Hello, I received ths morning the attached spam.
As I am using unique mail addresses per provider / service where I have an account, and for Comodo I make no exception, not used anywhere else, and only known by Comodo, this can only mean that some server / DB on Comodo side leaked that information (if not more), or was hacked from outside.
I presume that if you didn’t detect already the breach, you will swiftly act to find which of your server(s) was(were) breached or leaking the data.
In future, it appears you will need to reinforce your systems protection / detection.
Hope this helps.
Sujet : Confirm your Remember The Milk account (comodo: message 6 of 20)
Date : Sun, 19 Mar 2023 10:27:41 +0000 (UTC)
De : Remember The Milk - firstname.lastname@example.org <xxxxxxxxx my mail @ - obfuscated xxxxxxxxx>
Répondre à : Remember The Milk - email@example.com
Pour : I'm Mary. Please rate my photos here: https://sites.google.com/view/2b1sr6 . sadfsaf
Hi I'm Mary. Please rate my photos here: https://sites.google.com/view/2b1sr6 .,
Please confirm your account for full access to Remember The Milk:
Confirm account <https://www.rememberthemilk.com/verify/email/0ac18be726cb89e6e10d68db60bb96f9a6cccb63>
Or copy and paste the URL into your browser:
Happy to-do listing! :)
Bob T. Monkey
Bob T. Monkey and the rest of the Remember The Milk team
If you didn't sign up for Remember The Milk, please discard this message and we won't email you again. Need help? Get in touch <https://www.rememberthemilk.com/help/contact/>.
Brought to you by Remember The Milk Inc., 660 4th Street #247, San Francisco CA 94107, USA.
“remember the milk”…
dude… DUDE!!! have you considered you computer or mail server infected? or your e-mail registered elsewhere?
Of course I checked, and it is not infected.
And yes my mail address has comodo in it, and is only used on Comodo, and nowhere else
(this is exactly why I use these uniquely generated mail addresses … and this is how I knew 1 year before they publicly admitted it that Adobe was hacked and leaked accounts information, some years ago …)
Note: I have currently 279 such unique addresses. Out of them, the Comodo one is the only one in the last 3 months on which I received such a spam
Are you sure you never install the application? https://www.rememberthemilk.com/
The application is on the apple store and on google play.
Yes, I confirm, I am sure. And I didn’t know about that site nor application before I received the spam in fact.
Also, the ids I use on my PC are never used on my phone (where anyway I install the bare minimum that I need, and no such things).
I also received that Remember The Milk spam on an email address I haven’t used for years, which is the same I used when I signed up here at the Comodo Forums back in 2013.
(although I have used RTM in the past, I never had an account with them with that particular email address)
If that helps, I created my unique id on this forum on 23/04/2017
I think it’s just spam going around at the moment. I had a rememberthemilk one last night. Note the “Hi I’m Mary please rate my photos” in the text
Right, but the point is that in my case, and maybe also George_Fusioned, this is using a mail address which is only used and known by Comodo forum servers …
Might be related to this: Comodo Forums Breached, Data of Over 170,000 Users Up for Grabs
It’s possible the RTM Forgot Password form is not properly validating input and the attacker is injecting the string
"I'm Mary. Please rate my photos here: https://sites.google.com/view/2b1sr6 . sadfsaf" firstname.lastname@example.org targeting people from that leaked database.
If so, interesting that it surfaces only nearly 4 years later … thanks for the info
That seems to be the likely cause, agreed.
I also got the same RTM spam to one of my comodo-only email adresses the other day. I did forward that email to security [at] rememberthemilk.com, so they should be aware of it by now.
I started getting a LOT of spam attempts (mostly blocked by my strrict SPF configuration) to my comodo-forum only e-mail address in the last month or so, but the first attempt was in December of 2022. I set up that e-mail address in 2017, so I agree, 2019 breach is most likely source. I changed my account e-mail address here and deleted the old e-mail address, so problem solved AFAIC, but I thought I’d mention it here for anyone looking for more datapoints.
The received mail is spam.
However we have taken this situation to the team notice.
We will keep you posted.
Same for me since this week, I use +email@example.com as identifier and received spam Mails with attachment, sent from hotmail.
It never happened before, so perhaps it’s a new leak?
Comodo does not have a gmail account. All emails from them are @comodo.com or @xcitium.com so obviously a scam. I get fake ones from my domain host and other services frequently so no indication that this is any sort of a leak. Check https://haveibeenpwned.com/ for any recent breaches of your email address. Some of these email scams go around when people sell the information from leaks to scammers.
You dont seem to understand, it’s my email as receiver. I used MYNORMALEMAILADRESSfirstname.lastname@example.org here in the forum (and ONLY here) and this mail adress received spam, so the source of the leak is this forum.
The leak check says " Good news — no pwnage found!" so it’s new.
@C.O.M.O.D.O_RT - Please look into this.
I can provide additional email adresses, the spam is sent to more recipients, so if anyone from comodo wants to check them against your database I could name a few (of course not here in public) but via PM or Mail