Did anyone else get this spam to an address they gave to Red Hat?

On November 2nd I received this spam:

(some headers removed; xxxxxxxxxxx@strugglers.net is my censored email address)

Received: from mail15.soatube.com ([184.105.143.66])
        by mail.bitfolk.com with esmtp (Exim 4.72)
        (envelope-from <bounce@soatube.com%gt;)
        id 1RLikr-00070I-6U
        for xxxxxxxxxxx@strugglers.net; Wed, 02 Nov 2011 21:53:57 +0000
Received: from [64.62.145.53] (mail3.soatube.com [64.62.145.53])
        by mail15.soatube.com (Postfix) with ESMTP id 6B324181CFF
        for <xxxxxxxxxxx@strugglers.net>;
        Wed,  2 Nov 2011 14:46:01 -0700 (PDT)
To: xxxxxxxxxxx@strugglers.net
From: events@idevnews.com
Date: Wed, 02 Nov 2011 14:00:40 -0700
Subject: BPM Panel Discussion: IBM, Oracle and Progress Software

-------------
BPM-CON: BPM Panel Discussion - IBM, Oracle and Progress Software
-------------
Online Conference

Expert Speakers:
IBM, Oracle, Progress Software
etc..

The email address it arrived at was an email address I created in November 2004 in order to take a web-based test on Red Hat’s web site prior to going on an RHCE course. It has only ever been provided to Red Hat, and has not received any email since 2007 (and all of that was from Red Hat). Until November 2nd.

The spam email contains no reference to Red Hat and is not related to any Red Hat product.

From my point of view, I can only think that one of the following things has happened:

  1. Spammers guessed this email address out of the blue, first time, without trying any of the other possible variations of it all of which would still reach me.
  2. One of my computers has been cracked into and the only apparent repercussion is that someone spammed an email address that appears only in an email archive from 2004/2005.
  3. Red Hat knowingly gave/sold my email address to some spammers.
  4. Red Hat or one of its agents have accidentally lost a database containing email addresses.

Possibility #4 seems far and away the most likely.

I contacted Red Hat to ask them if they knew what had happened, but they ignored all of my questions and simply sent me the following statement:

“Hello.

Thank you for contacting Red Hat.

we apologies for the inconvenience caused however we would like to inform you that we have not provided your email address to anyone.

Thank You.

Red Hat Training coordinator.”

That wasn’t really what I was asking. Let’s try again.

“Hi Red Hat Training coordinator,

Thanks for your reply, but I’m afraid I am not very reassured by your response. Do you have any suggestions as to how an email address created in 2004 and used only by yourselves for my RHCE exam managed to be used for unrelated marketing by a third party in 2011, unless Red Hat either provided my email address or leaked my email address?

For clarity we are talking about the email address “xxxxxxxxxxx@strugglers.net” which has never ever received any email except from Red Hat, until yesterday, when it got some unwanted
marketing email from a third party.”

“Hi Andy,

Please be assured that Red Hat does not circulate student’s e-mail address to any third party.

Thanks,
Red Hat Training Coordinator”

I’m not getting anywhere am I? I was only after some reassurance that they would actually look into it. Maybe they are looking into it, and for some reason decided that the best way to assure me of this was to show complete disinterest.

Oh well, I can send that email address to the bitbucket, but I can’t help thinking it’s not just my email address that has been leaked.

Anyone else received similar email? If so, was it to an address you gave to Red Hat?

Update 2011-11-10: Someone suggested I politely ask the marketer where they obtained my email address. It’s worth a try.

“Hi Integration Developer News,

May I ask where you obtained my email address
“xxxxxxxxxxx@strugglers.net”? I’m concerned that it may have been
given to you without my authority.

Thanks,
Andy”

Also I have now been contacted by someone from Red Hat’s Information Security team, who is looking into it. Thanks!

19 Responses to “Did anyone else get this spam to an address they gave to Red Hat?”

  1. Eric Says:

    Was “xxxxxxxxx” possibly guessable with a dictionary spam attack?

  2. Andy Says:

    Yes, but since I use extension addresses, for that to have happened either it would have had to be their first and only guess at which point they gave up, or else I would expect to have received millions of copies based on several dictionary words being smooshed together.

    I didn’t receive any copies other than that one to the address Red Hat had, and the first explanation doesn’t seem at all likely.

  3. b Says:

    Someone might have tried emailing to all entries in:

    http://strugglers.net/wiki/Special:Listusers

  4. Eric Says:

    Fair enough.

    I do the same thing, and have had similar things happen by entities which I am sure are not malicious (I very much doubt that Yo La Tengo is selling me out). I assumed it was either a bad third party actor or a hack, in my case.

  5. Andy Says:

    b,

    The email address doesn’t appear there. I’ve also already done a few search engine queries to see if it shows up anywhere on the web. It doesn’t appear to.

  6. Andy Says:

    Eric,

    Yeah normally I would put it down to some individual’s address book being lifted off their compromised email client, just in this case I know the address was never used elsewhere. 2004/5 was a long time ago but I don’t think it was ever given directly to another human being.

  7. Chris V Says:

    I just got the same email, and I have also shared my email address with RedHat (although it is my work address and I’ve shared it with a bunch of folks).

  8. Andy Says:

    Chris,

    Thanks for the info. I think you should tell Red Hat as I think they are still looking into this.

  9. Dominic C Says:

    Chris, could you please forward to details to me at “dcleal” at Red Hat .com? I’ll forward it onto the security team concerned. Thanks for the report.

  10. Niclas Says:

    You ever got any clarity on this? I today (June 21st, 2012) received an email from idevnews, the address being one that has been shared with RedHat (and, to be fair, other entities as well). I’m confident I’ve never subscribed to this particular “newsletter” though.

    Not sure if I’ve gotten ads from from idevnews previously, I’ve only recently begun to keep track of all the email I was getting as I’m lately been spending too much time cleaning my inbox.

  11. Andy Says:

    @Niclas,

    Not really. Red Hat contacted me and investigated but I never heard any conclusion so I assume they were unable to find any evidence of a breach.

  12. Chris V Says:

    Similar to Andy, I heard from Red Hat back in November but have not heard anything since. This is not entirely unexpected as I am sure many companies do not share the results of internal investigations with outside folks.

    @niclas:
    Have you forwarded your email details to Dominic?

  13. Chris V Says:

    Also: Have anyone received emails from someone by the name of Mike Boyle? From what I recall I received a few legitimate emails from Mike during his time at Red Hat as (I recall) a Northeast/New England region account rep; I have since gotten the occasional spam from his Yahoo account as recently as 6/19/12.

  14. Jonathan Perkin Says:

    I started getting these spams this week too, to an address which was previously used during RHCE certification.

  15. AD Says:

    Same thing today. Never entered RHCE, only used for access to RHN (since 2010 or so). So most likely from my Red Hat Login. To be fair, not an address I exclusively use for Redhat, but this starts to look like a breach or f-up at Redhat involving RHN-registered mail accounts, based on above mentioned experience.

  16. AD Says:

    And again on 20120919

  17. seff Says:

    Yes I did receive many spam like this.
    Yes I gave this email address to Red Hat.

    Thank you for your clarifying investigation.

  18. SJ Says:

    Received a similar spam today from a closed email address only used to register at the Redhat site (not for certification).

  19. Madwyn Says:

    I can confirm the same thing here. My company email was only exposed to redhat, then I started to receive emails from events@idevnews.com. Shame on redhat!

Leave a Reply