Bye bye plusnet

[mejinks]

To whomever can be bothered to read this,

For a while I have defended you as the ISP you once were. Now it is clear that being taken over by BT means you couldn't run a **** up in a brewery.

Tonight I find that you have either had yet another disaterous security lapse and that the e-mail address I use soley for fax2email has become common knowledge amongst the spammers or you have had to sell the lists to make money, even though your greedy penny pinching and devious charging system should have made you all millionaires by now.

Please accept this as confirmation that I wish you to stick your pathetic service up your own **** and that by getting rid if the contact us button and not accepting e-mail technical support you have effectively become lower rate scum than Freeserve from who I migrated in the first place because they offered the same substandard service to which you now profer.

Might I take this oppertunity to thank you for completely killing my connection. Despite being limited to only 1mb thanks to your inept and useless admin system (or maybe admin people) who had me down as another telephone number completely and for charging me to fix YOUR mistake, I find that I can browse the web significantly faster using a 56k dial up modem.

With yet more and more problems I find myself in the position of feeling completely screwed over and at the end of my tether.

Please accept this e-mail as resignation to the fact that you will never ever be able to offer close to the service you once did and that I wish to move to a more stable and reliable platform. Currently, even AOL has this advantage over you.

Please forward me my MAC code with immediate effect. When I have my new ISP set up, I will advise you of my new DNS and MX records.

Yours sincerely

Once seriously disgruntled ex-customer

[Davey_Pitch]

Never had any problems with them myself, they've been helpful every time I've contacted them about something. Shame you've had so many problems though, I'd probably switch if I'd got them as well.

[Mark]

I've known spammers obtain completely unpublished email addresses before know. If your email address was even vaguely guessable, then they may have just hit it by chance.

Both my Google (completely unused except for logging in) and PN (used only for PN stuff) emails got guessed. Actually, the PN one didn't, but they found my PN subdomain and just started sending stuff to random addresses.

I very much doubt it's a lapse of security. PN may be guilty of a lot of things, but I'm convinced this isn't one of them (and I don't let PN off stuff lightly - I've been with them long enough to know better). Or then again, maybe not. See below.

I think PN got the message when I requested my MAC back in Jan. I just don't have problems with them now (connection uptime currently 33 days).

[Muban]

Strangely in the last couple of days I've started getting spam (on my plusnet email). Annoying as for years it's been 100% spam free, it's not an easy address to guess really either. As long as it's only 1 or 2 I suppose it's no big deal but if I start getting loads it's going to be very annoying.

[Mark]

I retract my comments about blaming PN. I have spam in my PN inbox and it's the right address this time.

Not sure if it's a compromise or not. If it is, then I might be joining the queue for a MAC as well. If it isn't, they've clearly been targeted again (not the first time that's happened).

[Mark]

Well, it's a compromise. Mejinks' comments are therefore entirely valid and I will not defend the indefensible. To say I'm annoyed just doesn't quite cut it.

Quote:

PlusNet takes its customers’ security very seriously.

It has come to our attention that a number of customer email addresses have been obtained illegally by a third party. As a result, some of these customers have experienced increased levels of spam to their email addresses.

We are in the process of contacting all affected customers in order to inform them of the incident and of any steps they need to take to ensure that their Internet connections and computers are safe.

We regret that this has happened but are confident that we have resolved this issue and will monitor the situation closely to ensure that the effect is minimised and the issue does not reoccur.

A detailed investigation continues and we will provide a further Service Status update tomorrow and a full incident report on Friday 18th May 2007. In the meantime please do not contact our Customer Support Centre regarding this issue as our resources are focused on contacting customers who are affected.

I'll allow them the time to investigate and report, but I'm minded to do as Mejinks has done.

[Garp]

Its so easy to achieve such a thing from inside an ISP. If I wanted to be a real bastard I could knock up a quick bit of code to parse out every e-mail from a mail log, and then sell that to spammers for a few bob (would easily be able to gleam probably 10k+ addresses without too much work, not including clara addresses) To be fair ISPs can only do their best to ensure their staff aren't that disgruntled enough or unscrupulous enough to do that, but there can never be any guarantees. I know one software company sold my e-mail addy on because I specifically created it for that software purchase, its not guessable (random letters), and I never used it anywhere else. I let rip at the company when I started receiving spam within a fortnight, they apologised and refunded me on the software purchase and informed me they'd kicked the relevant member of staff out

[Mark]

Aye, that's why I'm allowing them the time to investigate. If it turns out to be a member of staff then I agree there's not much they could have done. If it turns out to be incompetence on the part of their techs, then that will be the last straw for me.

[Muban]

This isn't the first time. It wasn't that long ago I was advised by them to change my password as a security precaution as they had some sort breach. They said there was no risk but advised me to change my password.
EDIT: Just found it.....

Quote:

Originally Posted by Plusnet

----- Original Message -----
From: "PlusNet Customer Support" <autoemail@plus.net>
Sent: Tuesday, February 06, 2007 9:44 PM
Subject: PlusNet discussion forum passwords


>
>
> Your username: *****
>
>
> Dear Michelle,
>
> It recently came to our attention that a potential security problem existed on our website discussion forums (http://portal.plus.net/central/forums/). It could have been possible to exploit the forum software, and retrieve an encrypted copy of the password details we hold for your account.
>
> As a user of our forums, we are now emailing you to advise you of this, and of the next steps you should take. Although we have no evidence that a malicious attack has occurred, we can confirm that one of our customers proved this vulnerability, and subsequently contacted us. We would like to publicly thank that individual, and we have had assurances that any data obtained has now been destroyed.
>
> We are now asking all customers in receipt of this email to change their account password as soon as possible, purely as a precaution. This can be done on-line, at the Account details section of our website - http://portal.plus.net
>
> This only affects customers who have used a 'weak' password that could easily be guessed. It's always good practice to make sure you change your password on a regular basis. Take a look at the advice on <http://www.plus.net/support/security/index.shtml> for more information about how you can improve your online security.
>
> If you would like more information on this incident please visit our support page at http://www.plus.net/support/customer...security.shtml
>
> If you require recorded information please ring 0845 0020180.
>
> Kind regards,
>
> Dan Kirkland
> Head of Platform Team

[mejinks]

Lets have a guess at whats caused this mess shall we?

Lets suppose you are an incompetant ISP, what do you do with your redundant webmail server that has now been superceeded? Sell it of course!

Can anyone guess what they forgot to do?

By the way Garp, what does a clara account cost these days for home MAXADSL and a static IP address?