53 réponses à ce sujet

[chrhoth]

Today I received an email from col0-omc4-s5.col0.hotmail.com

This is the source code with my domain removed -

Return-Path: <ingramwmberkeaq49@hotmail.com>
X-Original-To: da2@*****.com
Delivered-To: da2@*****.com
Received: from col0-omc4-s5.col0.hotmail.com (unknown [65.55.34.207])
by *****.com (Postfix) with ESMTP id 302C441F8D
for <da2@*****.com>; Mon, 28 Mar 2011 01:24:57 +0000 (UTC)
Received: from COL112-W18 ([65.55.34.200]) by col0-omc4-s5.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Sun, 27 Mar 2011 17:09:56 -0700
Message-ID: <COL112-W188AC1783871CBB93075D1ADBA0@phx.gbl>
Content-Type: multipart/alternative;
boundary="_2309e1cb-9d0d-43dd-aee5-a9a1f6a49cd6_"
X-Originating-IP: [86.96.227.102]
From: ingram berke <ingramwmberkeaq49@hotmail.com>
To: <da2@mmen.org>
Subject: Re:ForYou$OnlineCasino#Now
Date: Mon, 28 Mar 2011 00:09:55 +0000
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 28 Mar 2011 00:09:56.0110 (UTC) FILETIME=[780A6AE0:01CBECDC]
X-Antivirus: avast! (VPS 110327-0, 27/03/2011), Inbound message
X-Antivirus-Status: Clean

Now before anyone says i have been hacked or i have a spybot let me explain ...
I operate my own email server all email adresses i have are in fact aliases, every online account i have or create
has a unique address i.e. wow,rift,utilities etc and that goes for Dragon Age 2. If i had been hacked then i would expect to receive spam on at least a few of them. So my address has not been leaked by me.

So my question is has anyone else received such an email.

Thanks For reading

CH

Modifié par chrhoth, 28 mars 2011 - 06:23 .

[AnKor85]

Wow. Yes. I've noticed quite unusal spam message (I'm in Russia and mostly get russian spam ) and dismissed it as always. But now after reading your post I went and checked it again. So yes it looks very similar to your and I received it on account that I use for EA profile:

Received: from [62.141.94.152] (HELO mx2.ks.pochta.ru)
by node9-3.ks.pochta.ru with QIP.RU LMTP
for --cut--;
Mon, 28 Mar 2011 02:02:30 +0400
Received: from col0-omc2-s4.col0.hotmail.com ([65.55.34.78])
by mx2.ks.pochta.ru with QIP.RU SMTP
for --cut--; Mon, 28 Mar 2011 02:02:31 +0400
X-QIP-Sender: 65.55.34.78
Received: from COL108-W51 ([65.55.34.73]) by col0-omc2-s4.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Sun, 27 Mar 2011 15:02:29 -0700
Message-ID: <COL108-W51AA616ED897D517B0A976C3BB0@phx.gbl>
Return-Path: langsdoncbkassqd@hotmail.com
Content-Type: multipart/alternative;
boundary="_3ea98b14-eacc-47bb-bf42-34ef4250687a_"
X-Originating-IP: [187.113.78.2]
From: langsdon kass <langsdoncbkassqd@hotmail.com>
To: ---cut---
Subject: Re:Best?PokerRoom~Soon
Date: Mon, 28 Mar 2011 02:32:29 +0430
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 27 Mar 2011 22:02:29.0838 (UTC) FILETIME=[AA81E6E0:01CBECCA]

PS: You forgot to remove your domain in To: line.

Modifié par AnKor85, 28 mars 2011 - 07:55 .

[Raygereio]

chrhoth wrote...
So my question is has anyone else received such an email.

Nope. I also keep seperate email adresses for everything and I haven't got any spam in my EA-email-account yet. This can just mean that my adress wasn't leaked through whatever break there was in EA's security. It does at least indicate that it isn't likely that EA has been selling adresses to spammers.

Spammers can get email adresses through a myriad of ways though. From brute force guessing, to just having a crawl-&-scrape-bot logged in of forums and read your adress right there as AnKor85 already pointed out.

[chrhoth]

Hi Thanks for the reply ....

To: <da2@mmen.org>  

mmen.org  --- this is not my domain

Thanks

Chris H

[Lacan82]

emirates.net.ae? o.o

[mcneil_1]

I wonder if this is why the spam in my junk folder suddenly increased <_<

Modifié par mcneil_1, 28 mars 2011 - 10:27 .

[chrhoth]

Just an Update ... Today i recieved another spam email this time on another account i have setup for dragon age origins this account is my old  ISP Address unfortunatly i can not post on the DA2 forums with this account this is the source ...

rom - Tue Mar 29 17:59:57 2011
X-Account-Key: account2
X-UIDL: 09263071141230
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Received: from [] by (GMS
15.02.3689/NU3963.00.7ca42f0c) with ESMTP id ggqwsrca for ;
Tue, 29 Mar 2011 10:26:30 +0100
Received: from localhost (unknown [127.0.0.1])
by (Postfix) with ESMTP id 00C23306E41
for <>; Tue, 29 Mar 2011 09:26:35 +0000 (UTC)
X-Virus-Scanned: amavisd-new at
Received: from ([127.0.0.1])
by localhost ( [127.0.0.1]) (amavisd-new, port 10041)
with LMTP id rSG4VwvzqO0A for <>;
Tue, 29 Mar 2011 10:26:34 +0100 (BST)
Received: from ()
by (Postfix) with ESMTP id 12E68306E43
for <>; Tue, 29 Mar 2011 10:26:34 +0100 (BST)
X-Greylist: whitelisted by SQLgrey-1.6.8
Received: from col0-omc3-s14.col0.hotmail.com (col0-omc3-s14.col0.hotmail.com [65.55.34.152])
by (Postfix) with ESMTP id B5B1753DED
for <>; Tue, 29 Mar 2011 10:26:33 +0100 (BST)
Received: from COL118-W51 ([65.55.34.137]) by col0-omc3-s14.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Tue, 29 Mar 2011 02:24:56 -0700
Message-ID: <COL118-W51672578C86C3EFB818100C6BD0@phx.gbl>
Content-Type: multipart/alternative;
boundary="_aa6a7f0a-3135-40c4-9ccc-55b2547f9e81_"
X-Originating-IP: [118.101.215.91]
From: Walter Alvarado <alvarado-js19601@hotmail.com>
To: <******@freemail.hu>
Subject: Re:ForYou!BonusCasino?Soon
Date: Tue, 29 Mar 2011 05:24:56 -0400
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 29 Mar 2011 09:24:56.0128 (UTC) FILETIME=[2ACFAC00:01CBEDF3]
X-Antivirus: avast! (VPS 110329-0, 29/03/2011), Inbound message
X-Antivirus-Status: Clean

Very similar to the original meassage .... yesterday i bought from ebay and amazon and not received anything on these address. The only common factor is EA ! Btw i created a ticket and got told to phone them on a American number, not very good as i am in the UK and a link to a site telling me to check my computer
For virus and mal-ware , so no help at all.

Thanks

Modifié par chrhoth, 29 mars 2011 - 05:33 .

[blaalindorm]

I've been receiving SPAM on unique email addresses only ever disclosed to EA/Bioware.

[schlurbna]

I've received two pieces of spam to a bioware-only email address too, the more recent with:
From: Joseph Ellis <josephellis1976@hotmail.com>To: bioware@twilightnet.net (not my address)Subject: Re:BestPoker>Today
Looks like there was definitely a leak.  One hopes that passwords were stored salted and encrypted, 'cause you just know that people will be re-using them all over the place.

[Fetacheese]

Hmm... I use my own proxy server to filter spam, so I didn't notice I had received any untill I just checked my filter...
same results, my EA/RIFT only account is receiving the same spam.
odd.

From: Douglas Williams (williamsfw74@hotmail.com)
Sent: March 29, 2011 5:46:09 AM
Re: Best?BonusCasinoVisit‏
To: xxxxx
xxxxx
xxxxx

[Fetacheese]

I'm thinking this may be an EA leak, not a bioware? can anyone confirm?

[vometia]

I've also started getting spam sent to my EA-only address over the past few days; rather a worry considering that if they could get hold of the address, they can get other information too, potentially including credit card numbers.  All things considered, a timely response from EA would be nice.

I also started a thread here about the same subject earlier today, though there's been no official response there either.

[vometia]

Just thinking, it might not be such a bad idea to reset passwords and stuff. Not very impressed that EA don't seem to be taking it seriously.

[xenn]

ive noticed an increase since i started playing dragon age legends on facebook

[vometia]

I changed my email address for a new one and now that's being spammed as well, so it would appear that EA's systems are still compromised. Either that or they're giving email addresses to spammers, but either way it's not good.

[BTCentral]

I have also had similar emails on the address linked to my EA account over the last few days (Casino/Poker spam).

You may well be correct in your assumption that email addresses somehow got leaked and/or that there is a compromised system.

Modifié par BTCentral, 01 avril 2011 - 11:31 .

[ElofValant]

I also have gotten spam e-mails to my EA/DA e-mail address..

Of bigger concern for me - I recently decided to "waste" some money and purchased the Exiled Prince DLC, used a card I never use for anything but automatic transactions.. and just recently got a call from my CC company to alert me to the fact they wanted to close the card as they had just detected possible fraudulent charges.. and wanted to know if I wanted to cancel the card and block the possible bad charges (which I did, as I know exactly what gets charged to that card)

It might have been a false alarm... but considering the timing.. I'm wondering if more than just e-mail addresses have been possibly leaked. I'd advise ppl to check their CC's and see if any strange charges have been made recently..

Modifié par KamatsuDash, 02 avril 2011 - 06:58 .

[JediMB]

If someone's been getting to your credit card information, it's more likely that you have something nasty on your computer.

[flexxdk]

Funny thing is, I'm not gettin' any spam.

The only spam I'm getting is "OMG Get a fre vucher for teh albert heijn!11", which is a Dutch supermarket.

I doubt EA has any connections with them.

I have read somewhere though that Facebook would allow third party applications to collect your info or something...

[ElofValant]

JediMB wrote...

If someone's been getting to your credit card information, it's more likely that you have something nasty on your computer.

Don't believe so - I do have up-to-date FW & AV on my computer, windows in up-to-date, all other software (java, browser, flash, etc) is also up-to-date, scan regularly with multiple different scanners (installed AV, spybot, Malwarebytes anti-malware as well as running various online scanners regularly). Although admittidly I could have been effected by a just released spy/malware... and thus likely not detectable by most scanners (sometimes heuristic scanners can pick these up.. sometimes not)  *shrugs* Time to scan everything again.

Anyways, not saying 100% that EA/BW is/has leaked CC information, I just found the timing of this.... interesting and worth noting. And just thought I'd post so people can be aware - it might be nothing but bad luck on my part.. it might be worse. Better to let ppl know so they can check their bank statements... than stay silent and have ppl possibly loose money they can't afford to loose.

[vometia]

JediMB wrote...

If someone's been getting to your credit card information, it's more likely that you have something nasty on your computer.

I'm not convinced: I've had unauthorised access to my card several times over the years which seem to have been caused by fraudsters accessing data on improperly secured servers; I've never had a virus or keylogger.

Considering I've now had spam delivered to two different email addresses that only EA is aware of, they obviously have a major security problem, and if they can access members' contact details, chances are they can get hold of other information as well.  What I find particularly alarming isn't just EA's total lack of any response but the duration of the security problem which has been at least several days and is probably still ongoing.

[Dominus]

I've gotten these before, but my EA account doesn't have the billing address, etc on there. I always type it out manually instead. Would they still be able to get a hold of that kind of information somehow? I changed my password, so that may stop potential dangers, I dunno.

[_Aine_]

Yes, I also got these. =(

[Nukenin]

KamatsuDash wrote...

[…] and wanted to know if I wanted to cancel the card and block the possible bad charges (which I did, as I know exactly what gets charged to that card)

It might have been a false alarm... […]

If you know exactly what gets charged to that card, how might it have been a false alarm?  

[StartOrange]

I only have an account that's bound to EA through Dragon Age and I have not received any of this.