

EMusic leaks email address to spammers - RiderOfGiraffes

My wife recently made a purchase from eMusic.com.  According to our usual procedure she invented an email address unique to them for the registration.  We are now getting around 100 spam a day to that email address:<p><pre><code>    2009/04/04 :  41
    2009/04/05 :  30
    2009/04/06 :  41
    2009/04/07 :  35
    2009/04/08 :  61
    2009/04/09 :  65
    2009/04/10 :  43
    2009/04/11 :  85
    2009/04/12 :  91
    2009/04/13 :  95
    2009/04/14 : 118
    2009/04/15 : 116
    2009/04/16 :  95
</code></pre>
No other email addresses have been compromised, so it isn't that our machine is infected by a worm or virus that's giving out addresses - it must be them.  Besides, the purchase was made via a Linux machine.<p>Emails to their "service" department as listed on the "Use of Private Data" pages have gone unanswered.  Clearly they either don't care, or are incompetent.<p>This is exactly why we use unique email addresses for every service we use - it's trivial now to spam bin them, but be warned.<p>Don't use an email address you care about with eMusic.com
======
XRaySpeX
Me too :(

2/3 years ago I started registering for free trial at Emusic and gave a UNIQUE
email addy on the 1st page. Then, when it started asking for my credit card, I
curtailed my application.

So, I wasn't even a member of emusic (couldn't log in as you would expect).
Yet, it obviously remembered my email addy and leaked it, as shortly after I
started to get spam addressed to this email addy that I used exclusively for
emusic.

I complained to them but a director replied denying that they had any security
breach.

For a couple of years I got the odd spam using this addy. However, in the past
few months I'm getting about 40/50 per day.

I'm not too concerned yet, as the spams are not very large and I can filter
them to delete from server without downloading them. I'm just a bit worried
that they are on the increase and could get larger and more of them to fill my
server mailbox.

These are not isolated instances, there are quite a few articles and blogs
about it. This is how I found here by googling "emusic spam"!

------
tjstankus
I hope this is not true, but it looks like you have pretty good evidence. I've
been a happy emusic subscriber for years. I don't mind spam so much only
because Gmail's filters are pretty good. But, I _do_ get quite a bit of it. >
1000 in my spambox right now. And it's totally uncool if emusic is responsible
for any of it. Upvoting in hopes this catches the attention of emusic. I might
even submit a support request with the link. I'd love to hear their side.

UPDATE: I submitted a support ticket with a link here.

~~~
RiderOfGiraffes
Imagine my domain name is OddName.com. The email address we gave them is
something like emusic_XX@OddName.com where XX is the checksum of "emusic", and
that is the address to which spam is being sent.

I think the evidence is overwhelming.

I'd also love to hear their side of it, but given that they didn't bother to
reply to my email I suspect they either don't care, or don't accept my
evidence.

------
ErrantX
Was the email address one on a custom or little used domain?

Or on a "major" provider address (e.g. Yahoom, Gmail etc.).

I have set up MSN and Yahoo addresses in readiness for future use and started
getting spam to them within the space of a week :)

EDIT: what Im saying is a you making a big accusation. Something like that can
damage eMusic for good. If it's true then good - but there are other
explanations too.. which we should conasider first.

~~~
RiderOfGiraffes
The email was address was unmistakeably exactly the email address we gave
them. It is largely unguessable, of a specific form with the equivalent of a
checksum built in to it, and on our personal domain.

~~~
ErrantX
in which case I think you have a point :)

------
emusicspamhater
I have this with two email addresses I used which were unique to emusic. One
when I did a trial, one when I signed up. Both have now received thousands of
spam messages. I found this topic by doing a google search for 'emusic spam'.
It looks like this problem has been going on for years.

------
emusicsucks
Yes. Two email addresses I invented for emusic are now receiving all sorts of
spam. I own my own domain, so it's definitely the case that those addresses
were leaked.

