Yesterday I received a spam email. Not unusual, but note the destination email address:
Subject: Zoe OConnell
Date: Wed, 22 Jun 2011 10:58:33 -0400
From: Lorraine Ackerson @lt;firstname.lastname@example.org>
Don’t miss exciting business chance.
Reputable agency is looking for energetic worker in United Kingdom to help us expand our activity in the UK sector.
– 18+ United Kingdom resident
– Only operational knowledge of Internet & computer.
– Free access to personal e-mail box
– 2-3 free hours per day
– Fast replies on our written tasks
– Excellent organizational skills.
You can without problem combine our work with your primary work.
Great income potential. Free study possible.
Applicants must be honest and commerce motivated. Operate only few hours per day.
Everyone located in the United Kingdom can be our representative.
Our manager will e-mail you within few hours if you attracted.
Top News: taylor honored for boosting antelope island.
Note that it’s zoe-travelodge@… (You can guess what the full email is but I don’t want to make life too easy for spammers to harvest addresses) My mail system ignores anything after the dash and just puts it all in my mailbox, so that I can filter mail by source more easily and also spot who has been selling email addresses.
The spammers also knew my full name. And I’m not the only one in this position as several other users on twitter have complained of the same thing. I’ve just emailed the Chief Executive of Travelodge, Guy Parsons, (Hat tip to @benjymous for finding his details) to ask exactly what was stolen:
Yesterday, I received spam email to an email address that has only ever been used to register on the Travelodge site. This was clearly not just someone making up random addresses as the email was specifically to zoe-travelodge@****.co.uk and the spammer knew my full name. I am not the only one to have experienced this as since last night at least half a dozen other people who also use unique addresses for registering on web sites have complained about exactly the same situation on Twitter.
It would appear likely, unless Travelodge are in the habit of selling on personal details to unsavoury third parties, that your site has been compromised. I would be grateful if you could confirm that this is the case and also what other details were stolen so that those affected can take appropriate action – was this just names and email addresses or were payment details and postal addresses compromised too?
I shall let people know if I get a reply.
Update at 1315: Travelodge UK, via twitter, have stated: “Sorry for the spam email you may have received. We have NOT sold any data. We’re currently investigating this issue and will update you ASAP”