Subject: Information regarding iPhoneUnlockUK
Dear iPhone user,
you are receiving this email because your address was found in iPhoneUnlockUK's customer database.
We would like to make you aware that Jody Sanders of iPhoneUnlockUK has been selling software which
is available to download for free. Jody has passed off the work of the iPhone Dev Team, George Hotz
and others as his own without giving credit or attribution. The real authors of the software take a
dim view of this activity:
http://blog.iphone-dev.org/post/40449333/stop-thief
http://blog.iphone-dev.org/post/68156562/hello-jody
http://iphonejtag.blogspot.com/2009/11/information-campaign.html
Please note that the authors, while having expressed a negative opinion of iPhoneUnlockUK in the past,
have in no way initiated, endorsed or supported this email campaign.
The original programs which Jody has repackaged and sold without authorization, such as Quickpwn and
Blackra1n have always been free to download at http://blog.iphone-dev.org and http://www.blackra1n.com.
If you have paid to download anything from iPhoneUnlockUK and feel the service you received is worth
the price you paid, please take no action.
If you feel you have been ripped off, I would refer you to the "100% satisfaction money back guarantee"
advertised on the front page of http://www.iphoneunlockuk.com. The relevant contact details are:
Tel: +44 (0) 1782 767325 (10 AM to 6 PM Monday to Friday, UK) or 213-814-2646 (USA)
Email: support@iphoneunlockuk.com or jodysanders78@gmail.com
---
FAQ: How did you get my email address??
Answer: Let's just say iphoneunlockuk.com is not the most secure website in the world.
FAQ: What other personal details have been leaked due to the poor security of iPhoneUnlockUK.com?
Answer: The full name, street address, post code, phone number and email addresses of approximately
21,000 customers. The authors of this email campaign will not abuse this information in any
way but it is not difficult for anyone with basic website hacking skills to retrieve this
data from iPhoneUnlockUK.com.
Here is the response I got from iphoneunlockuk support @ c10.30am 31/12/09:
Call accepted by operator tim. Currently in room: Owen Geddes, tim.
Owen Geddes:
Hi Tim - can you explain this? http://bit.ly/6yUGfQ
Owen Geddes:
seems my details from iphoneunlockuk are available to hackers
tim:
The hacker who broke in only has your email address and your other information *name, address and telephone number) is not floating around the web. This matter has already been reported to West Midlands police who have taken the matter very seriously as it is in violation of the Computer Misuse Act.
We moved our site and data 10 months ago when this happened to a secure hosting system with a VPN encrypted tunnel and industrial firewall at Rackspace to prevent future attacks and we have had 100% uptime since and not one break in thanks to the staff at Rackspace. We have never taken security lightly, we just didn't realise how talented some people are. We do not store payment information (credit card details etc) as this is handled by our Credit Card processing company, so you have nothing to worry about there.
Owen Geddes:
they have my address? I dont give that out freely. Can you please remove my information/account from your system and confirm you have done so
tim:
all the details they will have are your address and email address. which anyone can get by searching land registry/ council records online
tim:
of course we can delete any of your information
Owen Geddes:
I think that is naive. You can only search on someone who's name you already have. You have introduced my name and associated details to third parties. They now know more about me than a search would give them - for example that I own an iPhone and my email address. Can you confirm when my data is deleted please
tim:
would you like the entire account deleting
Owen Geddes:
yes please
tim:
btw there is not much anyone can do fraudulently with an email address and a home address
tim:
your account will be closed within the hour
Owen Geddes:
please alo ensure that the IMEI's of my phones are deleted, as they also have these
tim:
no they not have the imei numbers
Owen Geddes:
of course they do - they know my email address. You can login into user accounts on your site with knowledge of just email addresses - you dont have a password system. In my account are listed all my IMEI's. They have access to all 21,000 peoples IMEI's
tim:
why would they want your imei number?
Owen Geddes:
are you serious?
tim:
please enlighten me
Owen Geddes:
I would suggest you put some sort of password control on your website
Owen Geddes:
thanks for the apology on behalf of your company and delightful tone "please enlighten me"
Owen Geddes:
please make sure i am not contacted again by your company other than confirmation my account and details are completely deleted
Thursday, 31 December 2009
Subscribe to:
Posts (Atom)
Posts
