It Has Come To Pass

So, something I’ve been expecting has finally happened and now I don’t really know what to do about it.

Back in April of last year, I made the decision to use unique passwords for every web site and at the same time, use a unique email address for every web site.  This wasn’t difficult to do, I just made a catch-all email address on my mail server, then started using unique emails on every website.  For example, amazon.com@mydomain.com would indicate to me that the email was from my amazon account registration.

And yesterday, I get a piece of spam from paypal.com@mydomain.com.  How many people have I shared this email with?  Exactly nine.  I don’t make a bunch of purchases via paypal.  So now, I don’t know what to do.  I don’t know exactly who sold off my email address or if they didn’t even sell my email, but their computer was hacked and their address book stolen.  Maybe they use a 3rd party cloud-based POS system and that was hacked.  The bottom line is, I don’t know. 

I’m going to work on the assumption that they were hacked.  Someone got into their EBay account (like they did for me) and mined their recent customer list.  This makes sense because I can’t imagine any of the people I dealt with having a large enough customer list to monetize it for any decent value.

I would love to email each of them and tell them what’s happened.  Someone out there has compromised my personal information.  They wouldn’t be able to do a whole lot of damage, but they probably have a full profile of me: name, address, phone, email.  That sucks.

So now, I have to set up a blacklist on my server for paypal.com@… and create a new email, like paypal.com2@…  That sucks, too.

Comments are closed.