Phishing email targetting German ESET users

[Guest Big Sur]

Sorry to say,but that's a bad, bad P &R statement. DATSEC (Germany and Austria) as well as reported ESET customers elsewhere are victims; you know as I do customer databases have been breached and God knows what personal info has been gathered. This may well include credit card info from all customers involved. ESET is doing a very, very bad job in putting the blame first ande foremost on the phishing emails and the originators; it's the security hole providing third parties access to your customers database that's the real culprit here. Don't put the blame on others.

 

In the meanwhile, all registered ESET-customers should consider to block the credit card they used to pay for ESET softwares until full exposure by ESET has been provided. ESET should do a far better job in full exposure and risks in the meanwhile for their customers. By all means, do take your customers serious.

[dwomack 160]

Actually that is not true. At this moment we can confirm that all databases and users details at ESET systems are and always were safe and secure. The investigation into how this attack occured and who is responsible is still ongoing and until more information is confirmed and released by the authorities, any further statements about the incident are purely speculative.

[Guest Big Sur]

That'sa very bold statement. Explain to us how come the phishing emails include all ESET-user info for starters. No way this can be accomplished without customer database info. Once again: take your customers serious. It's about time.

[cutting_edgetech 25]

So has anyone received an email that list their username, password, or key for their Eset subscription? Has anyone's physical address or mailing been listed in the emails? So far it seems the info that has been compromised was their email address, and full name.

[Guest molzorz]

Sorry to say,but that's a bad, bad P &R statement. DATSEC (Germany and Austria) as well as reported ESET customers elsewhere are victims; you know as I do customer databases have been breached and God knows what personal info has been gathered. This may well include credit card info from all customers involved. ESET is doing a very, very bad job in putting the blame first ande foremost on the phishing emails and the originators; it's the security hole providing third parties access to your customers database that's the real culprit here. Don't put the blame on others.

 

In the meanwhile, all registered ESET-customers should consider to block the credit card they used to pay for ESET softwares until full exposure by ESET has been provided. ESET should do a far better job in full exposure and risks in the meanwhile for their customers. By all means, do take your customers serious.

 

Eset has never admitted mistakes. Every mistake he assigns the blame to someone else.

 

From 2001 Datsec always succeeded to keep his customers info secure without breach but after asserting control over Datsec at the recent moment Esets incompetent security allowed this serious breach of Datsecs old customers database.

 

Who will Eset blame this time?

[Guest johnsmith]

Actually that is not true. At this moment we can confirm that all databases and users details at ESET systems are and always were safe and secure.

Why do I not believe you?

[Guest Chuckie]

 

Actually that is not true. At this moment we can confirm that all databases and users details at ESET systems are and always were safe and secure.

Why do I not believe you?

 

Probably because he is telling a lie.

[Guest Guest]

I have 2 ESET licences, purchased in 2011 from datsec.de and in 2013 from eset.com/de, from 2 different e-mail accounts.

 

I received the phishing e-mail to both accounts, proving the old Datsec customer database and the new ESET customer database have both been compromised.

 

 

 

 

[Guest GTO]

 

Actually that is not true. At this moment we can confirm that all databases and users details at ESET systems are and always were safe and secure. The investigation into how this attack occured and who is responsible is still ongoing and until more information is confirmed and released by the authorities, any further statements about the incident are purely speculative.

Before you continue ruining the company you work for with more ludicrous statements, may I suggest to hand over the communication task to someone who knows what they are doing?

There is no way on earth to prove that a system was NOT penetrated.

Thank you.

 

 

ESET has a long history of being back doored and penetrated.

 

France, Thailand, New Zealand, India, Romania, Israel, and now Germany have all been fornicated with by hackers or defecated upon by defacers.

 

Coverups and spin abound, but they cannot hide it all. Search the web for more info. You will be surprised.

[Guest Customer]

Your information of informing the customers, even by the german supplier eset gmbh, is insufficient according to german data protection law (§34 BDSG).

As german customers who bought licenses from a german supplier in Germany this law applies, so it's the sellers duty - even if a third party managed the customers database - to inform the customers  "what data has exactly been promised!". This means not only customers names, but also impact on cc-cardnumbers, bank details, full address or else. A "delete the mail" advise is simply just not doing it. 

[Guest Gast]

ESET is above the law.

[Guest G P]

Not just a German problem.  Had the same suspicious email here in Detroit, Michigan, USA.  This one asked the user to call a number to verify account information.  Also, have had one of those red popup "warning boxes" generated by ESET that said "invalid user id and password".  Not sure if this is a Trojan or something trying to crack my local copy of ESET.  Scans show no infiltration or infection.  I thnk ESET has a problem here......

[Guest Goll]

Now these email addresses are also used for a Paypal phishing attack, see article in a German online magazine:

 

hxxp://www.heise.de/security/meldung/Phishing-Mails-im-Namen-von-Paypal-an-Eset-Kunden-1910448.html

[foneil 342]

See @Marcos's post below (from this thread)

i got that same email and i just want to know: are my credit card details now in danger???

We have launched a full investigation on how the incident occurred and will share more information soon, as it will be completed. As well we were tracing the origins of the attack and were able to shutdown the website that the criminal has been using and the fake form has been removed. We have notified German users about the fake e-mail via special e-mail message and the broader German public via our website and social media. We advised people who might have filled out the fake form with sensitive financial data to contact their financial institution immediately.
We are still continuing our investigation and are gathering important information to notify the affected.

[Aryeh Goretsky 378]

Hello,

 

Please forward a copy of the email you received, complete with all of the headers to our virus lab at samples@eset.sk.  Yours is the only report I have heard of this occurring outside of Germany and it will be extremely helpful to the team we've assembled to see the email you received.

 

Regards,

 

Aryeh Goretsky

 

 

Not just a German problem.  Had the same suspicious email here in Detroit, Michigan, USA.  This one asked the user to call a number to verify account information.  Also, have had one of those red popup "warning boxes" generated by ESET that said "invalid user id and password".  Not sure if this is a Trojan or something trying to crack my local copy of ESET.  Scans show no infiltration or infection.  I thnk ESET has a problem here......

[Guest Big Sur]

Is ESET hoping this issue will fade away? That's not going to happen. Clients want to know, want te be informed. The longer it takes, the more supicious it will become. Ziff Davis for example is very interested in how this all turns out, including an open and honest explanation from ESET.

[Guest Mads]

Is ESET hoping this issue will fade away? That's not going to happen. Clients want to know, want te be informed. The longer it takes, the more supicious it will become. Ziff Davis for example is very interested in how this all turns out, including an open and honest explanation from ESET.

This issue already has faded away. It is a Dead Horse. When a data breach occurs to most companys it is in a headline, but ESET always has accomplished to suppress news of such events. Ziff Davis will not say a word. And you will never see open and honest explanation from ESET.

[SweX 871]

Has ESET said anything about if they are done with the investigation? Afaik the answer is No, and so I don't think we will get an update on this until they're done. At least that's what I am hoping for.

[Guest Guest]

Got my first Software directly from the Store, registered at eset.com/de prolonged over esetshop.de, confirmation comes from datsec.de so Eset itself or one of their official Partners *MUST* be responsible for the data leakage, there NEVER was a reseller involved.

Someone should also check your former (or actual) employees on the customer service, they got access to this data too.

Someone may just walked out with a USB-Stick as a bonus severance pay?

[Guest mana]

ESET still investigating? or ESET doesn't want to share more information?

[Guest rob-bot]

ESET still investigating? or ESET doesn't want to share more information?

It's Holiday time in Germany. Now six weeks later nobody want more information ... 

[Tommi Uhlemann 5]

Update here: https://forum.eset.com/topic/460-eset-scam-email-targetting-german-users/?p=3564