Skip to main content hit by data loss

Software-as-a-service (SaaS) specialist has revealed that one of its employees has involuntarily surrendered the keys of the company's customer database to criminals after failing over a targeted e-mail virus and phishing attacks.

The firm has reached its one million subscriber mark and this comes at a time where more businesses are considering/evaluating using online services rather than desktop bound applications.

"Dear Customer,

It's time to take more action to prevent phishing. For, that means alerting our customers to specific new threats, raising awareness around the issue, educating administrators about key steps they can take today, and continuing to define, develop, and deploy the technologies that deliver customer security and success. In this note, we'll clarify recent issues and outline what our customers can do to increase security.

Phishing and
Phishing and malware are Internet scams on the rise. As's community approaches one million subscribers, it has become an increasingly appealing target for phishers. In fact, we have seen a rise in phishing attempts directed at customers over the past few months.

When we first saw signs of this sudden rise, we conducted a thorough analysis. We learned that a employee had been the victim of a phishing scam that allowed a customer contact list to be copied.

To be clear, a phisher tricked someone into disclosing a password, but this intrusion did not stem from a security flaw in our application or database. Information in the contact list included first and last names, company names, email addresses, telephone numbers of customers, and related administrative data belonging to As a result of this, a small number of our customers began receiving bogus emails that looked like invoices, but were not—they were also phishes. Unfortunately, a very small number of our customers who were contacted had end users that revealed their passwords to the phisher. Our support and security teams have been working with the small group of affected customers to enhance their security and with law enforcement authorities and industry experts in an effort to trace what occurred and prevent further attempts.

However, a few days ago a new wave of phishing attempts that included attached malware—software that secretly installs viruses or key loggers—appeared and seemed to be targeted at a broader group of customers. That's why we warned our system administrators last week of this new, more malicious phish and why we are sending this letter now with the goal of increasing awareness."

Computerworld (opens in new tab) pointed to a new trend in phishing and spamming where, just like Navy SEAL in wars, criminals are recruiting virtual snipers to bring down top people within large organisations - that includes members of boards, Chief Officers and other people with high statuses.

These hit men use sophisticated approaches to gain access to confidential data and the break-in at was just one of the ways to get their hands on a list of highly sensitive data.

Désiré Athow

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.