Tuesday, 12 August 2014
Gourmet Society data leak
So when I signed up for a Gourmet Society discount card (which is pretty good for Café Rouge in Wokingham) I used a specific email address. I even managed to mistype it, using gormetcard@... instead of gourmetcard@...
The idea is simple - if the email address leaks either by being sold for marketing, or by some sort of data leak, the source of the leak is obvious.
In this instance the leak is quite serious. I received a phishing email to the gormetcard email address claiming to be from paypal asking for my card details, but using an x.co redirect which goes via https on localcampervan.com (which have presumably been compromised themselves) which goes to http on paypal-customerfeedback.com.cgi.bin.webscr.cmd.login.submit.c6xp6cfh52b52myc6xp6cfh52b52myc6xp80r.newdaywellbeing.com which is an impressive hostname designed to confuse people.
Sadly the Gourmet Society have not replied to my email on this. Very disappointing. Time for an ICO report I feel.
Update: The Gourmet Society have finally replied - they are looking in to it.