Password Security / Phishing Spam
We have become aware that a customer’s login information has been compromised and been used to send phishing spam. Typically when the server is used to send spam it is via a weakness in user installed software that allows the spammer to upload their own mailing script. In this case the email server was being accessed directly using the customer’s username and password and spam was sent out directly from that user’s email account.
Large volumes of mail has been sent out in the relatively brief period this occurred. We have isolated the user account and this incident has been resolved.
There will likely be lingering effects. Most mass email providers will rate limit email from a server that recently sent large quantities of email, especially if marked as spam. This should be temporary. We will contact email providers to resolve any longer term email rejection.
Please let this serve as a reminder to routinely change passwords and when doing so ensure they’re strong, using mixed case, symbols, numbers; generally being as complicated as is feasible.
