Newegg Hacked?
UPDATE 2 9/4/08:
Got a copy and pasted brush-off letter from the Newegg support person. My reply went to the sender as well as to a couple of other Newegg email addresses I have stashed. Brush-off reproduced in full:
Dear Customer,
Thank you for contacting Newegg.
We are aware that there is always some room for improvement, which is why we value your thoughts. Rest assured that your feedback will receive the attention it deserves and Newegg will continue striving to offer high quality products at low, affordable prices and only the finest in customer service. Please allow us more time to process your issue. Our related department will write back to you directly for this issue once they finish processing it.
If you have any further questions or concerns, please visit our FAQs page. If you still need assistance, please feel free to email me directly and I will be happy to assist you.
Thank you,
Ruby Luo
UPDATE 9/4/08:
Finally got a reply of sorts from Newegg. Not sure how to parse the key portions, as the English is broken in exactly the wrong part:
Reference number: {redacted} Please use this ticket number in any correspondence with Newegg.com.
Subject: Newegg.com - >(Mail #{redacted})*
Dear Customer,
Thank you for contacting Newegg.
We apologize for any inconvenience this may have caused you. Due to the large volume of the emails. We should have not processed your email yet. We will not release the contact information to any other party. Please forward the entire email to us and we will do further investigation for it.
Thank you for your patience and understanding. If you have any further questions or concerns, please feel free to let us know.
Sincerely,
(Newegg Tech's Name)
UPDATE 9/2/08:
Still no reply from NewEgg, but hits on other fora suggest that I'm far from being the only person thus mistreated. So I used their customer contact link to inform them of such:
I emailed "abuse@newegg.com" over 24 hours ago, and didn't receive so much as a bot reply. Since nobody monitors that email address, I decided it was time to contact you here.
Your webform does not contain sufficient space for me to post specific details of my complaint. Fortunately, I posted a blog entry on the subject, which contains all the details you'll need. The short version is that some dickwad in your organization sold the email address I ONLY use for NewEgg purchases to a spammer calling himself "*******.com" Anyhow, here's the URL:
http://www.taupehat.com/index.php/tech/2008/09/01/newegg_hackedPut it on Digg, of course:
http://digg.com/security/Newegg_HackedAnd apparently I'm not at all the only one who one of your employees whored out to a spammer:
http://tinyurl.com/newegg-hackedIn short, you guys have a problem. Ignoring it, or blaming the messenger, will only make it much, much worse. I expect a reply tomorrow.
The following is an email I am sending to the newegg abuse team. Will report how they reply if/when it happens. For the record, I really like newegg.com, and it sucks that this has happened to them. However, I've found that posts like this one seem to work better at getting an actual human to reply. Some abuse desks are pretty bad about doing their job.
Oh, and I'm also munging the spamvertized domain to avoid giving the pricks any free advertising. Assholes. Needless to say, I never authorized Newegg to give my email address out to anybody, and have never done business with the spammer, nor will I.
Dear abuse team,
The following email was sent to an address which I have ONLY ever used to do business with newegg.com. As the sole user of taupehat.com, I wildcard the address and use that method to see who spams me.
In this instance, I'm pretty sure newegg.com had no direct involvement in the spam run, but I am positive that your company had indirect involvement, as the spam run was targeted at tech users, and used my newegg-only email address as its target.
IN OTHER WORDS, YOU HAVE A LEAK. SOMEONE SOLD MY ADDRESS (AND WHO KNOWS HOW MANY OTHERS) TO A SPAMMER.
