Forgot?

Apologies To Our Members, iContact Got Hacked

Daniel Chapman on 17 February, 2010

About a week ago one of our members came to us and reported that he was suddenly getting spammed on an account that he had only ever used for our site.

We started doing some looking but as it was "only one" we figured that it was most likely something on their end.

Then the second one came in. And another.

All these customers were rather unhappy. Which is completely understandable. I would be angry too if a site was giving away my email address or not looking after their security enough that it was compromised.

More than two reports means that something is more than likely wrong at our end, so we started scouring our server for possible issues, fearing that had been hacked.

We spent a few days pouring over server logs, doing file comparisons between the copy of our site on the server and vanilla installations of Joomla and installed components looking for traces of a hacker.

We read seemingly endless security reports looking for any related to our installed versions of extensions.

After several sleepless nights and a lot of hair-pulling, we still couldn't find out how they got in and got increasingly stressed. If we had been hacked, that is one thing, but if we can't find them or stop them then we are more than just hacked, we are sunk.

Just as our panic was reaching a fever pitch we found the leak. iContact, who hosts our Ninja Mail mailing list, was hacked1 a couple of weeks ago, and their mailing lists were compromised.

iContact, thanks for letting us know that you handed our members' private data out!!

As a result we have canceled our account at iContact and we sincerely apologize from the bottom of our hearts to our members for any inconvenience this has caused.

Luckily though, no user passwords or accounts were compromised, just email addresses.

If it makes you feel any better, all the NF staff are also getting more spam too as a result.... :'(

If you have a list at iContact, then I suggest that you notify your subscribers that their details have likely been passed onto spammers. (and try out Mail Chimp instead)


1 EDIT: This link originally pointed to a a blog post on icontact.com reporting the hack. That post and any mention of the hack has now been wiped from their website.

Your Response

  • Good work and not your fault! Who are you using for mass mail now? iContact is now off my list.
    Reply
  • Looks like I cancelled iContact just in time. I had them for over a year and the service got steadily worse each month.
    Reply
  • I feel sorry for you guys! We known you are honest so it sucks to see you getting a bad name because a service provider got hacked. Hope this blows over quickly and Mail Chimp is more secure for you!
    Reply
  • I use disposable e-mails from www.spamgourmet.com , so for every registration i make I have a different e-mail address.
    This is how i spotted that probably NinjaForge had been hacked.

    I am happy that you took so much effort in finding the security leak! And posted this article in your blog.

    Well now spammers, take this email: and spam it as much as you can. Just waste your time :-)
    Reply
  • I use disposable emails from sneakemail.com and as of June 2, 2011, it looks from here like iContact got hacked again.
    Reply
    • Well lets hope that they deleted all of our mails when I cancelled the account last time.
      Reply

Your Response

Submit Comment
Home Blog Apologies To Our Members, iContact Got Hacked