|
Fastmail hacked?
Background:
I have 2 legacy fastmail accounts (let's call them me@fastmail.fm and wife@fastmail.fm).
I also have my own domain (mydomain.tld) that uses fastmail's DNS services.
I set an alias on my account that forwards wife@mydomain.tld to wife@fastmail.fm
and an alias on wife's account that forwards wife@eml.cc to wife@fastmail.fm
About a week ago somebody opened an ebay.co.uk account with the wife@mydomain.tld email address. Ebay support restricted it once I proved to be the owner of the email address, but claimed that creating the account required the information in the confirmation email.
There were also emails from a UK broadband provider and a UK magazine subscription site, both on that same day.
I immediately changed all the passwords on both our accounts.
I also checked the login log on both accounts, and the only IPs that accessed it were my home, my workplace and my wife's iPhone.
Today my wife saw an email from Microsoft sent to wife@eml.cc requesting to confirm the creation of a "live" account, and another email saying that the email address was changed from wife@eml.cc to tel@f-m.fm -- another fastmail address (actual, not mine)
I do not know how to explain this. Maybe fastmail had a breach or was hacked.
I opened a ticket with FM, but I am interested to know if anyone else had similar experiences or has an idea.
Thanks,
Alex.
|