EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 22 Mar 2018, 10:28 AM   #1
ao1
Essential Contributor
 
Join Date: Oct 2003
Posts: 309
Fastmail hacked?

Background:
I have 2 legacy fastmail accounts (let's call them me@fastmail.fm and wife@fastmail.fm).
I also have my own domain (mydomain.tld) that uses fastmail's DNS services.
I set an alias on my account that forwards wife@mydomain.tld to wife@fastmail.fm
and an alias on wife's account that forwards wife@eml.cc to wife@fastmail.fm

About a week ago somebody opened an ebay.co.uk account with the wife@mydomain.tld email address. Ebay support restricted it once I proved to be the owner of the email address, but claimed that creating the account required the information in the confirmation email.

There were also emails from a UK broadband provider and a UK magazine subscription site, both on that same day.

I immediately changed all the passwords on both our accounts.

I also checked the login log on both accounts, and the only IPs that accessed it were my home, my workplace and my wife's iPhone.

Today my wife saw an email from Microsoft sent to wife@eml.cc requesting to confirm the creation of a "live" account, and another email saying that the email address was changed from wife@eml.cc to tel@f-m.fm -- another fastmail address (actual, not mine)

I do not know how to explain this. Maybe fastmail had a breach or was hacked.

I opened a ticket with FM, but I am interested to know if anyone else had similar experiences or has an idea.

Thanks,
Alex.
ao1 is offline   Reply With Quote

Old 24 Mar 2018, 11:57 AM   #2
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,416
Arrow Could be a mistake or attack - it's hard to tell

I have seen no problems with my three Fastmail accounts or personal domain tied to one Fastmail account. I have several thoughts about your unfortunate situation:
  • Discussions with Fastmail staff are important if you believe that someone is actively attacking your account in various manners.
  • But I didn't see anything in your post which indicated that the attacker actually used any information in your account. Yes, eBay requires you to use information in their email to you to set up an account, but you didn't say that the attacker had actually supplied that information to eBay. Their comments to you might not have been clear about that detail.
  • One thing to be very careful about is an attacker using social engineering to fool you. For example, the attacker might spoof eBay or Microsoft or the magazine. So you might be fooled into thinking someone was trying to create a Microsoft account, but actually the attacker just wants you to click a link or do something else they put into the fake email which appears to be from Microsoft.
  • Anyone can put any address into a signup form at a website. If all you see are actual confirmation messages, it might be due to a bad person or an accident by someone.
  • For example, I live in Texas and have my own personal domain which involves my last name, which happens to originally be from the British Isles (several hundred years ago). On several occasions I have received emails to usernames at my personal domain which I don't use but don't block. In most cases this was due to a mistake by an individual who thought their British friend had an address of user @ lastname.org, while it was actually user @lastname.com (or some other TLD). So they accidentally sent me private emails, sometimes with personal information.
  • The worst case was a university in the British Isles who had an incorrect email address for a new student. I received confidential emails from the university with personal information, such as details for creating a healthcare account and orientation meetings the new student should attend. I responded to the official at the university with no response. I then sent emails to various offices at the university and even their IT department and they would never respond. So finally I blocked that specific alias at my domain, which I wasn't using anyway.
  • For some of these situations, I think that someone obtained an email address at a domain with my last name at a different TLD (.org rather than .com, for example) but then they forgot the TLD and entered my domain name when they went online to sign up for various sites.
  • But you need to be very careful and look at the full headers and reputation indicators (DKIM, SPF, and DMARC authentication) to be sure that the message is truly from the From address, and that the From address is what would be expected for that specific type of message. What drives me crazy is companies who send you messages using a third-party bulk service. So the From address might be at a known domain where you have an account, but that's just a spoofed address and the servers sending the message are not associated with that known domain for authentication purposes.
Bill
n5bb is offline   Reply With Quote
Old 25 Mar 2018, 06:37 AM   #3
TenFour
Essential Contributor
 
Join Date: Feb 2017
Posts: 367
Nothing much to add other than the obvious note that there is a problem when using top-level domain names (TLDs) other than .com, .net. or .org can lead to this type of issue where some organization inadvertantly (or even the person who owns the address) uses the domain name with .com without thinking. Not sure if that is part of the problem or not. My guess is some sort of phishing attempt going on.
TenFour is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 05:16 PM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy