Solarwinds contact address database compromised!

Havn't blogged in a while, but this one has me very motivated.

Solarwinds are a relatively well known IT Management & Monitoring Software company.
Amongst their commercial product suite(s) are free tools that they make available to people who simply have to provide their personal information (name, email address, some other information) so that they can collect information about who's using the tools. Supposedly.

I have personally used their TFTP Server and their Advanced Subnet Calculator at various stages over the last 7 years or so and been fairly happy with them; despite being bannerware they actually do what they advertise and the Subnet Calculator has been very helpful as recently as in the last 12 months. (I run Linux almost exclusively these days, but still flitter in Windows and when i'm there, these tools still feature).

Unfortunately for Solarwinds, they've ever compromised their standards and disclosed their user information publically, or... they've been compromised, and had their user information disclosed publically.

On 6 December 2012 I received a spam email to an address i'd only ever given to Solarwinds.com.

Noting this I engaged with Solarwinds via Twitter, who, to their credit, were prompt in responding and I forwarded a full-headers version to them at their request.

Unfortunately there's been nothing further from them, and today I received yet more Spam. Similar enough I believe it to be from the same crowd.

A quick look on their Facebook page shows i'm not the only one now receiving unsolicited email to an email address that was exclusively given to Solarwinds.com only. Noone else.

So it's time to put it 'out there'. Did you receive the above? To an address disclosed to solarwinds.com ? Surely a company such as Solarwinds must realise how scandalous this sort of thing can be - or is?

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Progress?

In the last few days I was followed on twitter by @Solarwinds_APAC and I couldn't resist; I bit hard and mentioned them with "@SolarWinds_APAC bit late to be taking an interest in me now - i've already basically written off Solarwinds... !"

I was contacted by someone from Solarwinds Corporate Communciations (based in Brisbane, it appears) who's finally taking legitimate interest in the problem, it appears. Worse, the original contact I had from late last year no longer works for the company it appears.

It could be another week or so before I hear back, they tell me, but i'm encouraged by this development. I'll add further here when I know more.