As with the last leak I reported, I use unique email addresses when giving information to companies.
In July 2013 I hired a vehicle in the UK using Thrifty. On Wednesday the 7th of May 2014 I recieved my first malicious email to the address I had given them.
Wed 07/05/2014 12:12 – Subject: “Email invoice: 5956972”, weirdly, containing no attachment this time – possibly filtered somewhere on it’s way to me?
Then today I had my second malicious email to the unique address:
Mon 12/05/2014 18:01 – “UPS Notification, Tracking Number 5645-568751” with an attachment of “UPS document 7020-922957.pdf” – the virus utilising a PDF rendering exploit (CVE-2013-2729).
This means that some time between July 2013 and May 2014 some or all customer email addresses (and potentially other details) of previous car hire customers of Thrifty (UK?) have somehow got into the hands of bad guys.
I’ve contacted them and will update this post if I hear back.