Spam risks at MobileMe

TechCrunch posted an article recently about a security flaw in the MobileMe webhosting platform that puts every user at risk of having their email addresses harvested by spammers and targeted with loads of spam.

Quote from TechCrunch:

Here’s how it works. Every MobileMe user gets a public idisk file sharing site where they can post files for their public or private use. It’s simple to set the page to private, but it still shows the username if you to to the page. An example of a bad username: idisk.mac.com/mehmehmeh-Public. Here’s a good one: idisk.mac.com/steve-Public (That’s Steve Jobs’ account). There is no way as a user to hide or delete your public folder. If you are a MobileMe customer, you have one.

It’s only a matter of time before this exploit is abused (especially after it’s published on TechCrunch) and users at mac.com and me.com are inundated with spam. Lets hope MobileMe is up to the task of filtering these messages, fixing this already overly exploited flaw and letting the legitimate email continue to delivery accordingly.

Author: Matt V - @emailkarma

Matthew Vernhout is a digital messaging industry veteran and Certified International Privacy Professional (Canada) (CIPP/C) with nearly two decades of experience in email marketing. Matthew is 250ok’s Director of Privacy, and he is currently the Vice Chair of the eec, after serving for several years as the Chair of their Advocacy Subcommittee. Matthew was recognized as the 2019 eec thought-leader of the year.

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.