The FBI was involved and the investigation revealed that the breached database was administered by an Atlanta-based e-mail distribution company called Siverpop Systems. But, as it turns out, McDonald's wasn't the only company whose customers' data was stolen. According to The Register, a database containing names, birth dates and e-mail addresses of users of the popular online art community deviantArt has also been breached - and deviantArt is also a client of Silverpop Systems.
“The breach is with Silverpop, an email service provider that has over 105 customers,” revealed an FBI agent involved in the investigation. “It appears to be emanating from an overseas location.”
Another revelation that could be more than just a coincidence concerns a theft of a customers list of the well-known US drugstore chain Walgreens, and it seems that the hackers behind it used it to send phishing e-mails to the people on the list. The reason why it seems unlikely to be a coincidence? Marketing services firm Arc Worldwide - employed by Walgreens to handle its promotional marketing - is also the firm who hired Silverpop Systems to manage the McDonald's promotional e-mails distribution.
And while those three companies/organizations have already reached out to their customers/users and warned them about possible malicious e-mails they might be receiving in the future, it would be a good idea for other Silverpop Systems and Arc Worldwide clients to warn their customers about the possibility.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.