PureVPN Hacked and Embezzled Email Addresses Used to Send Hoax Emails
Softpedia.com reported on 7th October 2013, stating that customers of VPN (Virtual Private Network) provider PurePVN recently started receiving hoax emails informing them about their accounts being closed down.
The systems of the company have been hacked and the attackers used a number of stolen email addresses to send bogus notifications.
The fake emails, apparently signed by PurePVN Founder Uzair Gadit, read, "I'm sorry to inform you that due to an incident we had to close your account permanently. We are no longer able to run an anonymization service due to legal issues we are facing." "We had to handover all customers' information to the authorities unfortunately. They might contact you if they need any details about the case they are working on. The following information was handed over: your name, billing address and phone number provided during purchase and any documents we had on file."
A blog post has been published on the official website of PureVPN by the real Uzair Gadit reassuring that the emails are fake.
Purevpn.com published a blog by Gadit on 6th October, 2013. The blog says that "This morning some of our users have received a fake email and we are putting this blog post as a clarification. We are NOT closing down nor do we have outstanding legal issues of any sort. We have neither been contacted by any authorities nor do we store our user's personal data to share with anyone."
Infosecurity-magazine.com published news on 7th October, 2013 quoting a statement by Gadit as "Preliminary reports suggest that we are hit with a zero day exploit." However, he added "We do not store any of our user's PayPal nor credit card information in our on-site databases and user or usage logs are also not stored on line. We can confirm that the breach is limited to Email Ids and names of a subset of registered users."
Armed with names and email addresses of only few customers, the attackers could go phishing and send hoax emails but that does not mean that the hackers will not use the names and addresses for future phishing. Users of PureVPN should therefore be on their guard.
» SPAMfighter News - 18-10-2013