Attention: Please take a moment to consider our terms and conditions before posting.

Spam emails from the club

So over the past three weeks I have received about 5 different spam emails from the club. Each time I am called a different name, Paul, David, Daniel.

I am not sure what email system they are using, but its clearly not working.

They are also putting user names and passwords on the email to purchase tickets, this must be for other peoples accounts.

I have a season ticket and my name is Rob for the record.
CAFC.jpg 107.9K
«134

Comments

  • You must be a member of the clique.
  • robroy said:

    So over the past three weeks I have received about 5 different spam emails from the club. Each time I am called a different name, Paul, David, Daniel.

    I am not sure what email system they are using, but its clearly not working.

    They are also putting user names and passwords on the email to purchase tickets, this must be for other peoples accounts.

    I have a season ticket and my name is Rob for the record.

    WTF?

    Can you elaborate a bit on this please?
  • robroy said:

    So over the past three weeks I have received about 5 different spam emails from the club. Each time I am called a different name, Paul, David, Daniel.

    I am not sure what email system they are using, but its clearly not working.

    They are also putting user names and passwords on the email to purchase tickets, this must be for other peoples accounts.

    I have a season ticket and my name is Rob for the record.

    robroy said:

    So over the past three weeks I have received about 5 different spam emails from the club. Each time I am called a different name, Paul, David, Daniel.

    I am not sure what email system they are using, but its clearly not working.

    They are also putting user names and passwords on the email to purchase tickets, this must be for other peoples accounts.

    I have a season ticket and my name is Rob for the record.

    robroy said:

    So over the past three weeks I have received about 5 different spam emails from the club. Each time I am called a different name, Paul, David, Daniel.

    I am not sure what email system they are using, but its clearly not working.

    They are also putting user names and passwords on the email to purchase tickets, this must be for other peoples accounts.

    I have a season ticket and my name is Rob for the record.

    You've probably confused them by calling yourself Rob & Roy.
  • Good to see that the issues with the contact database that lead to me getting the season ticket renewal forms for two other people a few seasons ago have been utterly ironed out then :-)
  • edited September 2016
    I had Charlton emails for Katie and Holly last week.

    If they are now sending complete log-in information to random people they are effectively giving away the personal information held on the intended recipient, because you could then access it, although probably not saved credit card info. Bound to be a breach of the legislation even so.
  • Sponsored links:


  • Breach of trust anyway.
  • I had Charlton emails for Katie and Holly last week.

    If they are now sending complete log-in information to random people they are effectively giving away the personal information held on the intended recipient, because you could then access it, although probably not saved credit card info. Bound to be a breach of the legislation even so.

    Katie? Are they confusing you with Meire again?
  • LuckyReds said:

    Erhh... There should be no reason they could even access a plain-text version of ANYONEs password, let alone transmit it via email. This is basic development 101, I'd reprimand even a junior developer if I saw any application whereby user authentication credentials were stored in plain-text. The erroneous emailing of them is completely and utterly unforgivable though, and I would imagine a severe DPA breach.

    Second question; if anyone has bought tickets recently, do the payments go via the CAFC site or via a third party payment gateway? If they handle payments directly, then I would imagine storing user login credentials in plain-text may cause a compliance issue with PCI-DSS? (As I think that extends beyond the storage of payment details, and in to the security of any system which handles payments; if anyone here works in compliance perhaps they could shed some light on that?)

    Alas, I understand that this isn't actually the club - but most likely their vendor. But still... WTF?

    It is the club.
  • LuckyReds said:

    Erhh... There should be no reason they could even access a plain-text version of ANYONEs password, let alone transmit it via email. This is basic development 101, I'd reprimand even a junior developer if I saw any application whereby user authentication credentials were stored in plain-text. The erroneous emailing of them is completely and utterly unforgivable though, and I would imagine a severe DPA breach.

    Second question; if anyone has bought tickets recently, do the payments go via the CAFC site or via a third party payment gateway? If they handle payments directly, then I would imagine storing user login credentials in plain-text may cause a compliance issue with PCI-DSS? (As I think that extends beyond the storage of payment details, and in to the security of any system which handles payments; if anyone here works in compliance perhaps they could shed some light on that?)

    Alas, I understand that this isn't actually the club - but most likely their vendor. But still... WTF?

    I have bought tickets recently & i am sure the payments go through a 3rd party payment gateway.
  • LuckyReds said:

    Erhh... There should be no reason they could even access a plain-text version of ANYONEs password, let alone transmit it via email. This is basic development 101, I'd reprimand even a junior developer if I saw any application whereby user authentication credentials were stored in plain-text. The erroneous emailing of them is completely and utterly unforgivable though, and I would imagine a severe DPA breach.

    Second question; if anyone has bought tickets recently, do the payments go via the CAFC site or via a third party payment gateway? If they handle payments directly, then I would imagine storing user login credentials in plain-text may cause a compliance issue with PCI-DSS? (As I think that extends beyond the storage of payment details, and in to the security of any system which handles payments; if anyone here works in compliance perhaps they could shed some light on that?)

    Alas, I understand that this isn't actually the club - but most likely their vendor. But still... WTF?

    It is the club.
    :neutral: New levels of ineptitude.
  • I've now received this email three times in the last five minutes.

  • I've now received this email three times in the last five minutes.

    Make that four.
  • This explains some of my dismay at the fact the emails contain passwords - http://plaintextoffenders.com/about/ - without even beginning to question how the hell they're being sent to the wrong email addresses.

    I'm wondering if someones messed up tying in some mail service to the site?
  • Sponsored links:


  • I've now received this email three times in the last five minutes.

    Make that four.
    Bloody hell

    I'm lucky to get any emails about ticketing, it takes hours to get the confirmation email when I've bought a ticket!
  • Spooky. As soon as I finished reading this thread, the same email popped into my inbox. At least it addressed me by my own name. I don't recognise the user name (6 digits) but it's definitely my normal password. Just weird (possibly also unique).
  • This is pretty unforgivable. ICO would hand out a 5-6 figure fine for a data breach like this. I'm truly astounded. Concur with LuckyReds that plain text is a massive no no, even in the transmission stage, sending it is ridiculous! Even if they are stored, encrypted, salted and hashed somewhere, the fact they have sent them makes it irrelevant.

    I would bet good money that this password is the same in a lot of the 'customers' other internet services.
  • lol just got two of these in my inbox - both with my right name, but with two different sets of username/passwords...
  • AshBurton said:

    Spooky. As soon as I finished reading this thread, the same email popped into my inbox. At least it addressed me by my own name. I don't recognise the user name (6 digits) but it's definitely my normal password. Just weird (possibly also unique).

    Nothing here, though I have just received a tax refund of £600.84 GBP. Just let me clink on the completely unsuspicious link...
  • robroy said:

    So over the past three weeks I have received about 5 different spam emails from the club. Each time I am called a different name, Paul, David, Daniel.

    I am not sure what email system they are using, but its clearly not working.

    They are also putting user names and passwords on the email to purchase tickets, this must be for other peoples accounts.

    I have a season ticket and my name is Rob for the record.

    Thanks for bringing this to our attention Steve.

    FFS!!!!!! This stuff really isn't that hard
  • My son got one, he has never had an account or password so it's strange they sent one to him
  • LuckyReds said:

    This explains some of my dismay at the fact the emails contain passwords - http://plaintextoffenders.com/about/ - without even beginning to question how the hell they're being sent to the wrong email addresses.

    I'm wondering if someones messed up tying in some mail service to the site?

    But how have they gotten it both spouting off random emails and including UN/PWD in them? And since when do you include BOTH a UN and PWD in an email? Surely you segregate them.

    And yeah the plain text storage of UN/PWD...I mean I get it, they don't think it matters but we're seeing time and again that in the internet of things era you have to secure and salt everything. Sigh.
  • I'm still waiting to hear back to be honest. Michael Douglas and Christoph waltz' agents are up my arse, but Roland doesn't care
Sign In or Register to comment.

Roland Out Forever!