About a week ago one of our members came to us and reported that he was suddenly getting spammed on an account that he had only ever used for our site.
We started doing some looking but as it was "only one" we figured that it was most likely something on their end.
Then the second one came in. And another.
All these customers were rather unhappy. Which is completely understandable. I would be angry too if a site was giving away my email address or not looking after their security enough that it was compromised.
More than two reports means that something is more than likely wrong at our end, so we started scouring our server for possible issues, fearing that had been hacked.
We spent a few days pouring over server logs, doing file comparisons between the copy of our site on the server and vanilla installations of Joomla and installed components looking for traces of a hacker.
We read seemingly endless security reports looking for any related to our installed versions of extensions.
After several sleepless nights and a lot of hair-pulling, we still couldn't find out how they got in and got increasingly stressed. If we had been hacked, that is one thing, but if we can't find them or stop them then we are more than just hacked, we are sunk.
iContact, thanks for letting us know that you handed our members' private data out!!
As a result we have canceled our account at iContact and we sincerely apologize from the bottom of our hearts to our members for any inconvenience this has caused.
Luckily though, no user passwords or accounts were compromised, just email addresses.
If it makes you feel any better, all the NF staff are also getting more spam too as a result....
If you have a list at iContact, then I suggest that you notify your subscribers that their details have likely been passed onto spammers. (and try out Mail Chimp instead)
1 EDIT: This link originally pointed to a a blog post on icontact.com reporting the hack. That post and any mention of the hack has now been wiped from their website.