We’ve been hearing about Epsilon’s security breach for several days now. Some thought it was an April Fool’s joke due to how vague the initial press release release was, but obviously it was no joke at all.
Epsilon has since updated their press release to indicate that this breach affects only 2% of total clients, but what exactly does that mean?
Well, customers of a long and growing list of companies serviced by Epsilon may have had their private information exposed, namely email addresses and names.
This will undoubtedly lead to a slew of emails that APPEAR to be from the companies, addressed to you, explaining you need to update your privacy settings or that your account has been locked due to unauthorized access and that you should login and reset your account.
I personally have received two myself in the last 24hrs from one company on this list from Mashable and also from Best Buy.
The emails contained warnings that my data was at risk, and that I should login immediately and reset my password. One even included a great link to help me out… Which did NOT route to the official site, it instead routed to a domain that didn’t even resemble the official company site.
Yes, your data may have been exposed, and as of now, it appears that only your email address, first and last name, and possibly some other identifying information like a city or state of residence could have been harvested. Certainly no passwords to official sites of companies as Epsilon’s primary purpose is to provide email marketing services, not handle logins to sites.
The biggest threat comes from emails addressed to you that are too attractive for you NOT to click on the links… Phishing or “Spearphishing” attempts will surely increase in the days to come.
Avoid being scammed into following links through, type in the addresses manually, and use some common sense. A bank is not going to ask you for personal information in email for instance.
If you have a question about an email being legitimate I’m sure it is for good reason.