14 DAY TRIAL // The recent leaks of customer email databases from companies such as Walgreens, McDonald's or deviantART are likely the result of a single intrusion said to have affected over one hundred firms and organizations.
The Register reports that at the center of the leaks is an Atlanta-based company called Silverpop Systems, which describes itself as a leading email marketing solutions provider.
The company is mentioned in the notification sent to affected users by deviantART, which reads: "Silverpop Systems, Inc., a leading marketing company that sends email messages for its clients, told us that information was taken from its servers."
The authorities have already been alerted. “The breach is with Silverpop, an email service provider that has over 105 customers,” Special Agent Stephen Emmett, from the FBI's Atlanta field office, confirmed for The Register.
Mr. Emmett also revealed that the attack originated abroad, but refused to go into the details because of the active investigation.
McDonald's, another company which announced a email database leak yesterday, did not mention Silverpop Systems, but did note that the breach occurred at an unnamed email services provider.
"McDonald’s asked Arc Worldwide, a long-time business partner, to develop and coordinate the distribution of promotional emails. Arc hired an email service provider, a standard business practice, to supervise and manage the email database. "That email service provider has advised that its computer systems recently were accessed by an unauthorized third party, and that information, including information that customers provided to McDonald’s, was accessed by that unauthorized third party," the company said.
In a Silverpop Systems press release dated September 9, 2010, Arc Worldwide is proudly listed as one of the company's strategic consulting partners.
Assuming that Arc Worldwide relied on Silverpop for most of the email marketing, the breach could be massive. Aside from McDonald's, Arc's customers include Comcast, Procter & Gamble, The Coca-Cola Company, Symantec, RIM, Whirlpool Corporation, Nestlé Purina, United and others.
Walgreen is also listed as an Arc Worldwide client and it's probably no coincidence that the drugstore chain announced at the end of last week that its customer mailing list was compromised.
To add fuel to the fire, a Silverpop spokesperson told The Register that the company "was among several technology providers targeted as part of a broader cyber attack," hinting at even more far reaching implications of this incident.