WRAL Tech Wire

E-mail services provider iContact investigating a hack attack

iContact

On The Web

• iContact
• iContact's blogs about the incident
• Local Tech Wire at Twitter - sign up today for latest news alerts

Site Search

Note: The Skinny blog is written by Rick Smith, editor and co-founder of Local Tech Wire and business editor of WRAL.com.

DURHAM, N.C. – Some users of e-mailing services provider iContact say their accounts have been hacked and personal information exposed as a result, and the company says it is investigating.

“As noted in our blogs posts, iContact may have been the target of illegal attempts to access information from our database,” iContact’s marketing executive Chuck Hester told Local Tech Wire and WRAL.com. (LTW uses iContact for some of its services.)

“We are actively investigating the allegations, but we do not have any additional information to share at this time,” he added.

In a blog post on Monday, iContact said it had asked the FBI for assistance in its investigation into what happened.

”Data security is a high priority at iContact,” Hester told LTW in an e-mail responding a number of questions about what happened. “We remain committed to maintaining security measures to protect customer information from illegal access.

According to reports on the Web and acknowledged by iContact in two blog posts, the incident occurred last week.

In the blog, iContact addressed concerns about what data was involved.

“Based on the information we have, the subscriber email address is the only data affected,” the company said.

“Based on the results of our investigation to date, we have no information to indicate any other data has been affected, including:

• Credit card data
• Customer names
• Affiliate names”

Customer complaints triggered iContact’s probe. The company said that a “small number of customers (approximately 30-40)” had contacted the company saying that they “believed their subscribers were receiving more spam that usual, particularly pharmaceutical spam.

“These customers believed there was a correlation between the increase in spam and their listing of the subscriber names in their iContact lists as some of their subscribers used unique identifiers to subscribe to their mailing list,” iContact added.

After launching an investigation, iContact said it took “immediate steps to increase security.”

As outlined in the blog, iContact is considering “moving our network operations to our third party partner that we currently utilize for hosting and bandwidth.”

Other steps include:

1. "Adding additional monitoring and access controls.
2. "Reviewing all internal access.
3. "Verifying the integrity of our existing systems from outside attacks.
4. "Expanding VPN [virtual private networks] requirements.
5. "Evaluating additional logging capabilities.
6. "Auditing our web, intrusion, and security systems."

As the recent hacking conflict between Google and China about hacking clearly demonstrates, online and e-mail security are global issues.

Get the latest news alerts: Follow LTW at Twitter.

The Skinny

WRAL Local Tech Wire Publisher and Editor Rick Smith dishes out tidbits from the local technology sector. Read more articles…