# DirecTV's database of email accounts compromised



## invaderzog (Apr 12, 2012)

I saw that there was a closed thread about this.

I can't post the link because I am new, but the thread ID is: 200922

I want to report the same thing. I am also an IT professional who creates unique email addresses on my mail server for various businesses. I stopped being a DirecTV customer years ago and the mailbox didn't get any activity until February. Since then, I have gotten a significant number of virus emails sent to that address.

It seems highly likely that this represents a breach in DirecTV's security.

I'm not sure who or how to report this to DirecTV. Customer Service Agents were (understandably) unable to route my call to corporate IT/security.


----------



## wahooq (Oct 19, 2011)

Dude...seriously? that was like 4 months ago and nothing ever became of it


----------



## invaderzog (Apr 12, 2012)

When you say, "nothing ever came of it", do you mean that attempts were made to contact DirecTV and they ignored it?

I sent an email to their Fraud Division requesting that the email be forwarded to their IT Security group, but I'm mostly expecting to be ignored.

If that's the case, then perhaps it might be time to see if anyone in the media cares.


----------



## dpeters11 (May 30, 2007)

I haven't looked at that thread sine it's closure, but i do remember it. You can certainly try it, but I doubt it. Spam is too mundane and too many other possibilities other than their address list being hacked.

I don't even try to fight spam anymore. If it goes in the spam filter fine. If not, I mark as spam and move on.


----------



## invaderzog (Apr 12, 2012)

dpeters11 said:


> I haven't looked at that thread sine it's closure, but i do remember it. You can certainly try it, but I doubt it. Spam is too mundane and too many other possibilities other than their address list being hacked.
> 
> I don't even try to fight spam anymore. If it goes in the spam filter fine. If not, I mark as spam and move on.


Spam may be mundane, but having your customer database compromised is not. I don't care much about the spam. It is a unique email address and I just shut it off. My personal problem is solved.

Given that we have multiple reports of people who have issued a UNIQUE email address to DirecTV and found that they started to getting non-DirecTV emails there within the last few months (and never before), I think that this is strong evidence.

The simplest explanation is that someone got into the DirecTV.com account database and distributed it earlier this year. I'd challenge anyone to come up with a reasonable alternate explanation for the evidence


----------



## Drew2k (Aug 16, 2006)

I'm sorry you are seeing viruses, but that's not proof that DIRECTV's database was compromised.


----------



## invaderzog (Apr 12, 2012)

Did you miss the part where I created a UNIQUE email address that was only ever given to DirecTV. I never received anything that wasn't from DirecTV until earlier this year. Someone else reported the same thing. Explain that


----------



## Drew2k (Aug 16, 2006)

Didn't miss it. It's still not proof that DIRECTV's database was compromised. It's a very very serious charge but it's not substantiated.


----------



## spartanstew (Nov 16, 2005)

invaderzog said:


> Did you miss the part where I created a UNIQUE email address that was only ever given to DirecTV. I never received anything that wasn't from DirecTV until earlier this year. Someone else reported the same thing. Explain that


I created Email addresses for my sons several years ago, so they would have them when they got older (with their name in them).

Those Email addresses have never been used, but I log on to check them every 6 months or so and there's almost always some spam.

Explain that.


----------



## wallfishman (Dec 31, 2008)

spartanstew said:


> I created Email addresses for my sons several years ago, so they would have them when they got older (with their name in them).
> 
> Those Email addresses have never been used, but I log on to check them every 6 months or so and there's almost always some spam.
> 
> Explain that.


This whole Fng planet has been compromised. maybe its those chinese hackers we keep hearing about


----------



## inf0z (Oct 16, 2011)

invaderzog said:


> I saw that there was a closed thread about this.
> 
> I can't post the link because I am new, but the thread ID is: 200922
> 
> ...


You're ruling out the possibility of some one obtaining your email account(s) through the domain that you set up for all of these email accounts. 
I'm not saying that it's not possible for this to be related to the D* email compromise, I'm just saying there are other possibilities.


----------



## invaderzog (Apr 12, 2012)

I agree it is serious. The evidence is strong enough that it should be investigated. Another related explanation is that a "bad apple" who had access to their email address database (i.e. someone in marketing) sold it off on the black market. This isn't "quite" as bad as having the DB compromised, but the end results are effectively similar.

Just to be clear -- I run my own Exchange 2010 server. It's sitting in front of me. There is no way to get a list of my valid email addresses -- and if someone did compromise my server, it wouldn't be just the DirecTV mailbox and that wouldn't explain the other poster's similar observations.

In any case, this is a consumer discussion board and isn't the appropriate forum. I only started this thread because when a result from it popped as a top result when I started my research. If I don't hear back from DirecTV, I'll take this to a white hat forum.


----------



## invaderzog (Apr 12, 2012)

spartanstew said:


> I created Email addresses for my sons several years ago, so they would have them when they got older (with their name in them).
> 
> Those Email addresses have never been used, but I log on to check them every 6 months or so and there's almost always some spam.
> 
> Explain that.


I expect that those email addresses you created were @gmail.com/etc. What you are describing is rather common actually. While the exact mechanism is not clear to me, the major email providers are regularly compromised/brute forced as they are huge targets.

In my case, this is my own private mail server.


----------



## Hoosier205 (Sep 3, 2007)




----------



## luckydob (Oct 2, 2006)

"invaderzog" said:


> I expect that those email addresses you created were @gmail.com/etc. What you are describing is rather common actually. While the exact mechanism is not clear to me, the major email providers are regularly compromised/brute forced as they are huge targets.
> 
> In my case, this is my own private mail server.


Which is connected to the internet, yes? Which is registered to someone such as godaddy.com? There are two things that could hurt you. Maybe your mail server was hacked and you dont know? Maybe godaddy was compromised? You are only immune if you turn off the internet.


----------



## RunnerFL (Jan 5, 2006)

invaderzog said:


> I agree it is serious. The evidence is strong enough that it should be investigated. Another related explanation is that a "bad apple" who had access to their email address database (i.e. someone in marketing) sold it off on the black market. This isn't "quite" as bad as having the DB compromised, but the end results are effectively similar.
> 
> Just to be clear -- I run my own Exchange 2010 server. It's sitting in front of me. There is no way to get a list of my valid email addresses -- and if someone did compromise my server, it wouldn't be just the DirecTV mailbox and that wouldn't explain the other poster's similar observations.
> 
> In any case, this is a consumer discussion board and isn't the appropriate forum. I only started this thread because when a result from it popped as a top result when I started my research. If I don't hear back from DirecTV, I'll take this to a white hat forum.


It's not serious. If you were actually an "IT Professional" you'd know how spam attacks take place. They don't have to find your email address, they just send out emails to random names, most of which don't even make sense.

Not to mention if you were an "IT Professional" you wouldn't use Exchange.


----------



## RunnerFL (Jan 5, 2006)

invaderzog said:


> In my case, this is my own private mail server.


No matter how private you may think it is, it's not. If someone feels they want to spend their time screwing with you by sending emails to random addresses at your domain they can and will. They don't have to figure anything out or hack anyone's email database.


----------



## dpeters11 (May 30, 2007)

"RunnerFL" said:


> It's not serious. If you were actually an "IT Professional" you'd know how spam attacks take place. They don't have to find your email address, they just send out emails to random names, most of which don't even make sense.
> 
> Not to mention if you were an "IT Professional" you wouldn't use Exchange.


Hey now, at least its not Lotus Notes or Groupwise 

Besides, so many companies use Exchange, it's good to know.


----------



## Hoosier205 (Sep 3, 2007)

dpeters11 said:


> Hey now, at least its not Lotus Notes or Groupwise
> 
> *Besides, so many companies use Exchange, it's good to know.*


Many governments use Exchange as well.


----------



## dpeters11 (May 30, 2007)

True.

And on email, there honestly is no value to hacking an email database. There is no point. Credit card info etc sure. But email addresses are pretty worthless I'd think.


----------



## wilbur_the_goose (Aug 16, 2006)

dpeters11 - you're right, with one exception. Russian spam engines that send ads for corrupt internet pharmacies. Check out Krebs On Security for details.


----------



## dpeters11 (May 30, 2007)

But is there any point to hacking into a system to harvest emails? Just seems like that's doing it the hard way, unless you're going after more than just email addresses.


----------



## mitchinpa (Aug 28, 2007)

There are plenty of programs out there that will send random email to accounts. If the program does not get a failure message from the host domain, it knows it has a valid email address, and those email addresses are then sold. Been going on for years.....


----------



## Chaos (Apr 24, 2002)

Standard dictionary attack. Spammers do it all the time. Nothing to see here.


----------



## harsh (Jun 15, 2003)

Hoosier205 said:


> Many governments use Exchange as well.


And we should all pattern our operations after those used in governments?

There are governments that officially prohibit the use of Microsoft products.


----------



## Mike Greer (Jan 20, 2004)

Geez - who knows what happened - could DirecTV have been hacked? Sure they could. Would any member of the DirecTV fan base acknowledge it if they had? Not a chance!

If DirecTV was hacked and the hacker was caught, confessed to the hack, prosecuted and sent to prison many of DirecTV's fans would still find a way to say it didn't happen or it was somehow no fault of DirecTV.

I personally think that it is more likely the spammers stumbled upon the email addresses being used 'exclusively' for DirecTV but I'm not going to claim I know what happened or imply the OP doesn't know what he is doing.

And of course Microsoft Exchange is horrible! That's why more people use it than any other email system.


----------



## dpeters11 (May 30, 2007)

Mike Greer said:


> Geez - who knows what happened - could DirecTV have been hacked? Sure they could. Would any member of the DirecTV fan base acknowledge it if they had? Not a chance!
> 
> If DirecTV was hacked and the hacker was caught, confessed to the hack, prosecuted and sent to prison many of DirecTV's fans would still find a way to say it didn't happen or it was somehow no fault of DirecTV.


Hypothetically speaking...it could have been a third party company that DirecTV uses to send out email. Wouldn't be all that unusual.

Personally, even if DirecTV themselves was hacked and my email address compromised, it wouldn't be a big deal to me. I wouldn't care even if someone got my online account password as it's useless anywhere else. Some other data they have, different story.


----------



## dirtyblueshirt (Dec 7, 2008)

Given my experience in information security (both what I can and can't talk about)



invaderzog said:


> I saw that there was a closed thread about this.


There's probably a reason for that.



invaderzog said:


> I want to report the same thing. I am also an IT professional who creates unique email addresses on my mail server for various businesses. I stopped being a DirecTV customer years ago and the mailbox didn't get any activity until February. Since then, I have gotten a significant number of virus emails sent to that address.


As others have said; this is not uncommon at all.there are countless ways a 'private' email address can be picked up by a spam list. From dictionary attacks to DNS compromising, there are many ways email addresses can be discovered, and it can happen at any point in the data stream. Have you considered that YOUR servers were compromised and not DirecTV's? There's plenty of ways your servers can be compromised without you knowing. Data exfiltration does not always require a system to be compromised and may not always leave a trace.



invaderzog said:


> It seems highly likely that this represents a breach in DirecTV's security.


Nope. While possible, it's not probable.



invaderzog said:


> I'm not sure who or how to report this to DirecTV. Customer Service Agents were (understandably) unable to route my call to corporate IT/security.


*IF* and only if there was a 'compromise' of DirecTV's servers (and I'm confident in saying the most likely were not), I can guarantee you they already know about it.


----------



## Drew2k (Aug 16, 2006)

Mike Greer said:


> Geez - who knows what happened - could DirecTV have been hacked? Sure they could. *Would any member of the DirecTV fan base acknowledge it if they had? Not a chance!*


Incorrect. I'd have no problem acknowledging it ... but I'd wait to see proof that DIRECTV has been hacked. That could be in the form of communication from DIRECTV to customers, press releases from DIRECTV, and news reports.

If DIRECTV was ever hacked, they'd have a responsibility to report the attack on their email list, and I have no doubt if that happened they'd send messages to the impacted customers and send out press releases, which would lead to the news reports.


----------



## Cornloaf (Sep 3, 2008)

I would like to add that I have also been receiving spam over the last two weeks to the unique email address that I created for DirecTV. I also run my own mail server and I have not seen spam to any other unique email address on my server.

And before someone suggests that my server was compromised, I can state with confidence that my server was not breached. I am a network engineer that works on securing networks at large sporting events around the world, TV/Movie productions, and some of the largest tech conferences. My server is isolated from the Internet and receives relayed mail over a VPN connection from an SMTP server in another location.

I also find it highly unlikely that it was the result of a dictionary attack because the SMTP logs do not show any large numbers of invalid email addresses aside from the repeated [email protected], [email protected], [email protected], and all of the email addresses that were affected by the Epsilon data breach last year.

I was simply looking for a valid email address so I could contact DirecTV in case they have not figured it out on their own.


----------



## coldsteel (Mar 29, 2007)

Could email Filipak...


----------



## inf0z (Oct 16, 2011)

```
csvde -f outputfilename.csv -d “dc=domain,dc=com” -r “(&(mailnickname=*)(proxyAddresses=smtp:*@domain.com))” -l name
```


----------



## blahhalb (Apr 30, 2012)

I too have a scheme where I own a domain name and assign each organization I deal with electronically a unique email address. All email to that domain regardless of to whom it is sent to comes to my mailbox. For example [email protected] and [email protected] both arrive in my mailbox.

Once the emails arrive in my mailbox they are filtered into folders determined by the "to" field. So [email protected] goes to the "foo" folder while [email protected] goes to the "bar" folder.

The concept is that if I receive email from an organization and it does not arrive in the right folder, it is 100% spam. If I receive email from an organization and it arrives in the right folder, there is still a chance that it is spam so I need to make sure it is authentic before opening it / clicking on links in it / replying to it.

While this scheme is not impervious to someone randomly sending an email to one of the email address associated with a folder, it is highly unlikely given the possible combinations of email addresses for a single domain. Lets assume the only valid characters are the 26 letters, 10 digits, ".", and "_" (other characters are but not going there) and one uses an email address of exactly 10 characters long. There are, 38 to power of 10 posible email addresses. That is 6,278,211,847,988,224 (6.2 quadrillion), larger than the US National Debt, possible email addresses.

Note: I do get the constant barrage of spam to [email protected] and [email protected], but of all of the email address that I have assigned to organizations I only get spam to four of them. Three of the four email addresses were unique to organizations that have confirmed they had security breaches. I have been receiving a constant barrage of spam to those email account since the time the organizations were breached. Just as a reference, the first started receiving spam over five years ago, the third over a year ago.

Last week I received the first piece of spam (actually a phishing email) to the fourth email address uniquely assigned to an organization. The organization was DirecTv.

It is possible a spammer got lucky and hit the unique email address assigned to DirecTv.
It is possible a spammer figured out my scheme.
It is possible that my computer system with current antivirus software, a software firewall, and my network with a hardware file has malware running on it.
It is possible that my ISP was hacked.
It is possible that my DR was hacked.

However, I have to note, that since receiving the spam to the email address assigned to DirecTv, none of my other uniquely assigned email addresses have received any spam. Add that to the reports of others who have similar schemes, it does seem more possible that something has happened at DirectTv.

I have contacted DirecTv using the Help link --> Contact Us --> Email Us --> English 
For the topic I selected: Account Management --> Privacy Security

They did respond, however I was less than satisfied with their response, suggesting the issue is with my system's security and that "However, we have no indication of any breaches at this time and we are in compliance with every security requirement that is mandated."


----------



## dirtyblueshirt (Dec 7, 2008)

This should put your "hacked" concerns to rest:

http://www.directv.com/DTVAPP/content/legal/privacy_policy



> Marketing: We may share Customer Information, including programming purchases, with selected media, entertainment, and other similar service providers, as well as with third parties with whom we offer co-branded or joint products or services. These third parties may use this Customer Information to market products or services to you.


There you go. DirecTV sold it, and likely it was sold down the grapevine to spam providers.

Did anybody bother to read this before they wildly accused DirecTV's servers of being compromised?


----------



## blahhalb (Apr 30, 2012)

*ZERO* ... the number of emails that I have received from organizations other than DirectTv to the unique email address that I provided them.

Oh right the number is now *ONE*. The phishing email supposedly from CareerBuilder.com informing me about "...a vacant position at Security Finance Corporation ..." and I that I "... can review the position on the CareerBuilder site here: Chief Legal Officer"

So if they sold my email address to someone, whoever purchased it really has not gotten their money worth.

Also, you would think that before someone started quoting the DirecTv Privacy Policy, the would have read the entire policy ...



> *VI. Our do not contact policy*
> We may, from time to time, contact you by mail, e-mail or telephone to tell you about additional products or services that we or third parties may offer. If you do not wish to receive such calls or promotional materials, call (1-800-531-5000), e-mail (directv.com/email) or mail us (DIRECTV Privacy Policy, P.O. Box 6550, Greenwood Village, CO 80155-6550). If you do not wish to receive e-mail, please contact us via e-mail at (directv.com/email).


... guess not.


----------



## dirtyblueshirt (Dec 7, 2008)

"blahhalb" said:


> ZERO ... the number of emails that I have received from organizations other than DirectTv to the unique email address that I provided them.
> 
> Oh right the number is now ONE. The phishing email supposedly from CareerBuilder.com informing me about "...a vacant position at Security Finance Corporation ..." and I that I "... can review the position on the CareerBuilder site here: Chief Legal Officer"
> 
> ...


Okay, so you must opt out. How may people here have said they have, or how soon after they provided the email did they? There are plenty of windows of opportunity for contact information to be sold. A security breach is as likely as Dish Network providing a new feature that's backward compatible with older receivers.


----------



## blahhalb (Apr 30, 2012)

Oh yeah and the response from the DIRECTV Resolution Specialist about this email situation:



> Please know that we don't share the email address for 3rd party advertising and we monitor our servers closely so any "hacking" would be immediately noticed.


Hmmm that kinda blows a hole in that theory, doesn't it?


----------



## dirtyblueshirt (Dec 7, 2008)

"blahhalb" said:


> Oh yeah and the response from the DIRECTV Resolution Specialist about this email situation:
> 
> Hmmm that kinda blows a hole in that theory, doesn't it?


Not in the slightest. I said that the partners DirecTV gives your information to may have sold it themselves.


----------



## Shades228 (Mar 18, 2008)




----------

