Warning! Aweber have compromised

Sandor_V · October 20, 2010, 3:33pm

Hi Fellows,

I don’t know about you, but already the fourth day that I get such spam messages (tax, viagra, watches, pharma, just name a few kind). They are seems nearly similar. First day I got 13, next 29, yesterday 69, and today 116 arrived into a certain email address.

I got them through Aweber perhaps because I’m on a few dozen Aweber lists. And I suggested Aweber services to my subscribers, too.

On the Aweber’s blog you can read that they know the situation and trying to do something. I’m afraid it’s a cry over spilled milk situation.

What about your experience?

Regards,

Sandor

Aleksejs · October 20, 2010, 5:24pm

Frankly, it is the first time I hear of them. And I suspect that I am not alone. {~;

That being said, I think that the fact that they honestly admit that they have problem and are dealing with it is a good sign. Not a sign of excellent operation, but a sign that shows that they stand up for challenges.

Sandor_V · October 20, 2010, 5:50pm

Hi Aleksejs,

This is the second similar situation in a year. Formerly they were a bit slow in reacting up on that.

I know, that hackers are inventive people. And hacking is a part of the life, unfortunately. No autoresponder system or webpage is safe from determined hackers.

But imagine: you get spam complains from your customers who give their details to you in that good hope that their data will be safe. And they call you on account for spamming.

Hoping Aweber will be able to stop such action on the future. Otherwise they may lose a part of their customers.

Regards,

Sandor

Sandor_V · October 21, 2010, 5:15am

"What Does AWeber Do To Protect Your Data? What About This Incident?

On a daily basis, a few thousand attempts are made to attack AWeber. This sounds like a lot (and it is), but it’s no different at any other sizable web-based application.

We use a combination of in-house and third-party security solutions to scan our network for possible “holes” in security, and to monitor, block and analyze the many attempts made to gain unauthorized access to AWeber. On the whole, these solutions are very good at what they do and this approach serves us well. Unfortunately, both the in-house and third-party solutions failed to detect or stop this particular attack.

We became aware of the incident on Monday, October 18th and immediately began an investigation to identify and close the vulnerability that was exploited. We closed the vulnerability promptly and are now analyzing why neither our in-house or outsourced security solutions identified it before the incident occurred.

We continue to invest significant resources into enhancing our current security and implementing new security measures to combat future attacks. We are also working with other ESPs who have been similarly attacked to share knowledge and better secure the email marketing industry as a whole.

Questions? Please Contact Us.

Those wishing to reach us with specific questions regarding this attack are encouraged to call our Customer Solutions Team, who will immediately address your concerns.

US Phone: 877-AWEBER-1
International Phone: +1 215-825-2196
Email: http://www.aweber.com/contact-us.htm

We’re Sorry

I – and all of us at AWeber – understand that trust is hard to come by online, not only for us, but for you as well.

Your subscribers trust you with their email address, and trust that you will treat that address and their permission to be emailed with the utmost care. While most of them will not notice any changes to their inboxes as a result of this incident, we take that trust, and what has happened, seriously.

We take all the measures we can to protect your account (some of those are discussed above), and I’m sorry that this incident occurred.

Tom KulzerRemorsefully,
Tom Kulzer
CEO & Founder
AWeber Communications"