As you saw from our blog post yesterday, we have become aware of a serious phishing attack aimed in part specifically at ESPs, some direct mailers, and other sites.
Since the time of our posting and into late evening yesterday we received data from our ESP partners and some clients responding to our post that make us suspect that some of our data within Return Path may have been compromised as part of this same phishing scheme.
We immediately kicked off a formal internal investigation yesterday evening and want to proactively keep the email community informed as to the steps we are taking, to be as transparent in this investigation process as possible.
Our concern at this point is that a fairly small list of our client email addresses (those used to receive system alerts from us) might have been compromised. Even though this is a small list, it is still a serious issue since many of the addresses on the list themselves have downstream access to larger email lists. As a reminder, Return Path does not warehouse large consumer mailing lists or deploy any client email campaigns directly.
The fact that any of our data might have been illegally accessed and used in this malicious way is at the very least appalling and upsetting. We are tackling the problem head-on and will post updates as appropriate with more information as we learn it.
If you suspect that any email addresses that you use in connection with Return Path might have received an email as part of this phishing campaign, please contact Neil Schwartzman – [email protected] Senior Director, Security Strategy immediately. We plan to get back to the email community as information becomes available over the US holiday and over the next few days.