HomeOwners Alliance ‘horrified’ after hack sends out thousands of fake invoices

The HomeOwners Alliance was last night investigating a hack of its Mailchimp newsletter distribution account that resulted in its subscribers being sent an “invoice”.

EYE was one of the many recipients of an email from the property campaign group asking for payment of £285.

The invoice linked to online book-keeping service Xero which has been warning about spam emails falsely claiming to be from its service this week.

A genuine email came from Paula Higgins, chief executive of the HomeOwners Alliance 20 minutes later, which said: “Please ignore and delete the previous email from us.

“We are investigating with Mailchimp what has happened.

“Please be reassured that we do not keep any member or user payment details on Mailchimp, only email addresses.

“We are working as hard and quickly as possible to resolve this situation and will update you as soon as this is rectified.”

Mailchimp has previously been criticised for hacks into its system and had pledged earlier this year to improve its processes to stop this happening.

Mailchimp has been contacted for comment.

A statement from the HomeOwners Alliance said: “We worked as quickly as possible to secure the Mailchimp account and alert users via email, Facebook and Twitter.

“That response asked our newsletter subscribers to ignore and delete the spam email.

“First of all we would like to say thank you to all our newsletter subscribers for being so understanding and supportive.

“We are a small business and pride ourselves on putting our customers first so are horrified this has happened. We take the upmost care with people’s data.

“Our Mailchimp database holds only newsletter subscriber’s email addresses. No further personal information or bank details are held. And our member details are held in a separate system so are not affected.

“Mailchimp is a reputable newsletter email distribution software with numerous security features which act to keep our newsletter list safe.

“We are still investigating but currently we know that the email sent was spam and included a link to a file which contains Windows based malware.

“It is unclear how spammers managed to gain access to our Mailchimp account at this time but we have immediately strengthened security around the account in response.

“This was a professional attempt at deception. The perpetrators uploaded over 5,000 email addresses who were not HomeOwners Alliance subscribers.

“Our newsletter list is a GDPR compliant list based on consent. So if you suspect you are one of those 5,000 because you are not one of our subscribers, you should review your own email account security.

“We have immediately deleted all 5,000 newly uploaded emails from our list.”

x

Email the story to a friend!



Comments are closed.

Thank you for signing up to our newsletter, we have sent you an email asking you to confirm your subscription. Additionally if you would like to create a free EYE account which allows you to comment on news stories and manage your email subscriptions please enter a password below.