How Attackers Will Use Epsilon Data Against You

Trailrunner7 writes "What might the criminals who broke into Epsilon do with the email lists they have? The easiest thing to do is to sell these data sets on the black market or, potentially, to competitors of victim firms. According to the latest data from data-breaches.net, totals are up to 57 customers including credit card providers with branded cards — Visa (notices sent for at least 3 cards), the World Financial Network National Bank (12 cards) and Citi (3 cards). The criminals may make some money there and re-invest it into technology or services for other efforts. Once an attacker has gained a foothold on one or more systems used by their mark, they can begin harvesting credentials. The frequency with which average consumers use the same username/password combination across multiple sites is such that such information could lead to accessing other potentially-existing accounts on high-profile social networks."

Re:VISA Hit?

[blair1q]

They weren't hit. They were clients of the mass-mailing service that got hit. If you were on Epsilon's list under Visa, Epsilon notified Visa that you were exposed. Visa then should have notified you.

I got 4 separate notifications, but I suspect that's not all.

I've tried to get Epsilon to give me a full list of what companies using their service have my email address, but, in phenomenal wanker fashion, they refused, citing "privacy" and "security".

Re:Passwords not compromised

[John+Hasler]

Maybe, but that would be a possible consequence of my e-mail being stolen *AND* me being stupid...

Thus the majority of users are at risk.