Yahoo Answers is shutting down on May 4th, 2021 (Eastern Time) and beginning April 20th, 2021 (Eastern Time) the Yahoo Answers website will be in read-only mode. There will be no changes to other Yahoo properties or services, or your Yahoo account. You can find more information about the Yahoo Answers shutdown and how to download your data on this help page.
Trending News
have ticketmaster been hacked?
Just received an email proportion to be from Abode- wishing me a happy Xmas and suggesting that I upgrade Adobe reader?
The oddest thing is that the hyperlinks to upgrade ( http://www.2012-acrobat-adobe-download.com/ ) actually points to ticketmaster.com.
Having looked through the header it looks as though the email actually came from ticketmaster or am I miss-reading the header?
i have obscured personal details...
Delivered-To: me@myforwardedemailaddress.co.uk
Received: by 10.229.231.9 with SMTP id jo9cs13170qcb;
Sat, 11 Feb 2012 07:21:03 -0800 (PST)
Received: by 10.216.136.200 with SMTP id w50mr3911040wei.2.1328973662465;
Sat, 11 Feb 2012 07:21:02 -0800 (PST)
Return-Path: <return_smverp_.16817231.1414343.DATABASEID.1445403.830562067.108483._smverp_.me=mydomain.co.uk@ab.mm.ticketmaster.com>
Received: from web1.myprovider.co.uk (ns0.myprovider.co.uk. [193.189.75.xxx])
by mx.google.com with ESMTPS id z8si6378700wec.53.2012.02.11.07.21.02
(version=TLSv1/SSLv3 cipher=OTHER);
Sat, 11 Feb 2012 07:21:02 -0800 (PST)
Received-SPF: fail (google.com: domain of return_smverp_.16817231.1414343.DATABASEID.1445403.830562067.108483._smverp_.me=mydomain.co.uk@ab.mm.ticketmaster.com does not designate 193.189.75.xxx as permitted sender) client-ip=193.189.75.xxx;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of return_smverp_.16817231.1414343.DATABASEID.1445403.830562067.108483._smverp_.me=mydomain.co.uk@ab.mm.ticketmaster.com does not designate 193.189.75.xxx as permitted sender) smtp.mail=return_smverp_.16817231.1414343.DATABASEID.1445403.830562067.108483._smverp_.me=mydomain.co.uk@ab.mm.ticketmaster.com
Received: from sms1-els203-80.mm.ticketmaster.com ([209.104.36.80])
by web1.myprovider.co.uk with esmtp (Exim 4.69)
(envelope-from <return_smverp_.16817231.1414343.DATABASEID.1445403.830562067.108483._smverp_.me=mydomain.co.uk@ab.mm.ticketmaster.com>)
id 1RwEkx-0006uR-GT
for me@mydomain.co.uk; Sat, 11 Feb 2012 15:20:59 +0000
Received: from sms2.mm.els203.clisys.tmcs ([10.75.20.210])
by sms1-els203-80.mm.ticketmaster.com (-); Sat, 11 Feb 2012 07:20:48 -0800
X-VirtualServer: Default, sms1-els203-80.mm.ticketmaster.com, 10.75.20.210
X-VirtualServerGroup: Default
X-MailingID: 16817231::1414343::DATABASEID::1445403::830562067::108483
X-SMHeaderMap: mid="X-MailingID"
X-Destination-ID: me@mydomain.co.uk
X-SMFBL: ZGFyeWxAaW1hZ2luYXJ5bnVtYmVyLmNvLnVr
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative;
boundary="----=_NextPart_20E_319A_07D69C25.6F65301D"
MIME-Version: 1.0
Message-ID: <16817231.108483@TICKETWEB.CO.UK>
Subject: =?UTF-8?B?QWN0aW9uIFJlcXVpcmVkIDogVXBkYXRlIFlvdXIgUERGIEFwcGxpY2F0aW9u?=
Date: Sat, 11 Feb 2012 07:20:48 -0800
To: me@mydomain.co.uk
From: "=?UTF-8?B?QWRvYmUgQWNyb2JhdCBSZWFkZXI=?=" <MAILINGS@TICKETWEB.CO.UK>
X-Spam-Status: No, score=-1.9
X-Spam-Score: -18
X-Spam-Bar: -
X-Ham-Report: Spam detection software, running on the system "web1.myprovider.co.uk", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: INTRODUCING UPGRADED ADOBE ACROBAT READER 2012 Since the Holidays
are in full swing and the New Year is approaching, we've decided to unveil
our latest Adobe PDF Reader/Writer 2012 Version http://smr.mm.ticketmaster.com/track?type=click&en...
[...]
Content analysis details: (-1.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium
trust
[209.104.36.80 listed in list.dnswl.org]
1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
[URIs: 2012-acrobat-adobe-download.com]
-0.0 SPF_PASS SPF: sender matches SPF record
-1.8 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
1.0 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily
1.4 AWL AWL: From: address is in the auto white-list
X-Spam-Flag: NO
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - web1.myprovider.co.uk
X-AntiAbuse: Original Domain - mydomain.co.uk
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ab.mm.tick
I agree Tony
It is worrying that they don't even know what will happen if one clicks on the hyperlinks in the email body- which are on their own servers.
Points to you for being the first to reply, tnx
I agree Tony
It is worrying that they don't even know what will happen if one clicks on the hyperlinks in the email body- which are on their own servers.
Points to you for being the first to reply, tnx
Thanks Lell
I too got that email.
Thanks Miah
The fact that the email wished me a happy christmas was a bit of a giveaway...
3 Answers
- Anonymous9 years agoFavorite Answer
Yes. Someone has at least their list of registered emails (spam is being received to unique email addresses) and the power to send spam emails from the ticketmaster servers right now - and who knows what else they have.
Ticketmaster are currently pretending nothing has happened, which is worrying as it opens the possibility that they don't have enough auditing on their servers to actually *know*.
Source(s): Various mailing lists.. www.twitter.com/ticketmaster is either amusing or tragic depending on your point of view. - 9 years ago
I also got a dodgy "Adobe update" email but have just received the following email from Ticketweb.co.uk ...
" Urgent Alert: Please Read this Important Message from TicketWeb
Dear TicketWeb Customer,
We have discovered that our TicketWeb UK direct email marketing system was exposed to unauthorised access. As a result, you may have received up to four emails on Saturday, February the 11th, from an unauthorised party with the subject as "Action Required: Update Your PDF Application" and containing a link to update an Adobe Acrobat PDF application. Please do not click this link, but delete the email.
We have taken immediate action to close the vulnerability. You can rest assured that none of your credit card information was vulnerable during this attack.
We sincerely regret any inconvenience this has caused. We are continuing to investigate this unauthorised access, and will send you a follow-up email when we have additional information.
Please contact www.ticketweb.co.uk/helpdesk with any questions you may have. Thank you for your understanding as we continue to resolve this concern. "
Ticketmaster own Ticketweb so hope this helps,
Lesley
- Miha LLv 79 years ago
Email trackers show that it comes really from ticketmaster:
http://www.ip-address.org/tracker/trace-email.php
http://www.ipaddresslocation.org/email-tracking/em...
http://www.find-ip-address.org/email-search/find-e...
------------------------------------------------------------------------------
IP Address: 209.104.36.80
Hostname: sms1-els203-80.mm.ticketmaster.com
IP Address Country: United States
IP Continent: North America
IP Address City Location: Los Angeles
IP Address Region: California
IP Address Latitude: 34.0416,
IP Address Longtitude: -118.2988
Organization: Ticketmaster Online - CitySearch
ISP: Ticketmaster Online - CitySearch
----------------------------------------------
Simple ignore it.
