Return Path has noted on their In The Know blog late last week that they’ve been hit by a phishing attack. The post is an update to the earlier post about the phishing attack which Return Path expected to be aimed at other ESPs as well.
In the update Return Path puts in the following:
Since the time of our posting and into late evening yesterday we received data from our ESP partners and some clients responding to our post that make us suspect that some of our data within Return Path may have been compromised as part of this same phishing scheme.
As no other ESPs have posted anything about this event, it seems that only Return Path is hit (so far). The blog post further notes that only a small amount of addresses has been compromised:
Even though this is a small list, it is still a serious issue since many of the addresses on the list themselves have downstream access to larger email lists. As a reminder, Return Path does not warehouse large consumer mailing lists or deploy any client email campaigns directly.
If you’re an ESP and have received ‘odd’ emails on the addresses used with Return Path services, be sure to contact them: you can send an email to Neil Schwartzman at email@example.com.