Original URL: http://www.theregister.co.uk/2009/08/11/campaign_monitor_hack_spam_attack/

Campaign Monitor reels from hack and spam attack

Australian mail marketing firm stumped

By John Leyden

Posted in Security, 11th August 2009 12:01 GMT

Australian email marketing application developers Campaign Monitor warned on Tuesday that it had been the victim of a hacking attack over the weekend.

Unidentified miscreants broke into servers last weekend and accessed some accounts. These compromised accounts were used to send spam, using lists already in the account and those imported by miscreants.

Campaign Monitor has contacted the people whose accounts were used. It has also begun a security review involving external consultants, designed to prevent a repetition of the attack in future. This review resulted in an outage on Monday.

Credit card details were held on the compromised server, but only in an encrypted form. The main impact of the attack is a backlog of email marketing campaigns, made worse by the blocklisting of Campaign Monitor's systems because of spam runs by the hackers who compromised its systems.

Quite how the attack was carried out remains unclear. Campaign Monitor said the attack was a "deliberate, planned and complex intrusion".

More details on that attack, and what Campaign Monitor is doing in its wake, can be found in a notice on its website here. Further questions can be posed via the firm's Twitter account. ®