Spam sparks Umart investigation

Spam sparks Umart investigation

Summary: Spammers appear to have compromised online computer parts retailer Umart, sending emails to its customer base and prompting the company to start an investigation.

SHARE:
TOPICS: Security, Privacy
2

update Spammers appear to have compromised online computer parts retailer Umart, sending emails to its customer base and prompting the company to start an investigation.

Umart's store in Milton, Qld.
(Umart Milton image by j3thr0, CC BY-SA 2.0)

A number of users on web forum Whirlpool have reported receiving spam on email addresses that they created solely to register with the retailer. To limit spam to their main email account and track down which companies have shared their information, users who have their own domain can create emails in the form of anyusername@yourdomain.com, and have their mail forwarded, similar to having a PO Box to protect a home address.

The spam says that they're receiving the email because they subscribed to a mailing list on "one of the job portals". It offers a job that requires "no specific education or work experience".

Umart told ZDNet Australia that it was aware of the issue and had received several instances of the email from its customer base. It is currently conducting an investigation, although it considers its data to be protected.

"Our data is quite secure, but we'll see where these email [go]," Umart group manager Peter Zhong said.

However, Zhong didn't rule out the possibility of the information being stolen from within the company, stating that staff could have stolen email addresses a long time ago, and only now released them.

Zhong said that he had passed the spam emails to others that were more experienced than he was to determine how the spammers had found Umart's customers' email addresses, but he has not engaged a professional firm.

He confirmed that the company did have a mailing list with customer addresses on it, but said that it hadn't been used for a very long time, and that the company has since "deleted the mailing list program".

Subsequent to this article being published, a ZDNet Australia reader, who wished only to be identified by his first name, has discovered that he could access Umart's own network over an unsecured wireless network. Danny connected to the open network via his iPhone, and was able to see several machines on Umart's network, including what appeared to be one of the stock ordering computers for the company.


(Screenshot by Danny)

Zhong confirmed that the network was indeed Umart's, and that the devices in Danny's screenshot were computers and printers used to key in customer's orders, print orders and process orders in its warehouse. He said that from time to time, Umart's warranty department tests customers' wireless devices on their own network without using a password. He has since asked the department to set passwords for all wireless devices before they can be connected to the company's network.

Updated at 5.11pm, 2 November 2011: added information about Umart's wireless network.

Topics: Security, Privacy

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • The wifi was open so ppl could log onto the website to place an order.

    Umart used to have email issues back in the day when they were sending out over 1000 order confirmations/pickup requests in a day. Hosting thought they were the spam and shut them down.

    Looks like some staff have setup file sharing on those computers. The database is where all the informaition is. Nothing is kept on the other computers.

    What they should of been worried about is ppl that could change pricing and stock levels remotely.
    kysersoze
  • Pricing and stock levels can't be changed remotely.
    Boboooo