty easy.


----------



## LameLefty (Sep 29, 2006)

sigma1914 said:


> What's the big deal about getting spam? I just click delete or spam. I think it's funny people take that much time to have an email for every company and site. I don't care who has my addresses...it's not like I'm dumb enough to fall for the phishing.


This. :up:


----------



## Drew2k (Aug 16, 2006)

Spam doesn't bother me. I use Yahoo Mail for the majority of my email and I get maybe 10 spam messages a day. That's it. It's so easy to ignore or review and I've never missed anything important.


----------



## mjkuwp94 (Jan 16, 2012)

sigma1914 said:


> What's the big deal about getting spam?


The biggest motivation I had for set up the unique email addresses (not so hard with Yahoo) is that I will know when a company has been compromised. This will allow me to protect myself by watching my credit and furthermore to notify the company and hopefully motivate them to be more careful in the future. I can also punish them as required by halting business with them and notifying forums, etc.

After all many of these companies also have my home phone, address and more...

Overall I have been surprised at the lack of problems - just DirecTV and Walgreens...and one other small retailer sold my email address to a politician....apparently.


----------



## goober22 (Sep 8, 2004)

spartanstew said:


> I have 1 work Email, 1 personal Email, and 1 porn site Email.


prOn... 

Been then, done that!


----------



## mreposter (Jul 29, 2006)

If Directv's servers had been hacked, I believe it has a legal responsibility under data protection and privacy laws to notify it's customers. This weekend's hacking of Zappos customer data is one such example.


----------



## Justin85 (Jun 16, 2010)

Earl Bonovich said:


> I used to run a server in my home, 24x7... had mail servers, ftp servers, webservers on it.... Was costing me almost $50 a month in power.


Wait a second.... a SINGLE computer was costing you $50/mo in electricity?

Did it look anything like this?


----------



## Diana C (Mar 30, 2007)

You have obviously been in Earl's den!!!


----------



## Bizarroterl (Oct 20, 2006)

Titan25 said:


> As any "IT pro" will tell you, harvesting email adresses from the internet is pretty easy.


Harvesting email addresses from most regular users is easy. They do dumb things. "Wow, an email from the president, I'll click on the attachment!" "Wow, a web site that sells Rolex watches for $20, I'll click on that link!".

Properly run business networks are a different story. Any business with a properly set up and managed network has multiple layers of defense, way beyond what most home users have available. Any email you receive has been heavily filtered and even if you get a bad attachment/link/etc the controls set up on the network/PC/etc greatly reduce the chances of system(s) being compromised.

If a business network is leaking email addresses that is indicative of deep security problems that can go way beyond the minor inconvenience of a few spam messages. Any "IT Pro" understands this.

This thread was started to warn Directv customers that customer data (email addresses) appears to have been compromised. Other posters have confirmed this. The most important part of the original post was not that you may get some spam; it's that some of your more sensitive data (specifically credit card numbers) may be at risk.

Some choose to ignore warnings, and that is their right. Why they would do so is perplexing to me, but I'm not their mom. Some will read what was written here and understand that they need to be aware that Directv is one place where they need to be a little more vigilant.


----------



## Bizarroterl (Oct 20, 2006)

mreposter said:


> If Directv's servers had been hacked, I believe it has a legal responsibility under data protection and privacy laws to notify it's customers. This weekend's hacking of Zappos customer data is one such example.


Sadly, the reality is that many company networks get hacked and rarely does this become known outside of a few company insiders.


----------



## Laxguy (Dec 2, 2010)

mjkuwp94 said:


> The biggest motivation I had for set up the unique email addresses (not so hard with Yahoo) is that I will know when a company has been compromised. This will allow me to protect myself by watching my credit and furthermore to notify the company and hopefully motivate them to be more careful in the future. I can also punish them as required by halting business with them and notifying forums, etc.
> 
> After all many of these companies also have my home phone, address and more...
> 
> Overall I have been surprised at the lack of problems - just DirecTV and Walgreens...and one other small retailer sold my email address to a politician....apparently.


While such diligence is admirable, you could be punishing the wrong people if you make assumptions that rule out dictionary attacks or other ways an e-mail might have been generated.


----------



## Lord Vader (Sep 20, 2004)

spartanstew said:


> Within how many threads are you going to try and sell that bridge?





RunnerFL said:


> How many times are you going to attack me today? Put me on ignore if you don't like my posts.


Gentlemen, play nice now. :cuttle:


----------



## mjkuwp94 (Jan 16, 2012)

Bizarroterl said:


> ...This thread was started to warn Directv customers that customer data (email addresses) appears to have been compromised. Other posters have confirmed this. The most important part of the original post was not that you may get some spam; it's that some of your more sensitive data (specifically credit card numbers) may be at risk.
> 
> [....]
> 
> Some will read what was written here and understand that they need to be aware that Directv is one place where they need to be a little more vigilant.


Agree 100%

Thank you very much, Bizarroterl for starting this thread.

I have just emailed my concerns to [email protected]

I realize this action may not be 100% on target since the SPAM email was not directly a phishing attack in that it did not pretend to be from DirecTV. However, I didn't know where else to send the message. I encourage others in my situation to do the same or call them if you have the time to spare or waste.


----------



## TBlazer07 (Feb 5, 2009)

camattin said:


> I echo this statement. While gmail does a fair job of making sure spam messages don't go to the inbox, they do not ever delete a message that they think is spam. This is one feature that gmail lacks and really needs to implement as I'm tired of having to create filters to delete the spam.


 Some folks are overly anal about spam especially in ones personal mail. Seriously. You really need to create a filter for each spam message that ends up in the SPAM folder that you don't see anyway?

Aside from that Gmail does delete spam messages automatically after 30 days. I like that idea because occasionally I get an email for some sort of promotion or coupon and it had gone to spam. When I hear about it I am able to easily retrieve it. No anti-spam system is 100% perfect.

This is in the GMAIL spam folder page right above the list of messaage:
"messages that have been in Spam more than 30 days will be automatically deleted"


----------



## Diana C (Mar 30, 2007)

Bizarroterl said:


> ...If a business network is leaking email addresses that is indicative of deep security problems that can go way beyond the minor inconvenience of a few spam messages. Any "IT Pro" understands this...


You are quite correct, and this "IT Pro" agrees with you. However, when one receives a spam email from an email address that is shared with a vendor that CLEARLY STATES they will sell your email address, it is a bit of a large leap to declare that evidence of a breach.

For amusement, back when this thread was 1 page long, I set up a mailbox to receive all email sent to my personal email domain where the user portion of the address was invalid (i.e., not one of the 4 or 5 valid email addresses I have set up in that domain) and turned off spam filtering for that mailbox. So far, it has received 278 emails. These are addresses that NO ONE has EVER used anywhere. Sooner or later EVERY email address, no matter how carefully protected, will get spam email.


----------



## LameLefty (Sep 29, 2006)

Titan25 said:


> For amusement, back when this thread was 1 page long, I set up a mailbox to receive all email sent to my personal email domain where the user portion of the address was invalid (i.e., not one of the 4 or 5 valid email addresses I have set up in that domain) and turned off spam filtering for that mailbox. So far, it has received 278 emails. These are addresses that NO ONE has EVER used anywhere. Sooner or later EVERY email address, no matter how carefully protected, will get spam email.


But . . . but . . . but . . . that's too common-sensical! Where's the panic-inducing, foaming-at-the-mouth alarmism? The claim of a security intrusion is just too sexy to ignore in favor of something so mundane and more likely!!! :lol:


----------



## dpeters11 (May 30, 2007)

Maybe DirecTV and Zappo's shares server space 

I'm a customer of both and know that Zappo's was hacked, but I'm not changing anything knowing that fact. Well, except for one password that is.


----------



## Bizarroterl (Oct 20, 2006)

I fully understand that dictionary attacks and the selling of email lists are possible vectors. Let's look at the evidence of a possible hacking of one or more of Directv's systems:

1. The email address I used is unique to Directv and not used elsewhere.
2. The address could possibly be discovered in a determined long term dictionary attack.
3. Of the 100+ unique accounts I have defined for businesses, only this one is receiving spam.
4. The email received to the Directv email address consisted of black market viagra/cialis spam. No other spam was received.

Under these facts I really don't see how any other explanation is likely. Yes, all things are possible and thus we don't know for 100% sure they're been hacked. You could win the lottery.

Let's look closer at the possible selling of email addresses.

Would Directv sell addresses to the highest or any bidder? I have seen where a company has sold addresses and spam starts. That spam however is much more legitimate in nature. If I were to start getting spam from HBO using the Directv address I would know that my address was sold. If I got lonely russian girls spam to that address along with HBO spam I would know that either Directv sold it to one or all or Directv and/or HBO was hacked. Or that HBO in turn sold the address, etc. Basically under those conditions there are too many "ifs" to point a finger. I don't believe Directv would sell addresses to black market pharma, but I could be wrong. If they did, then that explains the spam I got.


----------



## Reggie3 (Feb 20, 2006)

RobertE said:


> Another explanation is that the spammers are just carpet bombing domains.
> 
> I think its fairly safe to put the tinfoil hat away for an another day.


I agree this is probably what was done


----------



## Mike Bertelson (Jan 24, 2007)

Bizarroterl said:


> If you read my posts you'll see that I did state that Directv could be selling the addresses, but if they are they're selling them to the black market viagra/cialis spammers as those are they type of emails I was getting (that account is now closed).


To reiterate and consolidate what others have posted, DIRECTV clearly states in section III of their Privacy Policy (Link) that they do share customer information with other parties but "_require them to adhere to this_ [DIRECTV's] _Privacy Policy_".

It could have been any one of the other links in that chain that caused the spam on your email address.

It seems to me that your logic is incomplete and unless you have some proof I don't think you can definitively say it's DIRECTV that's at fault.

Mike


----------



## Drew2k (Aug 16, 2006)

Occam's razor points to the "carpet bombing" of email domains as the culprit. But I'm not a conspiracy theorist ...


----------



## camattin (Feb 6, 2003)

dualsub2006 said:


> Sure does not. The Gmail account that I use for forum memberships and Craigslist gets hundreds of spam messages a day. Hundreds. Every single one caught by the spam filter.
> 
> Both accounts are about the same age.





TBlazer07 said:


> Some folks are overly anal about spam especially in ones personal mail. Seriously. You really need to create a filter for each spam message that ends up in the SPAM folder that you don't see anyway?
> 
> Aside from that Gmail does delete spam messages automatically after 30 days. I like that idea because occasionally I get an email for some sort of promotion or coupon and it had gone to spam. When I hear about it I am able to easily retrieve it. No anti-spam system is 100% perfect.
> 
> ...


No, that's the problem with gmail, I do have to check on my spam folder almost daily. While it is rare, there has been more than one occasion where gmail delivered a legitimate email to the spam folder. When those happen, I make sure to add the email address to my address book (which appears to tell gmail to never mark mail from that sender as spam).

So, yeah, since I get 200+ spams a day in that folder, it's a pain to deal with. Creating the filters to actually delete some of the prevailing spams helps make it easier to parse through those messages looking for the ones that were incorrectly flagged.


----------



## James Long (Apr 17, 2003)

I only have 21 domains with the oldest being first registered in 1995 (when domains were free for the asking). 17 years of spam, much of it to addresses that don't even exist. (Well, not 17 years of spam ... the Internet was relatively spam free in 1995. But certainly 17 years of having at least one domain's worth of addresses to receive.)

I had an employer who insisted on using a "catch all" account out of the fear that someone would send an important message to the business and misspell an email address. He actually went through the emails ... and several times a week I'd have to point him to Snopes to contradict something he received on an address that didn't exist.

If one looks at their server logs for invalid address attempts or sets up a catchall on a domain they will see the amount of random spam sent to addresses that never existed - in DirecTV's or anyone else's database. And yes, that would apply to addresses such as [email protected] .

If the spam was the usual total garbage money laundering or compromised account give us your bank details or buy Rolexes or other products it was most likely a lucky hit on the address. See your mail logs for other attempts. If it was a legitimate offer (whether or not you appreciated it) for something real then it could have been a sold name.

If DirecTV's accounts were really hacked there would be the usual required disclosure. There hasn't been. Perhaps DirecTV's silence on the matter is just further proof that it happened, but if it is perhaps the whole idea needs to be better thought out.


----------



## HarleyD (Aug 31, 2006)

IT pro's know how things work when they work.

IT troubleshooters know how to find the failure when things don't work or go wrong.

While all troubleshooters are IT pros, not all IT pros are good or even adequate troubleshooters. Troubleshooting is a special skill set and some of the most talented developers and specialists I have know couldn't troubleshoot a flat tire.

Some of the troubleshooting reasoning exhibited in this thread could lead one to believe they would wake up in a ditch if they didn't drop cable.


----------



## RobertE (Jun 10, 2006)

This thread title is misleading and does a disservice to the community.


----------



## Justin85 (Jun 16, 2010)

LameLefty said:


> But . . . but . . . but . . . that's too common-sensical! Where's the panic-inducing, foaming-at-the-mouth alarmism? The claim of a security intrusion is just too sexy to ignore in favor of something so mundane and more likely!!! :lol:


Human sacrifice, dogs and cats living together... mass hysteria!


----------



## ATARI (May 10, 2007)

Justin85 said:


> Human sacrifice, dogs and cats living together... mass hysteria!


Try to imagine all life as you know it stopping instantaneously and every molecule in your body exploding at the speed of light.


----------



## Mike Greer (Jan 20, 2004)

Bizarroterl - I'm sure that you had the best of intensions but your posting is really only going to bring out the DirecTV defenders. If you had absolute proof that DirecTV was hacked you would still be unable to convince the true believers here. If your post was titled something like 'Could DirecTV have somehow exposed email addresses to spammers?' you would draw less fire from the DirecTV fan base... Maybe...

This site has a wealth of excellent information and most of the regulars are here to help but sadly there are some that will not or cannot accept that DirecTV is anything but perfect in everything they do.

Did DirecTV have some kind of issue with exposing email addresses? Maybe. Depending on how cryptic the email address you were using was your experience could indicate something happened. 'Carpet Bombing' a domain is a very effective way to spam typical email addresses but very ineffective for cryptic addresses like [email protected].

It's never a bad idea to regularly change passwords and to not use the same password in multiple places. Sure it's a pain but things like this should remind everyone to always be suspicious of email and to change passwords regularly.


----------



## dpeters11 (May 30, 2007)

Except that the simple substitution like that is very common substitution, basic leet speak.


----------



## -Draino- (May 19, 2008)

Bizarroterl said:


> I fully understand that dictionary attacks and the selling of email lists are possible vectors. Let's look at the evidence of a possible hacking of one or more of Directv's systems:
> 
> 1. The email address I used is unique to Directv and not used elsewhere.
> 2. The address could possibly be discovered in a determined long term dictionary attack.
> ...


I have been in the IT field for over 20 years with a ton of Microsoft Certs, including MCT. These certs come with real world experience and years of teaching at a local community college as well as working in the field serving many clients with exchange servers.

With that said, it pains me to say this, but....I would be very leery of an "IT PRO" having 100+ email accounts. You also state that you use an exchange server at home. I have seen many people in the IT field have these types of elaborate setups to impress family and friends; I have never been impressed by any of it. When I see this type of thing my first impression is that it's all for show and nothing more. It's more of "hey look at me and look how smart I am" Don't get me wrong here, I am not saying you are not smart, just that what you have is not impressive, but more importantly, brings me to question if you know how spam mail works and how it ends up in your inbox.

Between your first post and the one I am responding to you have admitted that there are too many ifs to really nail it down. It is unlikely DTV sold anything and it is unlikely that their email address database was hacked, not impossible, but unlikely.

Your initial post is misleading and to make a claim like that would suggest to me that you may need a few more years of experience and you may not be as knowledgeable as you think.


----------



## Stuart Sweet (Jun 19, 2006)

Ladies and gentlemen, 

the original thrust of the thread is a warning to be delivered. Such a warning has been delivered. Rather than question the integrity of the thread starter any further, I'm going to close this thread. 

In general I don't like closing threads but this one has gotten my attention and I am choosing to err on the side of caution.


----------

