# tivo accout email



## caddyroger (Mar 15, 2005)

Has any one got this email today.


Dear TiVo Customer,

Today we were informed by our email service provider that your email address was exposed due to unauthorized access of their system. Our email service provider deploys emails on our behalf to customers who have opted into email-based communications from us.

We were advised by our email service provider that the information that was obtained was limited to first name and/or email addresses only. Your service and any other personally identifiable information were not at risk and remain secure.

Please note, it is possible you may receive spam email messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties.

We regret this has taken place and apologize for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.

If you have unsubscribed in the past, there is no need to unsubscribe again. Your preferences will remain in place.


----------



## bud8man (Feb 13, 2004)

Got mine. :down::down::down:


----------



## SGR215 (Jan 20, 2004)

I got it too.


----------



## slimm (Sep 19, 2003)

This sucks!


----------



## morac (Mar 14, 2003)

Yep got it as well. 

Considering that's the same email address that was leaked during the whole Gawker fiasco last year and nothing happened because of that, I'm not too worried. Spammers already seemed to have my name anyway.

Still I'm not really looking forward to more spam.


----------



## gentoo (Apr 3, 2011)

Yep, just got it. Wish i would have registered with one of my JUNK email accounts instead of my clean ISP account now..


----------



## innocentfreak (Aug 25, 2001)

Yeah got like three of them to the same address.


----------



## smbaker (May 24, 2003)

Got mine as well. I'm not sure to be impressed that some company bothered to inform me of a breach or concerned that yet another company has failed to protect personal data. 

I wonder who the 'service provider' was? Perhaps a lot of other companies may also be compromised.


----------



## tomhorsley (Jul 22, 2010)

Yep, I got it too, but I do wonder how I'd be able to tell the difference between the spam I was getting before and the new spam .


----------



## knuckles (Dec 21, 2002)

tomhorsley said:


> Yep, I got it too, but I do wonder how I'd be able to tell the difference between the spam I was getting before and the new spam .


Maybe we will be able to decide which spam to receive, when we want to receive it, and create season passes for the ones we really enjoy.


----------



## slimm (Sep 19, 2003)

tomhorsley said:


> Yep, I got it too, but I do wonder how I'd be able to tell the difference between the spam I was getting before and the new spam .


I wasn't getting any, so I'll know.


----------



## minorthr (Nov 24, 2001)

I got one as well. Also received two others from other companies today as well.


----------



## Rocketslc (Jan 5, 2004)

smbaker said:


> Got mine as well. I'm not sure to be impressed that some company bothered to inform me of a breach or concerned that yet another company has failed to protect personal data.
> 
> I wonder who the 'service provider' was? Perhaps a lot of other companies may also be compromised.


From this thread
http://www.tivocommunity.com/tivo-vb/showthread.php?t=467587



MMG said:


> Just saw this on WISH's website:





> Quote:
> We called the company that manages this database for Kroger, called Epsilon. They wouldn't comment, other than to say an investigation is ongoing. In addition to Kroger, JP Morgan Chase customers were also part of the breach.


----------



## kalex1 (Jan 19, 2010)

Got one as well. Also got an email from Brookstone yesterday. Coincidence I think not. Now I wonder who this email service provider is as well. I also wonder if there is any sort of compensation for lack of security on these corporations.


----------



## TVCricket (Mar 7, 2010)

Just got mine.


----------



## morac (Mar 14, 2003)

I got a second email from TiVo, identical to the first.


----------



## fred2 (Jan 20, 2006)

I'm just trying to figure out if the email was from Tivo or from the folks who got my email address!


----------



## orangeboy (Apr 19, 2004)

More from Bloomberg: http://www.bloomberg.com/news/2011-...capital-one-tivo-warn-of-e-mail-breaches.html

I switched my account email address awhile back. I have been getting more spam in the past couple days on my old address, but nothing out of the ordinary on my new one. It sounds like Epsilon isn't a very good company...


----------



## me_too (Apr 3, 2011)

Got the same email this morning, canceled my Tivo service this afternoon. Touche!

I love the line "We were advised"....yeah whatever! Protect your data yourselves TIVO!!!


----------



## jrm01 (Oct 17, 2003)

Got my second notice two hours after the first notice. Guess I'll have to cancel service on two boxes.


----------



## rifleman69 (Jan 6, 2005)

Got mine twice as well, putting it in a nice envelope for the California Better Business Bureau. I'd suggest more of you do the same.


----------



## tivert (Jul 23, 2008)

So how many more companies does this Epsilon co. serve... ? Tivo, HSN, Chase...omega, delta



April 2, 2011 

Dear HSN Customer,

HSN values your trust and wants to make you aware of a recent incident. We learned from our email provider, Epsilon, that limited information about you was accessed by an unauthorized individual or individuals. This information included your name and email address and did not include any financial or other sensitive information. We felt it was important to notify you of this incident as soon as possible. We apologize for any inconvenience and have outlined below a number of email safeguards to help ensure your privacy online. 

Email scams, spam, and other attacks on email systems are on the rise, but, by taking certain precautions when receiving emails, you can continue to safely use email for your business and personal needs: 

Don't open links or attachments from people you don't know and trust.
Don't provide personal, financial, or other sensitive information when asked to do so by email. Most reputable companies do not ask for such information by email, and, rest assured, we will not do so.
If you receive an email appearing to come from us that does ask you for sensitive information, do not respond, click on any links, or download any attachments. Instead, please inform us immediately at the toll-free number or email address provided below.

We take your privacy very seriously and work diligently to protect your information, whether held by us or by our service providers. HSN's internal databases, which store all customer-provided data, were in no way compromised. Our email provider has taken significant steps to further protect the limited customer information held in its databases. If you have any questions or concerns regarding this incident, please contact us toll free at 1-800-933-2887 or email us at . 

Sincerely,
Gregg Stallwood
Senior Vice President, Customer Care &#8211; HSN

Please do not reply to this email. If you would like to contact us, please call us toll free at 1-800-933-2887 or email us at [ 
HSN Interactive LLC | Attn: Customer Service | 1 HSN Drive | St. Petersburg, FL 33729&#8234;


----------



## magnus (Nov 12, 2004)

I don't think it's too big a deal. It could be worse.


----------



## sieglinde (Aug 11, 2002)

I got the same letter a while ago and have not received any extra spam. This letter was from a different company, I don't remember who.


----------



## caddyroger (Mar 15, 2005)

tivert said:


> So how many more companies does this Epsilon co. serve... ? Tivo, HSN, Chase...omega, delta
> 
> April 2, 2011
> 
> ...


I guess U.S. bank also. I looked in my deleted folder and their was a email from U S Bank stating the same thing.


----------



## nycityuser (Dec 30, 2004)

Calm down everyone. It's just our e-mail addresses. It's not like that stuff isn't already out there in the ether.

I already have so much stuff going to my spam folders that any new mail will not even be noticed.

Folks are really canceling their TiVo service because of this? Really?! I got the same notice from US Bank but I'm not closing my accounts there. There is no such thing as privacy in this world anymore. We just have to get over it.


----------



## dkurlander (Feb 13, 2007)

I'm pretty pissed at Tivo about this. 

1) One of the motivations behind Tivo is to save its customers time. Great... now I'll have to spend extra time deleting spam.

2) Tivo has distinguished itself in the past as a company that has great user empathy and cares about its customers. This breach is the antithesis of that. And it's ridiculous that they notify us in a mass mailing, with no links or email addresses for responding with our concerns.

I really think that this is a bigger deal than Tivo is making it out to be (I *really* hate spam), and they need a better response than the one that they sent. They didn't even mention any specific measures that they will be taking to prevent this from happening again.


----------



## Chris Gerhard (Apr 27, 2002)

I got the letter and it appears my junk email has risen from 1,000 per day to 1,003 per day. About 95% are routed to trash by the filter and I manually delete the other 50 and have been doing this for years. I don't ever click on junk email, just check the box and hit the spam option. On a scale of minor annoyances from 1-100 with 100 being the worst minor annoyance, this doesn't even rate a 1 to me. It will cost me a minute or two this year and I expect over 99% of the junk email gatherers that obtained my email address from this breach already had it.

My estimate of wasted time this lifetime as a result of this, less than 2 minutes. I spent more time writing this post.


----------



## Chris Gerhard (Apr 27, 2002)

dkurlander said:


> I'm pretty pissed at Tivo about this.
> 
> 1) One of the motivations behind Tivo is to save its customers time. Great... now I'll have to spend extra time deleting spam.
> 
> ...


Wow, been registered over four years and this was the major occurence that caused your first post.


----------



## Resist (Dec 21, 2003)

I got this email 3 times. It pisses me off to no end that companies can't seem to keep my information private! Makes me question how safe my credit card information is with Tivo now.


----------



## orangeboy (Apr 19, 2004)

me_too said:


> Got the same email this morning, canceled my Tivo service this afternoon. Touche!
> 
> I love the line "We were advised"....yeah whatever! Protect your data yourselves TIVO!!!


----------



## Chicagobill (Apr 3, 2011)

The email allows access to the TIVO billing system including your Credit card info.

Who is the ISP?????


----------



## Chicagobill (Apr 3, 2011)

Just found out my billing data is still in their system - I canceled it in 2008 !!!!


----------



## chip_r (Apr 27, 2006)

Got mine. This will be interesting as I use disposable email addresses linked to my real email address. 

Tivo is no exception. I encode a unique identifier in my disposable email address so it can be traced back to the single place where I give it out. Kind of a pain because the address is ugly to type in but I've caught a couple of cases of compromised email. 

It was pretty obvious when this happened.

1) Sling Media

A couple of years ago I started receiving monthly spam from a Toyota dealership in the Bay Area. They were in the general area of Foster City, CA where Sling Media is located. The email address had the unique sling ID in it. I tried a number of times to contact Sling Media and they wouldn't respond. My theory is a ticked off IT guy left or just sold Sling's list as their privacy policy was pretty strict. Nothing official was ever mentioned by Sling.

2) A 'top 5' Orchestra

This was a domino effect. Their unique ID started with them and it soon branched out over many arts, music, museum, and travel-related spams from other sources. Not unexpected as orchestras are pretty tight on money and they were probably 'sharing with partners' but I felt like a revenue source, not a patron. I contacted them and they sheepishly admitted this is the case and were impressed with how I discovered this.

For both cases I deleted the disposable addresses and my spam problems went away.


I'll post any senders if my Tivo address ID becomes active with spam. I know folks are pretty unhappy about this but at least Tivo announced the compromise. Sling just kept on ignoring my emails showing the car dealership and their ID.


----------



## Gregor (Feb 18, 2002)

innocentfreak said:


> Yeah got like three of them to the same address.


I got two.


----------



## steve614 (May 1, 2006)

Chris Gerhard said:


> I got the letter and it appears my junk email has risen from 1,000 per day to 1,003 per day. About 95% are routed to trash by the filter and I manually delete the other 50 and have been doing this for years. I don't ever click on junk email, just check the box and hit the spam option. On a scale of minor annoyances from 1-100 with 100 being the worst minor annoyance, this doesn't even rate a 1 to me. It will cost me a minute or two this year and I expect over 99% of the junk email gatherers that obtained my email address from this breach already had it.
> 
> My estimate of wasted time this lifetime as a result of this, less than 2 minutes. I spent more time writing this post.


This.

Here is the spam I've gotten over the last 14 days.










I don't think this latest breach is really going to change all that much for me.


----------



## tomhorsley (Jul 22, 2010)

Resist said:


> I got this email 3 times. It pisses me off to no end that companies can't seem to keep my information private! Makes me question how safe my credit card information is with Tivo now.


A new reason to get a lifetime subscription - they don't need to keep your credit card info .


----------



## montivette (Sep 7, 2006)

Additional Details about breach:

http://news.cnet.com/8301-1009_3-20050068-83.html

_Epsilon, which manages e-mail communications for TiVo, JP Morgan Chase, Capital One Financial, the Kroger grocery chain, and other clients, said this week that it suffered a security breach that revealed data on some of its clients' customers.

Epsilon, which says it sends 40 billion e-mails annually, released a statement yesterday saying that on March 30 it detected an "unauthorized entry" into its system that exposed customer names and e-mail addresses. The company said "no other personal identifiable information associated with those names was at risk."

Bloomberg reported that an Epsilon representative would not say how many other clients might be affected, citing an ongoing investigation.

TiVo, meanwhile, issued a release that reiterated Epsilon's statements and added that "Epsilon does not have access to service information or credit card details and all such personally identifiable information remains secure."

Both Chase and Capital One posted notices about the breach on their Web sites, and both said financial data, and any other data apart from names and e-mail addresses, did not appear to be at risk.

And CNET received a reader-forwarded e-mail that appeared to be from the Kroger company (which operates the Ralphs supermarket chain, along with many other stores). The message mentions the breach and warns recipients that they might be receiving spam e-mail:

"Kroger wants to remind you not to open e-mails from senders you do not know," the e-mail says. "Also, Kroger would never ask you to e-mail personal information such as credit card numbers or social security numbers. If you receive such a request, it did not come from Kroger and should be deleted."

Both Chase and Capital One issued similar cautions in the statements on their sites._

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Here are other known affected companies

http://news.cnet.com/8301-1009_3-20050068-83.html

• TiVo
• Marriott Rewards
• Ritz-Carlton Rewards
• US Bank
• JPMorgan Chase
•Capital One
• Citi
• McKinsey & Company
• New York & Company
• Brookstone
• Kroger
• Walgreens


----------



## Ziggie (Jan 20, 2004)

Not sure if they think I'm extra special or what, but I got 4 copies of this email (all delivered to the same addy). 

I have to say, that while it isn't earth-shattering horrible, it still ticks me off. I hate spam and this is going to irk me. 

Not sure how many of you use Windows Mail, but you can go in and create a rule whereby the offending email sender (and/or their domain) is blocked. You can have the email deleted from the server before it ever reaches your inbox.


----------



## magnus (Nov 12, 2004)

You guys trip me out. The outrage about an email. If you only knew how many times per day you personal information is either leaked or sold to other companies then you probably would be outraged over something that is real and not this. 

At least TiVo is telling us about this and not trying to cover it up. 

I just wonder how many times per day this happens with other companies and they say nothing. 

Anyway, those of you that would cancel TiVo service because of this.... Good luck finding a company that does not have this issue at least once.


----------



## Chris Gerhard (Apr 27, 2002)

steve614 said:


> This.
> 
> Here is the spam I've gotten over the last 14 days.
> 
> ...


Does that chart include all email routed to trash by your spam filter?


----------



## ThreeSoFar (May 24, 2002)

dkurlander said:


> I'm pretty pissed at Tivo about this.
> 
> 1) One of the motivations behind Tivo is to save its customers time. Great... now I'll have to spend extra time deleting spam.
> 
> ...


Overreact much?


----------



## chip_r (Apr 27, 2006)

magnus said:


> At least TiVo is telling us about this and not trying to cover it up.
> 
> I just wonder how many times per day this happens with other companies and they say nothing.


:up:

See my earlier post re: Sling


----------



## ThreeSoFar (May 24, 2002)

magnus said:


> You guys trip me out. The outrage about an email. If you only knew how many times per day you personal information is either leaked or sold to other companies then you probably would be outraged over something that is real and not this.
> 
> At least TiVo is telling us about this and not trying to cover it up.
> 
> ...


This. Find something interesting/useful to worry about.


----------



## SullyND (Dec 30, 2004)

Got two emails from TiVo, one chase, and one Disney. I'm sure I'll get a few more, as I have accounts with several others that have been hit.

I wonder if Comcast uses them? I've had Comcast for less than a year, and NEVER use my email address with them, but have started getting spam on it in the last two days.


----------



## atmuscarella (Oct 11, 2005)

Well I got one (and only one) notice from TiVo. I don't think it will matter much I have been using the same email addresses for over a decade and I am on so many different spammer lists that I normally get at least 2 and sometimes 3 copies of each spam email. My Spam folder gets 100-200 messages a day so a few more will make no difference. 

Thanks,


----------



## Ziggie (Jan 20, 2004)

atmuscarella said:


> Well got one (and only one) notice from TiVo. I don't think it will matter much I have been using the same email addresses for over a decade and I am on so many different spammer lists that I normally get at least 2 and sometimes 3 copies of each spam email. My Spam folder gets 100-200 messages a day so a few more will make no difference.
> 
> Thanks,


See, I just couldn't handle that. It's great that 200 spam msgs a day don't bother you (I wish I had your patience!) but that would make me go insane (these days, it doesn't take much).


----------



## SullyND (Dec 30, 2004)

Before I set up filters in gmail to kill some of the frequent spam (blue pill, etc) my spam folder always had over 10,000 messages in it. (Now it's typically slightly less than 4,000). 

Got an email from Disney too. Unfortunately they had my two primary email addresses.


----------



## Steve_Martin (Jul 18, 2004)

We got one from TiVo and a pair from College Board. CB does all the SAT score reporting.


----------



## stevel (Aug 23, 2000)

The one I got from TiVo was for an address I used for the newsletter and nothing else. As I unsubscribed from that a while ago it might be easy to detect a spam increase. I doubt this will mean much to me. The spam filtering I use is very good.


----------



## mchief (Sep 10, 2005)

Got three - and am seriously considering shooting myself to avoid spam


----------



## Ziggie (Jan 20, 2004)

Just got the Disney one a few minutes ago.


----------



## Krandor (Jun 10, 2004)

Ziggie said:


> See, I just couldn't handle that. It's great that 200 spam msgs a day don't bother you (I wish I had your patience!) but that would make me go insane (these days, it doesn't take much).


If it was to the mail inbox I would agree, but the poster mentioned it was going to their spam box where they likely never see it.

I am in the same situation on number of spam messages, but gmail has a great spam filter and I never see them. I just see numbers on the spam box go up and once in a while I will scan real quick to see if anything legitimate got caught. Really no big deal.


----------



## steve614 (May 1, 2006)

Chris Gerhard said:


> Does that chart include all email routed to trash by your spam filter?


That chart displays spam sent to my address, but did not make it to my inbox.
Over that same period, I think I remember only deleting 3 or 4 that got through the filter.
I've only had 1 spam message get through since this incident.


----------



## dgh (Jul 24, 2000)

I opted out of TiVo emails ~5-6 years ago, so this was the first email I've received from TiVo in a long time. What a nice reminder that they still had my email details.


----------



## willmw (Apr 30, 2000)

I've not gotten one of these emails...from any company. I guess that's a good thing.


----------



## SullyND (Dec 30, 2004)

willmw said:


> I've not gotten one of these emails...from any company. I guess that's a good thing.


Two of mine were caught in my Spam filter.


----------



## TiVoStephen (Jun 27, 2000)

Folks,

TiVo has issued a press release regarding this issue:

http://pr.tivo.com/easyir/customrel...ersion=live&prid=740034&releasejsp=custom_150

The breach was with Epsilon, a partner we work with to send certain opt-in e-mails such as promotions.

Epsilon's breach affects many large companies, as previously noted in this thread. Some online coverage is here:

http://venturebeat.com/2011/04/02/epsilon-data-breach-results-in-a-huge-loss-of-customer-data/

We take issues like this seriously and apologize for the issue.

I do want to emphasize that to my knowledge we have NEVER given Epsilon ANY information other than first name and e-mail address. That means that your TiVo Service Number, street address, credit card information, etc. are NOT breached.

The biggest things to watch for as a result of this breach are increased spam and phishing attempts.

Please let me know if you have any questions.

Again, please accept our apologies for this issue.

Best,
Stephen


----------



## magnus (Nov 12, 2004)

Thanks Stephen, So far, I've not heard anything from the other companies. I'm glad to see that Tivo does take this seriously and is willing to send us a heads up to be on the look out for phishing attempts.


----------



## SullyND (Dec 30, 2004)

magnus said:


> Thanks Stephen, So far, I've not heard anything from the other companies. I'm glad to see that Tivo does take this seriously and is willing to send us a heads up to be on the look out for phishing attempts.


Yeah, kind of sucks TiVo was one of the first to acknowledge it and gets all the grief.

Seems crazy that there are still companies just getting around to sending out notices.


----------



## rainwater (Sep 21, 2004)

steve614 said:


> This.
> 
> Here is the spam I've gotten over the last 14 days.
> 
> ...


I wouldn't expect you would see a change this soon. The entities that collect these email addresses sell them to spammers. It is doubtful many of those transactions would of even occurred already. So the spammers would most likely not even have these addresses in their system yet.


----------



## LtKernelPanic (Sep 22, 2003)

Not exactly thrilled but it seems like all other PII is safe. Oh well a perk of running your own mail server is the ability to make new email addresses as needed.


----------



## Chris Gerhard (Apr 27, 2002)

i don't want junk more junk email either but this kind of junk email, the type I will never open isn't much of a problem for me. I hate eBay users that send crap like requesting I leave feedback or email with meaningless nonsense about nothing of significance that I must click on to read before I delete it. Some online retailers send me a lot of mail and only one out of 10 or 20 might be of interest to me, those are also a pain but there is no way to avoid that crap, which is worse than the crap I will get as a result of this issue. 

I can check the box, hit spam on 20 or 30 of these messages in a few seconds and it won't be long before all are routed directly to my junk folder. Most already are set up to go that way before I will even receive any.


----------



## Gregor (Feb 18, 2002)

Got two more emails regarding this from credit card companies.


----------



## magnus (Nov 12, 2004)

Gregor said:


> Got two more emails regarding this from credit card companies.


So far only TiVo for me even though there are several on the list that should have sent me something already.


----------



## unitron (Apr 28, 2006)

TiVoStephen said:


> ...


What I want to know is why the email doesn't read

"Today we were informed by our *former* email service provider..."


----------



## Resist (Dec 21, 2003)

tomhorsley said:


> A new reason to get a lifetime subscription - they don't need to keep your credit card info .


The problem with buying a lifetime is that they will still have you credit card info on file, from that purchase.


----------



## rifleman69 (Jan 6, 2005)

unitron said:


> What I want to know is why the email doesn't read
> 
> "Today we were informed by our *former* email service provider..."


That would require TiVo actually doing something. They'd rather celebrate some Blue Moon crap instead of fixing their box.


----------



## Weapon X (Nov 15, 2005)

Yep got it as well............totally sucks......:down:


----------



## steve614 (May 1, 2006)

unitron said:


> What I want to know is why the email doesn't read
> 
> "Today we were informed by our *former* email service provider..."


LOL.



Resist said:


> The problem with buying a lifetime is that they will still have you credit card info on file, from that purchase.


Some credit card issuers have a way for you to get a "one time use" number that you can use for online purchases.


----------



## montivette (Sep 7, 2006)

Ok well I got the e-mail now from Best Buy saying they were part of this too.

So for all those who plan to cancel TiVo service over this make sure to never buy anything from Best Buy.com as they have betrayed you as well.


----------



## lrhorer (Aug 31, 2003)

One of my favorite sayings: "Never attribute to malice that which may be adequately explained by stupidity".



orangeboy said:


>


----------



## restart88 (Mar 9, 2002)

innocentfreak said:


> Yeah got like three of them to the same address.


I got 1 to my main addy and about a dozen to an email addy Tivo shouldn't even have on file. 

I wasn't certain if the whole thing wasn't a scam.

I have also noticed a significant increase in SPAM since, which is likely just a coincidence. Since most of it usually winds up in the SPAM box I never really see it but on the down side I skim over it from time to time just in case an important email accidentally got put in there. It happens. I have to clean the thing out twice a day per acct to have any chance of looking through it.

I thought the Goberment was supposed to put a stop to SPAM-mail. Or at least thin it out some. I'm on every opt out list I could find but it doesn't seem to help.


----------



## restart88 (Mar 9, 2002)

montivette said:


> Ok well I got the e-mail now from Best Buy saying they were part of this too.
> 
> So for all those who plan to cancel TiVo service over this make sure to never buy anything from Best Buy.com as they have betrayed you as well.


People still shop at Best Buy? You deserve what you get. 

List time I bought anything from them was years before Circuit City died. Too many bad experiences with them. So if mail ever comes from them it's already SPAM as far as I'm concerned.


----------



## tomhorsley (Jul 22, 2010)

Just got mail from Chase about this, and at least the Chase email named Epsilon rather than just referring to some anonymous email service provider.


----------



## waynomo (Nov 9, 2002)

Received the same basic email from Disney Destinations yesterday. Email provider Epsilon . . .


----------



## jtlytle (May 17, 2005)

ORANGE COUNTY, Fla. -- Hackers have gained access to the email addresses of people who have signed up for Disney Destination after a massive security breach.

Disney officials said someone got into the system of its email service provider Epsilon. They say the hackers don't have access to personal information, but people could see some extra spam emails.

*TiVo and Walgreens issued similar warnings on Saturday.*

Complete article here


----------



## Joe01880 (Feb 8, 2009)

More spam, just what i wanted. Thanks!

Hey TiVo, to make up for it hury up and send me that 199 lifetime offer before my Tivo is to old to make use of it!

Edit: Just got the emails from BB and Chase too. Hury up and send the offer anyway ok.


----------



## rattlebone (Apr 16, 2010)

Yes I received the same email. It is cleary amateur hour at Tivo when it comes to security. Now all of our emails are compromised and sure to be abused by spam. 

I suspect other personal information was taken. More than just our first name. Why would it only be email address and first name? 

Any spam I get on my email will be forwarded to Tivo since they do not care about their customers privacy. 

I just wonder how much of our personal information was actually stolen.


----------



## ZeoTiVo (Jan 2, 2004)

Resist said:


> I got this email 3 times. It pisses me off to no end that companies can't seem to keep my information private! Makes me question how safe my credit card information is with Tivo now.


oopsie, do not look now but your agenda is showing


----------



## ZeoTiVo (Jan 2, 2004)

rattlebone said:


> Yes I received the same email. It is cleary amateur hour at Tivo when it comes to security. Now all of our emails are compromised and sure to be abused by spam.
> 
> I suspect other personal information was taken. More than just our first name. Why would it only be email address and first name?
> 
> ...


you know the internet has more than just pretty pictures on it. 

also remember to include Best Buy in your Spam Fest, along with about 100 other companies
Dear Valued Best Buy Customer,

On March 31, we were informed by Epsilon, a company we use to send emails to our customers, that files containing the email addresses of some Best Buy customers were accessed without authorization.

We have been assured by Epsilon that the only information that may have been obtained was your email address and that the accessed files did not include any other information. A rigorous assessment by Epsilon determined that no other information is at risk. We are actively investigating to confirm this.


----------



## PVR User (Nov 8, 2006)

Anger should be directed at Epsilon, not TiVo or Best Buy.

This is a good reason to opt-out of these marketing e-mails.


----------



## morac (Mar 14, 2003)

rattlebone said:


> I suspect other personal information was taken. More than just our first name. Why would it only be email address and first name?


Because that's all TiVo gave Epsilon. The only thing the Epsilon company does is handling email mailing lists, so they don't need any more info other than a name and email address.

On a side note, apparently I just won the the International lottery. I wonder if it's related to the email leak.


----------



## rifleman69 (Jan 6, 2005)

PVR User said:


> Anger should be directed at Epsilon, not TiVo or Best Buy.
> 
> This is a good reason to opt-out of these marketing e-mails.


They still have your email and first name on file even if you opt out.


----------



## unitron (Apr 28, 2006)

I got one from TiVo and one from Best Buy. 

Does that mean they'll cancel each other out?


----------



## TiVoStephen (Jun 27, 2000)

rattlebone said:


> I suspect other personal information was taken. More than just our first name. Why would it only be email address and first name?


Because that is the ONLY information that we sent to Epsilon, and Epsilon had the breach, not us.


----------



## morac (Mar 14, 2003)

Here's another article on the breach. Apparently Epsilon has 2500 clients.

http://arstechnica.com/security/new...nder-means-headaches-for-tivo-chase-users.ars


----------



## windracer (Jan 3, 2003)

Didn't get the TiVo e-mail, but got the one from Best Buy this morning. *sigh*


----------



## MichaelK (Jan 10, 2002)

TiVoStephen said:


> Folks,
> 
> TiVo has issued a press release regarding this issue:
> 
> ...


I'm not freaking out here like some- but i very seriously would like to ask-

Will Tivo sever your dealings with these people since they can't keep your data secure?

I think consumers (and in this case Tivo is the consumer of Epsilon's service) need to show the vendors we deal with that we expect our data to remain secure when we entrust them with it. Clearly Epsilon can't be trusted.


----------



## MichaelK (Jan 10, 2002)

unitron said:


> What I want to know is why the email doesn't read
> 
> "Today we were informed by our *former* email service provider..."


this


----------



## unitron (Apr 28, 2006)

MichaelK said:


> this


I recommend neither of us hold our breaths awaiting an answer.


----------



## ZeoTiVo (Jan 2, 2004)

MichaelK said:


> I'm not freaking out here like some- but i very seriously would like to ask-
> 
> Will Tivo sever your dealings with these people since they can't keep your data secure?
> 
> I think consumers (and in this case Tivo is the consumer of Epsilon's service) need to show the vendors we deal with that we expect our data to remain secure when we entrust them with it. Clearly Epsilon can't be trusted.


yes, it is so easy to just knee jerk and get some other email service on a dime.

2500 companies use this service -- even if only 40% of those companies did any due dilliigence it is likely that Epsilon does take security into account. Is this a one off occurrance, part of a pattern, something blindlingly obvious that was not secured?
What does the contract say about this, is it a breach of contract or not?

If anyone has all those answers then they can make an informed pronouncement on what companies should do about Epsilon, otherwise it is eithr knee jerk or freak out. Have fun with that.


----------



## Bierboy (Jun 12, 2004)

magnus said:


> I don't think it's too big a deal. It could be worse.


Exactly. And it's not TiVo's fault...


----------



## Chris Gerhard (Apr 27, 2002)

Here is the Best Buy letter if anybody finds it necessary to consider addition protection measures as it is a little more detailed in recommendations.



> Dear Valued Best Buy Customer,
> 
> On March 31, we were informed by Epsilon, a company we use to send emails to our customers, that files containing the email addresses of some Best Buy customers were accessed without authorization.
> 
> ...


So far, I have only received letters from TiVo and Best Buy but I understand the issue is widespread and many others have been compromised.


----------



## MichaelK (Jan 10, 2002)

ZeoTiVo said:


> yes, it is so easy to just knee jerk and get some other email service on a dime.
> 
> 2500 companies use this service -- even if only 40% of those companies did any due dilliigence it is likely that Epsilon does take security into account. Is this a one off occurrance, part of a pattern, something blindlingly obvious that was not secured?
> What does the contract say about this, is it a breach of contract or not?
> ...


like i said - no big deal to me- i get a few hundred spams a day already that postini/google takes care of- what's another 50 in the bin i nedver look at- laughing.

But seriously- this stuff is getting to be pretty common. How do you get vendors to take the proper precautions if you dont penalize them economically when they screw up?

Chase, Citi, and the other banks are pretty interesting case studies. Would they trust epsilon with their banking data? Dont thing so. So why do they trust my email and first name to epsilon? I realize that it's surely economically cheaper to pay someone who specializes in email to handle your email marketing. So it's basically a cost benefit decision that the banks decided our info wasn't important enough for them to spent the extra money to have a department to secure out data in house. in house. (tivo is smaller and a whole different thing so wouldn't compare them to that). But why should that be? Why should our other data be worth less to the banks?

I dont want to see epsilon ruined or anything- but i would like to see their bottom line take a visible hit as a result so that other companies see there is a real cost to not being secure.

all a dreamland I know. But if we dont say something then Tivo wont even consider it- right? Now at least they'll consider it for 5 minutes and maybe then honestly answer my question "sorry no, we have evaluated it and we wont be switching providers". It is what it is.

Bigger picture - email sucks. I realize the whole system needs to be thrown out to fix it and that's why it hasn't been done- but it's getting to be about time to throw it out and start over. I dont know why MS and Yahoo and google et all can't agree on a plan with domain keys or spf or whatever they all decide would actually secure things once and for all.


----------



## ZeoTiVo (Jan 2, 2004)

MichaelK said:


> all a dreamland I know. But if we dont say something then Tivo wont even consider it- right?


TiVo along with many other companies had to have their company name at the top of an email sent out by epsilon saying their was an email data breach. That likely is a hit to Epsilon bottom line in the form of time and money spent to get a root cause and fix that, along with the bad PR that might cost some new clients.

I imagine that quite a few managers have Epsilon discussions on their meeting agendas already.


----------



## morac (Mar 14, 2003)

Well I've gotten 4 of these emails now: one from Chase, one from Best Buy and two from TiVo.


----------



## Ziggie (Jan 20, 2004)

From Chase:

Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send e-mails, that an unauthorized person outside Epsilon accessed files that included e-mail addresses of some Chase customers. We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.

We apologize if this causes you any inconvenience. We want to remind you that Chase will never ask for your personal information or login credentials in an e-mail. As always, be cautious if you receive e-mails asking for your personal information and be on the lookout for unwanted spam. It is not Chase's practice to request personal information by e-mail.

As a reminder, we recommend that you:

Don't give your Chase OnlineSM User ID or password in e-mail. 
Don't respond to e-mails that require you to enter personal information directly into the e-mail. 
Don't respond to e-mails threatening to close your account if you do not take the immediate action of providing personal information. 
Don't reply to e-mails asking you to send personal information. 
Don't use your e-mail address as a login ID or password. 
The security of your information is a critical priority to us and we strive to handle it carefully at all times. Please visit our Security Center at chase.com and click on "Fraud Information" under the "How to Report Fraud." It provides additional information on exercising caution when reading e-mails that appear to be sent by us.

Sincerely,

Patricia O. Baker

Senior Vice President

Chase Executive Office


----------



## timckelley (Oct 15, 2002)

I have a separate email address I use for TiVo that I don't use anywhere else, so if that address gets spam, I'll just delete my email address and create another, and notify TiVo of my new address.


----------



## Dan203 (Apr 17, 2000)

Could be worse. A few years ago Country Wide had a breach that resulted in my entire file being stolen. They signed me up for 3 years of credit monitoring service to make up for it. Then like 2 months later I got a letter from my local insurance agent saying that their office was broken into and their backup disk drive, which contained all the customer information unencrypted, was one of the items stolen.

My point is that a bunch of companies, big and small, have access to all the data needed to take over my entire life and none of them do a very good job of protecting it. 

Dan


----------



## orangeboy (Apr 19, 2004)

For GMAIL users, this article may be of use: http://mail.google.com/support/bin/answer.py?answer=12096


----------



## Stuxnet (Feb 9, 2011)

orangeboy said:


> For GMAIL users, this article may be of use: http://mail.google.com/support/bin/answer.py?answer=12096


Yes, but it would have been nice have done that BEFORE they snagged my basic addy. I did change mine, but now that the cow is out of the barn it's really of little use...

FWIW there's more you can do with your Google email obsfucation... in addition to the "+" effect, you can scatter as many dots "." around as you like, as they are ignored so that [email protected] can receive mail addressed to [email protected]


----------



## Dan203 (Apr 17, 2000)

That is cool! I wonder if Hotmail does anything similar. I use them for my main address. (I have been using them since before they were even owned by MS)

Edit: Apparently there is. In fact Hotmail actually offers real aliases, so you can setup a completely separate email address and have it routed to your Hotmail account. :up:

Dan


----------



## jrm01 (Oct 17, 2003)

Epsilon could probably use some help from everyone here. The are looking for a new Sr. VP - Technology:

https://myhr.alliancedata.com/psp/careers/CAREERS/HRMS/c/HRS_HRAM.HRS_CE.GBL?siteid=4


----------



## orangeboy (Apr 19, 2004)

Ugh. I'm getting sites that don't accept a "+" in my email address.


----------



## jpergo263 (Mar 18, 2010)

I got the letter too. My email been getting a lot of spam. The email i beening getting is your dell computer is ready to be fedex please click on link. I was getting them 5 in 2 min. suck when you have a android phone and your busy.


----------



## bgc (Jan 13, 2008)

Are these emails saying the email address could have been taken or definitely was?

Also, if they know what company the email address was used to send emails for, the the danger isn't just getting more spam.


----------



## Stuxnet (Feb 9, 2011)

bgc said:


> Are these emails saying the email address could have been taken or definitely was?


YES


> Also, if they know what company the email address was used to send emails for, the the danger isn't just getting more spam.


You hit it. Imagine getting an email from TiVo. It could either be a phish or a malware link.


----------



## qz3fwd (Jul 6, 2007)

TiVoStephen said:


> Because that is the ONLY information that we sent to Epsilon, and Epsilon had the breach, not us.


Either you SOLD the info to Epsilon, or gave it to them to manage and pay them. Either way it is YOUR responsibility to ensure OUR information is kept secure.

Have you ever heard of a SOR-Statement Of Requirements.


----------



## Langree (Apr 29, 2004)

montivette said:


> Ok well I got the e-mail now from Best Buy saying they were part of this too.
> 
> So for all those who plan to cancel TiVo service over this make sure to never buy anything from Best Buy.com as they have betrayed you as well.


I got one from Chase today in regards to this. If this keeps up I will need to boycott everything I do.


----------



## Langree (Apr 29, 2004)

qz3fwd said:


> Either you SOLD the info to Epsilon, or gave it to them to manage and pay them. Either way it is YOUR responsibility to ensure OUR information is kept secure.
> 
> Have you ever heard of a SOR-Statement Of Requirements.


I assume you're holding every entity affected by EPSILON's breach to the same standard and communicating with all of them in the same way telling all of them their responsibility to ensure the info is secure.


----------



## ZeoTiVo (Jan 2, 2004)

Langree said:


> I assume you're holding every entity affected by EPSILON's breach to the same standard and communicating with all of them in the same way telling all of them their responsibility to ensure the info is secure.


or he is just pitching a rant because the big, mean company did a naughty no-no and an internet forum convenient to him


----------



## Langree (Apr 29, 2004)

ZeoTiVo said:


> or he is just pitching a rant because the big, mean company did a naughty no-no and an internet forum convenient to him


I want see if he sends out messages to the 2500 companies affected by the breach.


----------



## ZeoTiVo (Jan 2, 2004)

Langree said:


> I want see if he sends out messages to the 2500 companies affected by the breach.


Hope they all have convenient forums


----------



## Langree (Apr 29, 2004)

ZeoTiVo said:


> Hope they all have convenient forums


I'm sure they all have "contact us" links.


----------



## unitron (Apr 28, 2006)

ZeoTiVo said:


> or he is just pitching a rant because the big, mean company did a naughty no-no and an internet forum convenient to him


Does Tivo have an internet forum convenient to him? Because this isn't it.

Allow me to quote:

"This site is not a part of Tivo, Inc."


----------



## Ziggie (Jan 20, 2004)

Got a letter from Walgreen's today.

Dear Valued Customer,

On March 30th, we were informed by Epsilon, a company we use to send emails to our customers, that files containing the email addresses of some Walgreens customers were accessed without authorization.

We have been assured by Epsilon that the only information that was obtained was your email address. No other personally identifiable information was at risk because such data is not contained in Epsilon's email system.

For your security, we encourage you to be aware of common email scams that ask for personal or sensitive information. Walgreens will not send you emails asking for your credit card number, social security number or other personally identifiable information. If ever asked for this information, you can be confident it is not from Walgreens.

We regret this has taken place and any inconvenience this may have caused you. If you have any questions regarding this issue, please contact us at 1-855-814-0010. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.

Sincerely,

Walgreens Customer Service Team


----------



## unitron (Apr 28, 2006)

Over at slashdot there's a story waiting for promotion to "officialness" entitled

Epsilon info breach was your fault

http://slashdot.org/submission/1519286/Epsilon-info-breach-was-your-fault

which makes the point

" The amazing part of the story is the tone of the letters from banks. The letters from Chase and Citi, both say effectively: "your data was stolen, here's what you should do to protect your data." They then go into a litany of minor data hygiene practices, failing to point out they themselves did not vet their vendor's security practices. There is no claim of culpability for bad security policy nor any indication that they will try to do better in the future."


----------



## Ziggie (Jan 20, 2004)

I hate both Citi and Chase. So this news is no surprise to me. Just business as usual.


----------



## Ziggie (Jan 20, 2004)

Another one. This time from Target. Wonder what "law enforcement" is going to do?

To our valued guests,

Target's email service provider, Epsilon, recently informed us that their data system was exposed to unauthorized entry. As a result, your email address may have been accessed by an unauthorized party. Epsilon took immediate action to close the vulnerability and notified law enforcement.

While no personally identifiable information, such as names and credit card information, was involved, we felt it was important to let you know that your email may have been compromised. Target would never ask for personal or financial information through email.

Consider these tips to help protect your personal information online: 
Don't provide sensitive information through email. Regular email is not a secure method to transmit personal information. 
Don't provide sensitive information outside of a secure website. Legitimate companies will not attempt to collect personal information outside a secure website. If you are concerned, contact the organization represented in the email. 
Don't open emails from senders you don't know. 
We sincerely regret that this incident occurred. Target takes information protection very seriously and will continue to work to ensure that all appropriate measures are taken to protect personal information. Please contact [email protected] should you have any additional questions.

Sincerely,

Bonnie Gross
Vice President, Marketing and Guest Engagement


----------



## morac (Mar 14, 2003)

I just got an email from 1-800-Flowers about Epsilon, the thing is I've never used or even signed up with 1-800-Flowers and the email came to an email address I never use. The email appeared legitimate, but I have no idea how they got that email address. 

I also got an email from Hilton to my normal email address. 

I really hope I'm not going to get emails from 2500 companies.


----------



## Ziggie (Jan 20, 2004)

morac said:


> I just got an email from 1-800-Flowers about Epsilon, the thing is I've never used or even signed up with 1-800-Flowers and the email came to an email address I never use. The email appeared legitimate, but I have no idea how they got that email address.
> 
> I also got an email from Hilton to my normal email address.
> 
> I really hope I'm not going to get emails from 2500 companies.


That does sound odd.


----------



## orangeboy (Apr 19, 2004)

morac said:


> I really hope I'm not going to get emails from 2500 companies.


I'm really hoping I don't see 2500 posts about every company that was effected or sent a follow-up email.


----------



## ZeoTiVo (Jan 2, 2004)

unitron said:


> Over at slashdot there's a story waiting for promotion to "officialness" entitled
> 
> Epsilon info breach was your fault
> 
> ...


typical slashdot in my opinion. The point of the email was to let people know the email address was obtained by someone unknown and the "minor" data hygiene *speaks to the exact things* someone might try to do with just an email and first name. It was a business communication that was to the point and sent out quickly.

so the /. folks can be all l33t and scoff that anyone should know those minor thing but anyone in business knows you have to constantly be reminding folks of the things they should be doing, even if it is minor stuff to those that deal in subject matter all the time. It was a very to the point communication and the blame taking can come along later.


----------



## Ziggie (Jan 20, 2004)

orangeboy said:


> I'm really hoping I don't see 2500 posts about every company that was effected or sent a follow-up email.


On the contrary, I'm interested in seeing how some of the bigger companies word their letters. Some give more information, some less.


----------



## davezatz (Apr 18, 2002)

morac said:


> I really hope I'm not going to get emails from 2500 companies.


Yeah, the emails keep coming... I got a pair from Hilton and Marriott within like an hour of each other last night. (on top of all the others, including three from TiVo)


----------



## ZeoTiVo (Jan 2, 2004)

davezatz said:


> Yeah, the emails keep coming... I got a pair from Hilton and Marriott within like an hour of each other last night. (on top of all the others, including three from TiVo)


yeah TiVo said the least but said it the most


----------



## jrm01 (Oct 17, 2003)

I haven't gotten any spam this week, but now I have gotten 9 e-mails warning me about them:

TiVo (2)
Hilton
Marriott
CitiBank
Chase
BestBuy
Target
Walgreens


----------



## rifleman69 (Jan 6, 2005)

qz3fwd said:


> Either you SOLD the info to Epsilon, or gave it to them to manage and pay them. Either way it is YOUR responsibility to ensure OUR information is kept secure.
> 
> Have you ever heard of a SOR-Statement Of Requirements.


Amen, you're definitely not blameless in this one TiVo (as is every other company who uses Epsilon).


----------



## Dan203 (Apr 17, 2000)

I've gotten similar emails from Chase and BestBuy now. I also saw something on the NBC Nightly News last night about it. They had the TiVo logo as one of the 4 logos in the corner, but when they listed off about a dozen companies effected by it they didn't actually say TiVo.

Dan


----------



## morac (Mar 14, 2003)

I think the reason most news reports are mentioning TiVo is that TiVo was the first company to send out a notice. At least that's they are the first company I got an email from.

As far as I know, Epsilon has not made available the list of affected companies. They've only said that breach affects only 2% of their client base which would be 50 companies. See http://news.cnet.com/8301-31021_3-20050555-260.html


----------



## tomhorsley (Jul 22, 2010)

unitron said:


> The amazing part of the story is the tone of the letters from banks.


I remember once getting charged for a meal at a restaurant in West Palm Beach when I had never eaten food in West Palm in my life. Master Card finally took the charge off, but sent me a letter that basically said "OK, we removed the charge this time, but don't let us put any more erroneous charges on your card in the future".

But I did win a fight with the phone company once. They claimed I made a long distance call to Hawaii, which normally means you are doomed since their records cannot possibly be wrong (according to them), but in this case I was able to point out that the time the call was made was 10 days before they installed my phone. Even they had to admit that one was incorrect .


----------



## DancnDude (Feb 7, 2001)

Just got one of these messages from Charter.


----------



## jsmeeker (Apr 2, 2001)

Got messages from Marriott and Ritz-Carlton today.


----------



## Ziggie (Jan 20, 2004)

tomhorsley said:


> I remember once getting charged for a meal at a restaurant in West Palm Beach when I had never eaten food in West Palm in my life. Master Card finally took the charge off, but sent me a letter that basically said "OK, we removed the charge this time, but don't let us put any more erroneous charges on your card in the future".
> 
> But I did win a fight with the phone company once. They claimed I made a long distance call to Hawaii, which normally means you are doomed since their records cannot possibly be wrong (according to them), but in this case I was able to point out that the time the call was made was 10 days before they installed my phone. Even they had to admit that one was incorrect .


Let's address the real problem here.

What the heck is wrong with the food in WPB? And why haven't you ever eaten there?

(j/k  )


----------



## Stuxnet (Feb 9, 2011)

Apparently Verizon has yet to fess up...


----------



## Stuxnet (Feb 9, 2011)

morac said:


> I really hope I'm not going to get emails from 2500 companies.


No... just 2500 emails from an entrepreneur in Nigeria...


----------



## SteveD (Oct 22, 2002)

Stuxnet said:


> Apparently Verizon has yet to fess up...


Not true, I got one from Verizon today.


----------



## qz3fwd (Jul 6, 2007)

Langree said:


> I want see if he sends out messages to the 2500 companies affected by the breach.


Not 2500. 
Just 2 for me. 
Tivo and Disney. 
Shame on both of them.


----------



## Venomous Duck (Jul 8, 2008)

Boy are there some morons in this thread. First off, it is a mass mailing. EVERYONE registered with Tivo got the email. Just because you got the email doesn't necessarily mean your email was one that was compromised.

As far as why Tivo doesn't manage their own server, I imagine it has a lot to do with dealing with a million or two emails a day. Seems like you would need to be dedicated to doing just that all day every day. Seems like a really good idea to hire a company specializing in just that instead of creating one along side a company trying to develop and compete in a very competitive market like PVRs.

Also, its just email. Not there billing systems. Do you stop shopping at WalMart because you get a flier in your snail mail after giving them your zip code at the register? The company that handles the email handles only that. They don't have any account info.

The reason they still have your account info after canceling three years ago is because the IRS requires them to keep it. Its not because they are going to try and sneak a double billing in on you, or try and by a flat screen tv on your credit card, or sell your house out from under you. Get a clue people. And those blaming Tivo, really? Does that mean if your ISP gets compromised and every one you know starts getting more spam they can hold you accountable instead of the real responsible party?


----------



## lessd (Jan 23, 2005)

Venomous Duck said:


> Boy are there some morons in this thread. First off, it is a mass mailing. EVERYONE registered with Tivo got the email. Just because you got the email doesn't necessarily mean your email was one that was compromised.
> 
> As far as why Tivo doesn't manage their own server, I imagine it has a lot to do with dealing with a million or two emails a day. Seems like you would need to be dedicated to doing just that all day every day. Seems like a really good idea to hire a company specializing in just that instead of creating one along side a company trying to develop and compete in a very competitive market like PVRs.
> 
> ...


Yes Yes Yes, 2500 co use this service so TiVo is going to do a better job of picking out a E-Mail co than say Best Buy, stuff happens to the best of co, look at the plane that just had it's skin rip off.


----------



## MichaelK (Jan 10, 2002)

Venomous Duck said:


> ...
> 
> As far as why Tivo doesn't manage their own server, I imagine it has a lot to do with dealing with a million or two emails a day. Seems like you would need to be dedicated to doing just that all day every day. Seems like a really good idea to hire a company specializing in just that instead of creating one along side a company trying to develop and compete in a very competitive market like PVRs....


exactly- every last one of the company's decided it was just cheaper to outsource it since epsilon specializes in this.

But the point is, those same companies typically dont trust an outside party to handle their billing or other financial transactions.

So why is it that when it's their money the companies are very careful and do it in house but when it's out email and name they dont? Simple answer I'm sure everyone gets is they value their own money and they dont value out email addresses. I think my email deserves a little more in the value column, but we all have our own opinions I suppose.

I get the cost benefit is clear as day for smaller sized company's like tivo- it's probably really a major cost difference to try it in house. But for a giant bank, like citi or chase, they probably have more people in the "kiss the senior vp's rear" department then would be needed to effectively run email marketing in house.

Anyway- email still is a nightmare and needs to be redone to address spam. It's only going to get worse as time goes by inless the major players all can agree to some sort of architecture change to make email secure.


----------



## ZeoTiVo (Jan 2, 2004)

MichaelK said:


> But for a giant bank, like citi or chase, they probably have more people in the "kiss the senior vp's rear" department then would be needed to effectively run email marketing in house.


for large financial institutions having it outsourced keeps them much further out of the liability loop if they did some due diligence on the outsourced company. Your point stands for such companies.

TiVo would have been forced to it by bottom line considerations, but at lest they picked a recognized company... oh wait... oops


----------



## windracer (Jan 3, 2003)

Decent FAQ about the breach from Computerworld:

http://www.pcworld.com/article/224420/Epsilon_E_Mail_Breach_Quick_FAQs.html


----------



## Ziggie (Jan 20, 2004)

windracer said:


> Decent FAQ about the breach from Computerworld:
> 
> http://www.pcworld.com/article/224420/Epsilon_E_Mail_Breach_Quick_FAQs.html


Thank you!


----------



## TiVoStephen (Jun 27, 2000)

We have an FAQ up in our customer support section as well:

http://support.tivo.com/app/answers/detail/a_id/1998


----------



## Ziggie (Jan 20, 2004)

TiVoStephen said:


> We have an FAQ up in our customer support section as well:
> 
> http://support.tivo.com/app/answers/detail/a_id/1998


Just curious.. why does it say "formerly" under your name?


----------



## daveak (Mar 23, 2009)

My company email is hosted by a third party. Most companies do not host their own email, way to much bother. My personal email has always been hosted by a third party. As for trying to gauge the security with different companies that host email - How do you really go about examining that? If my company email was compromised, would it be my fault if I selected the vendor to host it and provide those services?

Either TiVo found out first or they were very proactive in letting us know (or Both). Thank you for being prompt. As for the breach being initially reported on April Fool's day - maybe this is just a bad joke gone to far.....


----------



## Langree (Apr 29, 2004)

qz3fwd said:


> Not 2500.
> Just 2 for me.
> Tivo and Disney.
> Shame on both of them.


Again, why?

Those 2 companies along with 2498 others trusted Epsilon to keep the data secure. Something happened at Epsilon, out of Tivo or any of the other companies control.

Now if Epsilon had a history of breeches before TiVo signed up with them, then, and only then might I see "shame on TiVo" warranted. But until now they haven't had this issue.

Now, should TiVo and the others drop Epsilon as a provider?

If Epsilon can figure out how the breech occurred and put into place procedures to stop it from happening again, no. But if their explanation is nebulous or shows it happened due to negligence, then yes.


----------



## SullyND (Dec 30, 2004)

Ziggie said:


> Just curious.. why does it say "formerly" under your name?


TiVoOpsMgr -> TiVoStephen


----------



## Ziggie (Jan 20, 2004)

SullyND said:


> TiVoOpsMgr -> TiVoStephen


But why does it say "formerly"? (just curious.. it's neither here nor there).

Is it because he was a mgr and now is a director?

Or do you mean it's just a name change?


----------



## TiVoStephen (Jun 27, 2000)

Just a name change.


----------



## Jeeters (Feb 25, 2003)

TiVoStephen said:


> We have an FAQ up in our customer support section as well:
> 
> http://support.tivo.com/app/answers/detail/a_id/1998


_*"Will the stolen information allow the attackers to break into my bank account?*

No. Only e-mail addresses and names were compromised, not login credentials."_

But, of course, for many banks and other online accounts, an e-mail address is half of the login credentials.


----------



## unitron (Apr 28, 2006)

I suspect that TiVoOpsMgr changed his username to TiVoStephen to:

a. Prevent any misconception that he was "officially" officially speaking for TiVo, Inc,

and,

b. Allow him to remain TiVoStephen regardless of any occupational change (upward, downward, sideways, or out, or a change in nomenclature made by Tivo, Inc.) in the future.

But that's just conjecture on my part, I have no official knowledge or insider information.


----------



## steve614 (May 1, 2006)

I think this is all too much ado over nothing. 
Granted, I don't do a lot of personal stuff online (I've only received the one e-mail from TiVo regarding this), and I have received ZERO spam messages in my inbox since this happened. 
I have received 9 spam messages that got filtered to my spam folder, but that's not out of the ordinary.
Even if I do get a flood of spam in my inbox, so what? I check them all off and mark them as spam. They then get moved to the spam folder and in some cases, the domain they came from gets blocked completely.


----------



## morac (Mar 14, 2003)

steve614 said:


> I think this is all too much ado over nothing.
> Granted, I don't do a lot of personal stuff online (I've only received the one e-mail from TiVo regarding this), and I have received ZERO spam messages in my inbox since this happened.
> I have received 9 spam messages that got filtered to my spam folder, but that's not out of the ordinary.
> Even if I do get a flood of spam in my inbox, so what? I check them all off and mark them as spam. They then get moved to the spam folder and in some cases, the domain they came from gets blocked completely.


It's not the spam messages as much as the phishing messages that I think have people worried. When you get an email from "TiVo" or your bank telling you you need to call a specific phone number and update your credit card info or social security number or whatever. That's the dangerous part. Thousands of people are hit by this type of fraud every day, and that's the generic "international lottery" type spam. Imagine how many more people will get hit now that's it more directionalized.


----------



## Ziggie (Jan 20, 2004)

TiVoStephen said:


> Just a name change.


Thanks Stephen  I appreciate the reply.



unitron said:


> I suspect that TiVoOpsMgr changed his username to TiVoStephen to:
> 
> a. Prevent any misconception that he was "officially" officially speaking for TiVo, Inc,
> 
> ...


LoL! Thanks ~ good sense of humor!


----------



## steve614 (May 1, 2006)

morac said:


> It's not the spam messages as much as the phishing messages that I think have people worried. When you get an email from "TiVo" or your bank telling you you need to call a specific phone number and update your credit card info or social security number or whatever. That's the dangerous part. Thousands of people are hit by this type of fraud every, and that's the generic "international lottery" type spam. Imagine how many more people will get hit now that's it more directionalized.


You have a point. This could a problem for those who are 'unaware' (e.g. seniors) or just plain clueless.
But I think most of the people posting here are just trying to 'stir the pot', IMO.


----------



## TiVoStephen (Jun 27, 2000)

unitron said:


> I suspect that TiVoOpsMgr changed his username to TiVoStephen to:
> 
> a. Prevent any misconception that he was "officially" officially speaking for TiVo, Inc,
> 
> ...


Actually, when I post in this forum, I am officially ("officially" officially) speaking for TiVo Inc. Not every TiVo employee can speak for TiVo, but a few of us are designated as approved to do so. I've posted here officially for more than 10 years.

If you followed the link that was posted earlier, I posted (over 4 years ago) that I was changing my username here due to a change in my role at TiVo. So it was b.


----------



## TiVoStephen (Jun 27, 2000)

Jeeters said:


> _*"Will the stolen information allow the attackers to break into my bank account?*
> 
> No. Only e-mail addresses and names were compromised, not login credentials."_
> 
> But, of course, for many banks and other online accounts, an e-mail address is half of the login credentials.


Please note that you're not quoting from *our* FAQ, those words don't appear at http://support.tivo.com/app/answers/detail/a_id/1998.

But your point is valid for us as well. Fortunately, half of the credentials are, by themselves, insufficient to log in.


----------



## magnus (Nov 12, 2004)

Here is one way to combat stolen email address, generic forms on internet that require emails, or companies selling your email address.

Yahoo Disposable Emails


----------



## unitron (Apr 28, 2006)

Slashdot user schliz has a story in the submission queue over there

http://slashdot.org/submission/1521916/Epsilon-breach-used-four-month-old-attack

that alerted me to this one--

Epsilon breach used four-month-old attack

ReturnPath had warned partners of breach in November.

http://www.itnews.com.au/News/253712,epsilon-breach-used-four-month-old-attack.aspx

Here's how it starts out

"A data breach exposing the customer details of the likes of Citigroup, Hilton Hotels and Dell Australia was part of a series of socially-engineered attacks first reported by an Epsilon technology partner some four months ago, iTnews can reveal."

There's more, and it's interesting if you're trying to figure who to hold responsible for what.

Short version, ReturnPath seems to have its "stuff" together, Epsilon, maybe not quite so much.


----------



## morac (Mar 14, 2003)

I got what looks to be my first phishing email related to this today from "Capital One" informing me that I need to update my records. The email looked authentic except, even displaying a link to capitalone.com, but hovering over the link reveals it's really a link to a 3rd party web site (which has already been taken down). I don't actually have a Capital One account, but did years ago.


----------



## Ziggie (Jan 20, 2004)

morac said:


> I got what looks to be my first phishing email related to this today from "Capital One" informing me that I need to update my records. The email looked authentic except, even displaying a link to capitalone.com, but hovering over the link reveals it's really a link to a 3rd party web site (which has already been taken down). I don't actually have a Capital One account, but did years ago.




I feel bad for the people who are going to get caught up in the deceit.


----------



## sieglinde (Aug 11, 2002)

They don't understand security. Having one door that you can lock is a good idea usually but their one door was not well-locked.


----------



## unitron (Apr 28, 2006)

sieglinde said:


> They don't understand security. Having one door that you can lock is a good idea usually but their one door was not well-locked.


Especially after ReturnPath told 'em "Hey, yall's door keeps gettin' left unlocked, or the lock's not workin' right or somethin'".


----------



## ZeoTiVo (Jan 2, 2004)

Jeeters said:


> _*"Will the stolen information allow the attackers to break into my bank account?*
> 
> No. Only e-mail addresses and names were compromised, not login credentials."_
> 
> But, of course, for many banks and other online accounts, an e-mail address is half of the login credentials.


Not at my bank,  it is not even used for any credential save for contacting me if needed.

Any bank that uses email as a logon is indeed asking for trouble


----------



## Ziggie (Jan 20, 2004)

Over the past 24 hours I started receiving about a dozen spam emails. I'm convinced they're due to the breach because they're going into an account that was private and only used for Tivo and Disney


----------



## MichaelK (Jan 10, 2002)

steve614 said:


> You have a point. This could a problem for those who are 'unaware' (e.g. seniors) or just plain clueless.
> But I think most of the people posting here are just trying to 'stir the pot', IMO.


Exactly what concerns me- my step-father is elderly and totally un-web-savvy so he's CONSTANTLY getting viruses even with current AV protection. For years my sister and i have tried to figure out what he does. Finally this past time he explained to me that he "doesn't just click any link or popup but if it has the correct logo he knows it's good so he clicks it". I almost fell out of my chair- he had no understanding that anyone could whip one up until I explained it that to him.

Luckily now i explained things to him now- but if we didn't happen to have that conversation a few weeks agao and he got the email from 'capital one' or 'citibank' he easily could have been fooled.


----------



## MichaelK (Jan 10, 2002)

ZeoTiVo said:


> Not at my bank,  it is not even used for any credential save for contacting me if needed.
> 
> Any bank that uses email as a logon is indeed asking for trouble


Commerce bank- some years back and before TD bank bought them out- was so egregious that their login names were your social security name and your password was your 4-digit ATM card pin. Lovely.

I wish it was a law or something that you need to have 2 factor security for any banking and maybe even any online commerce.


----------



## MichaelK (Jan 10, 2002)

daveak said:


> My company email is hosted by a third party. Most companies do not host their own email, way to much bother. My personal email has always been hosted by a third party. As for trying to gauge the security with different companies that host email - How do you really go about examining that? If my company email was compromised, would it be my fault if I selected the vendor to host it and provide those services?
> 
> Either TiVo found out first or they were very proactive in letting us know (or Both). Thank you for being prompt. As for the breach being initially reported on April Fool's day - maybe this is just a bad joke gone to far.....


this was not some email hosting company- it is a marketing firm that people outsource.

Probably 90+% of the companies affected run their own email. You think chase and citibank are outsourcing that? NOT. They outsourced their email marketing to either A) save a buck or B) avoid liability for things such as this. Understandable possibly from a small or medium sized company. In my mind immoral for citibank and chase to do- basically they just dont value OUR email information as much as they do their own email or other items that can effect their finances.


----------



## tomhorsley (Jul 22, 2010)

MichaelK said:


> I wish it was a law or something that you need to have 2 factor security for any banking and maybe even any online commerce.


Now it is. That's why all the money sites you visit for the first time in a long while are asking you to update security questions, select login images, etc, etc.

That's also why going green and getting electronic forms is such a hassle. It takes 10 times longer to login to the bank's or broker's web site to fetch your PDF file than it does to slit an envelope. I wish edelivery options included sending me an encrypted PDF in email and letting me setup the encryption key and encryption method on their web site.


----------



## MichaelK (Jan 10, 2002)

tomhorsley said:


> Now it is. That's why all the money sites you visit for the first time in a long while are asking you to update security questions, select login images, etc, etc.
> 
> That's also why going green and getting electronic forms is such a hassle. It takes 10 times longer to login to the bank's or broker's web site to fetch your PDF file than it does to slit an envelope. I wish edelivery options included sending me an encrypted PDF in email and letting me setup the encryption key and encryption method on their web site.


That's a positive. Who does it apply to? 
One bank i use seems to ask one of those questions each time. 
Others force me to enter a code they text or call me with on each news computer (presumably they store a cookie then?) THAT seems about right to me.
But others I don't recall anything (like the broker that has my Ira's).

I think your idea about statements is a great one.


----------



## restart88 (Mar 9, 2002)

Yea but if you clear your cookies fairly often there you go again.


----------



## Ziggie (Jan 20, 2004)

Getting back to the tivo email thing...

has anyone else noticed an increase in spam?


----------



## steve614 (May 1, 2006)

Ziggie said:


> Getting back to the tivo email thing...
> 
> has anyone else noticed an increase in spam?


Not me. No phishing attempts here either.


----------



## unitron (Apr 28, 2006)

Ziggie said:


> Getting back to the tivo email thing...
> 
> has anyone else noticed an increase in spam?


Apparently, in addition to my name and email address, Epsilon also managed to pass along that I don't have enough money to make it worthwhile to try to scam me.


----------



## steve614 (May 1, 2006)

I jinxed myself earlier. This one got through today...



spammer said:


> My name is Peter Sands I have a Business Proposal of $35,500,000.00 for you to handle with me from my bank. please reply For More Details via my private mail ([email protected])
> 
> LEGAL DISCLAIMER
> The information transmitted is intended solely for the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this email in error please contact the sender and delete the material from any computer.
> ...


----------



## 1gr8ftoy (Apr 2, 2011)

I got it 4 or 5 times, Best Buy, Sears, credit card companies, they all seem to use the same email service and that is who got hacked. I promise your email was already known to spammers...check your junk mail box to confirm it


----------



## rifleman69 (Jan 6, 2005)

Nothing has gotten through my gmail, but I do notice a higher amount of spam in the spam folder as a whole.


----------



## Ziggie (Jan 20, 2004)

unitron said:


> Apparently, in addition to my name and email address, Epsilon also managed to pass along that I don't have enough money to make it worthwhile to try to scam me.


LoL! That made me laugh


----------



## jrm01 (Oct 17, 2003)

Well, I got my first new spam with a jpg attachment which I didn't open. Anyone else get this:



> Hi! I am glad to write to you!
> And I hope, you will be glad to see my letter. My name is Danute. I live in Russia. You are surprised? Yes. I understand. We far apart. But I think, the distance not смоет to prevent our friendship. Yes. Now I want will get acquainted with you. And I want to be your friend. I never had friends on the Internet. You will be my first friend? This my photo. I can write the detailed information on me in my next letter. I hope to see your answer soon.
> I will wait your answer. Danute!


----------



## Ziggie (Jan 20, 2004)

jrm01 said:


> Well, I got my first new spam with a jpg attachment which I didn't open. Anyone else get this:


Didn't get that one but have been getting dozens of others


----------



## lessd (Jan 23, 2005)

jrm01 said:


> Well, I got my first new spam with a jpg attachment which I didn't open. Anyone else get this:


The new TiVo survey was put into my spam box, was somewhat suspicious but started anyways, looked OK and I liked the questions asked, they also did not ask for my bank numbers or SS number so i think it was from TiVo itself.


----------



## unitron (Apr 28, 2006)

lessd said:


> The new TiVo survey was put into my spam box, was somewhat suspicious but started anyways, looked OK and I liked the questions asked, they also did not ask for my bank numbers or SS number so i think it was from TiVo itself.


What kind of questions did they ask?


----------



## jrm01 (Oct 17, 2003)

Normal survey stuff. What do you want more, 4-tuners or video streaming, etc.

More info on it here:

http://www.tivocommunity.com/tivo-vb/showthread.php?t=463241


----------



## tomhorsley (Jul 22, 2010)

jrm01 said:


> Normal survey stuff. What do you want more, 4-tuners or video streaming, etc.
> 
> More info on it here:
> 
> http://www.tivocommunity.com/tivo-vb/showthread.php?t=463241


Did they ask a single question about the priority of bug fixes and performance improvements?


----------



## Ziggie (Jan 20, 2004)

tomhorsley said:


> Did they ask a single question about the priority of bug fixes and performance improvements?


No, not that I remember. We had to prioritize what enhancements we were most interested in.


----------



## jrm01 (Oct 17, 2003)

But they did provide for a comment area at the end of the survey where I did suggest a little better action on the bug fixes and better quality control.


----------



## Ziggie (Jan 20, 2004)

jrm01 said:


> But they did provide for a comment area at the end of the survey where I did suggest a little better action on the bug fixes and better quality control.


That's the area I use to tell them how disappointed I am in my Tivo Premiere.


----------



## PVR User (Nov 8, 2006)

My ISP (Earthlink) lets me build filters on their e-mail server. Each week, they send me a summary of deleted spam. I built my rules several years ago and am no longer keeping them up to date. This is after their rules have already cleaned up my inbox. Usually, they don't catch a single piece of spam. Last week one piece of spam was deleted by my filters. Today I received a new weekly spam summary and it listed 548 pieces of spam they had deleted. From 1 to 548 is a single week! Now, that's an increase!!!


----------



## jrm01 (Oct 17, 2003)

Wow, the e-mail breach even generated spam to this forum. How much would you be interested in an online newspaper that sends something like this with poor grammer, syntax, punctuation and mis-use of capitalization?

p.s. - the post was reported


----------



## Ziggie (Jan 20, 2004)

I reported the post shortly after he/she made it. Glad to see you did the same.

Regarding the original topic, spam has increased for me. I thought I was long done with penis enlargement offers.


----------



## SullyND (Dec 30, 2004)

I've not received a single piece of spam at two of my "disposable" addresses which were compromised (1 TiVo, 1 Chase)


----------



## Ziggie (Jan 20, 2004)

Well, you're lucky. I'm receiving spam every other day. And it's going into accounts that haven't had spam since their creation. I'm pretty sure it's related to the breach.


----------

