Like many folks, I have my e-mail protected by various anti-spam features. However, there's also companies I deal with that I want to always receive their mail, and I don't want it tagged or blocked as spam. So for those companies, I create custom addresses, and set them up in my mail server so that they are never ever spam-protected.
I came home from Easter dinner last night to find that I had 50 or so spam messages in my inbox. This was highly unusual, one or two is about average. Turns out, the super-secret e-mail address which has only ever been given to Intuit/Quicken ... is the recipient address.
In other words, Intuit's quicken billpay contact list has been compromised, near as I can tell. I won't claim that it has, but short of random attacks on my mail server to find a working e-mail address that isn't exactly "common" (no evidence of which, by the way, is in my mail server logs), I'm hard-pressed to offer up any alternative hypothesis. Their No-Sharing Practice page seems to indicate there's no significant reason this leakage should have occurred.
I've looked over my transactions online and see no evidence of wrong-doing, so it doesn't appear as if they compromised my financial data (but then again, who knows?). I've filed a ticket with Intuit and asked them to call me today to discuss the matter.
So, if you use Quicken Bill Pay service, you may want to take a hard look at your transactions and make sure that nothing crazy is going on.
Leave a comment