Bill Katz

My Brain

An occasionally updated repository of thoughts, past work, and links. Topics include programming, web ventures, and writing.

7 2007-05-31

More on leak of e-mails from Ameritrade

I closed commenting on my previous Ameritrade post, but I'm still receiving e-mails from customers annoyed by spam traced to Ameritrade. Just received an e-mail that suggests the possible vulnerability.

Hi Bill,

A lot of rumors and speculations are flying. Most are 'slashdot quality', I've been a customer of both Ameritrade (before the merger) and TD-Waterhouse. I always give out unique addresses. I run Linux, two firewalls, intrusion detection, I _know_ my machine has never been compromised. I did my own research, including corresponding with their security. Here are my findings. YMMV, but I suspect ot by much.

1) I never got any spam on my waterhouse email addresses before the merge.
2) I got spam on my Ameritrade email shortly after I opened the account at ameritrade
3) I started getting spam on the very old but clean, _waterhouse_ email shortly after the systems were merged in 2007 - I'm 100% convinced the leak is from the Ameritrade side.
4) If you look at some Ameritrade mass mails, in particular the announcements related to their Money Market management firm (The Reserve), it becomes obvious that they use a 3rd party to do the mass mailings. The emails are sent from: mail.alamodirect.com [141.155.245.141]. I investigated alamodirect.com, they are a mass-mailing service company.

So the email leak trail is:
1) Ameritrade shared my email with "The Reserve".
2) "The Reserve" shares^H^H^H^uses alamodirect.com.
Either of these two companies could be either compromised or selling my email. My money is on alamodirect.com. After all, they are in the business of mass-mailing.

All in all: I became pretty much convinced that there was no compromise of Ameritrade accounts. It is their lax email privacy policies (sharing with an affiliated 3rd party, who is even more lax) that led to the mass compromise of email addresses.

I hope you find this info useful.


Thanks. I did find it useful. Maybe some cyber citizens can follow-up on this lead.

Comments are closed

7 Comments

  1. I'm the author of the May by Anonymous (2007-06-05)

    I'm the author of the May 30th piece at http://yro.slashdot.org/article.pl?sid=07/05/30/1444236 which I assume the author is referring to as "slashdot quality" :) Briefly, I signed up with AmeriTrade on April 14, gave them a unique address, and then on May 15 I started getting stock spam at that address. In my case, I never got any e-mails from AmeriTrade about The Reserve. So as far as I know, AmeriTrade never shared my e-mail address with The Reserve or alamodirect.com. Of course, that doesn't mean it isn't possible. Maybe AmeriTrade shared my address with them in advance of the next mailing they were about to send out about it, and then the leak happened before their next e-mail about The Reserve was scheduled to be sent out. After the article, I got one anonymous tip that it was indeed someone inside AmeriTrade who was selling the e-mail addresses to a spammer on the side.

  2. Just thought this should by Anonymous (2007-09-14)

    Just thought this should come too light since everyone seems to be saying that TD AMeritrade is incohoots with Spammers. I was shocked to read the news about the data compromise this morning especially since my account was jeapordized last week. Someone got into it, mae an unauthorized trade, changed my email, snail mail & phone numbers. The way I discovered it was TDAmeritrade sent me an email verifing the email change. I called them up to discuss while logging on to my account which is when I discovered someone had purchased 10 shares of Apple. I use this account for options. After 2 days TD contacted me--they did "undo" the trade, told me where to report everythign to and supposedly contacted the FBI. I'm thinking about moving everything to OptionsXpress. I am really not very confident regarding their security.

  3. What nobody has mentioned by Anonymous (2007-09-21)

    What nobody has mentioned here is a very strange detail in the new announcement about Ameritrades latest security blunder: that business in the letter sent out to customers about "unauthorized code" being discovered on Ameritrade's computers. Seems like this "code" allows some third party to access and download Ameritrade customer information. Per the letter I received, the "unauthorized code" circumvented Ameritrade's antivirus software. Hmm, sounds like an inside job maybe, software installed by an Ameritrade employee? I'm sure that Ameritrade's hiring standards are pretty low--after all, they're in the financial industry. Ameritrade CEO suggests in his video that we just have live with spam and security breaches in our new e-commerce world. Baloney! Death penalty for identity thieves would make a difference, public executions.

  4. We have also used 2 by Anonymous (2007-07-18)

    We have also used 2 different unique email addresses - used only by Ameritrade and those two email addresses are being bombarded with stock related spam. These email addresses are not being guessed by brute force, because I am not seeing all the other possible permutations arriving at my domain. There is no question that ameritrade email addresses have been given to spammers.

  5. I have been involved with by Anonymous (2007-08-20)

    I have been involved with this problem since "the beginning," I was one of the first people posting heavily in usenet about the problem (I'm the one that did a lot of random email addresses in ways where I could confirm, at least for myself, that the breach was on their end). I also had a lot of correspondence with them, even a phone call eventually from someone pretty high up, who basically did not believe what I was telling him (so I gave up). I basically wrote off this problem since I didn't have more time to spend on it, but just today began searching again because I started receiving spam on a new random address I gave ameritrade several months ago. It had been working fine, no spam. Then I changed my address again (for unrelated reasons), and a month later started receiving spam on the OLD ADDRESS. Make of that what you will... But this new information brought to light on The Reserve is VERY INTERESTING. Especially when you consider the new email I just received from Ameritrade which states they are no longer doing business with The Reserve... hmmmm, interesting. No mention of WHY in their email to customers, but could it be they finally realized The Reserve was the source of their leaked information, and are trying to quietly divest?

  6. If I had any money in any by Anonymous (2007-08-27)

    If I had any money in any AMTD accounts, I would move it to Schwab or another broker. The people they have leading this investigation are obviously totally incompetent. :)

  7. I received a letter from by Anonymous (2007-09-15)

    I received a letter from Ameritrade admitting that my e-mail address has been compromised. I complained about this over a YEAR ago and they are just now figuring it out... /sigh I use a unique e-mail address with every vendor with whom I have dealings. I have *never* been spammed by any vendor until now.... and to think I trust this particular vendor with a good chunk of my retirement savings. This is pathetic.

Categories

App Engine (4)
Business & Investing (21)
Computers (26)
Creative Arts (10)
E-Business (14)
Family (3)
Movies and Videos (3)
PHP (5)
Personal (18)
Research Topics (5)
Ruby & Rails (12)
Software (26)
Writing (3)

About

Programmer, entrepreneur, writer

Some of my work

Relatively recent software and writing

Subscribe

Stay updated on my meandering thoughts & activities via Atom syndication.