Two days ago we reported that the global fast-food chain McDonalds was subject to an attack by hackers, with email addresses and phone numbers, amongst other data, compromised.
It has emerged that the stolen data was not directly hosted by McDonalds, the company using Atlanta-based Silverpop Systems, a firm that provides marketing services for over 100 companies including the popular creative website DeviantArt.
As a result of the breach, it is thought that the 105 companies that use Sliverpop’s marketing services could have had data compromised in the attack. The Register spoke to Stephen Emmett, an agent in the FBI’s Atlanta field office that “the breach is with Silverpop, an email service provider that has over 105 customers,” adding “it appears to be emanating from an overseas location.”
Like McDonalds, DeviantArt immediately emailed their users as soon as they were notified about the breach:
Silverpop Systems, Inc., a leading marketing company that sends email messages for its clients, told us that information was taken from its servers. This was probably part of a sweep by spammers. As a result, email addresses belonging to deviantART members were copied. Corresponding usernames and birth date may also have been removed.
We can assure you that nothing occurred on our systems with respect to this incident and no access was gained to private information on deviantART’s servers.
As a member of deviantART, you certainly have a right to know when an incident of this kind occurs. Unfortunately spammers are an unavoidable part of living on the Web.
The likely result of this event might be an increase in spam to your email. Experts have told us that there is an increase in email scams out there on the Internet and you should be cautious. Only click links or download attachments from people you know, particularly if they ask for personal information, and be sure that your email service provider has adequate spam filters.
Because we value the information that members give us, we have decided not to rely on the services of Silverpop in the future and their servers will no longer hold any data from us.
Silverpop issued a statement explaining that as soon as the company noticed the suspicious activity “in a small percentage of [their] customer accounts [they] took aggressive measures to stop that activity and prevent future attempts”. It also noted that the company were actively engaged with the FBI investigation.
Silverpop has not explained how the accounts were compromised, failing to gain the trust of the companies that use their services after the breach. In DevinantArt’s case, they have severed ties with the company, a painful lesson to learn for Silverpop if there ever was one.