From the Rakuten Ichiba, personal information will leak to spammers, or spam mailed with real names will start reaching e-mail addresses that are used only by Rakuten



When shopping in the Rakuten market, it is no longer a common sense level that you have to remove all the check boxes carefully so that the e-mail magazine does not reach you arbitrarily, but a situation that is not so far has occurred It seems.

According to a story from readers, etc.,As a result of shopping with making a mail address dedicated to Rakuten Ichiba, spam mail began to arrive from Rakuten's exclusive email address registered at that time, from a spammer that has nothing to do with Rakuten IchibaThat's right. There is a possibility that the spammer automatically generated the appropriate e-mail address and sent it only if this is so, but "the real name of myself" is described in the e-mail text and the personal information leaks out The possibility has risen.

Details are as below.
Is not personal information flowing from the Rakuten market to spammers? It was the blog below that became the beginning of the riot.

[Monday] Rakuten Shop is sending e-mail addresses to spammers

The mail address of the destination is an alias dedicated to "Rakuten Market". I used it for sending e-mails, etc. I have never used it for purposes other than Rakuten's account. Who knows this address is supposed to be Rakuten Shopping only, it will send you an e-mail magazine through Rakuten Market and mail order and campaign inside Rakuten.

─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─

This is the image of the actual mail


In May 3, it was said that spam mail began to arrive at e-mail addresses that are used only by Rakuten, and similar damage reports rushed to the blog comment field, and "Real names are listed According to a story from another reader, there are things such as "There is also a thing like 2", even 2 threads of threads will start reporting from May 4th.

Rakuten Ichiba's massive spam mail ...

In the above thread, "I also came and I also came with my real name." "I also came with the full name of my real name." "It's a destiny power bullfigh on my real name." "I am also the same as a dedicated pseudonym" Yuuki came by himself in real name, and it is still abandoned. "And so on and so on, damage reports are starting to appear one after another.

To another GIGAZINE from another reader similar "Junk mails with real names are delivered to e-mail addresses that are used only by Rakuten, spam mails have arrived"The storyteller came. Therefore, as a result of having the actual contents of mail etc. transferred, it turned out that there are cases where the real name is described in the subject and the body of the mail.

2009/05/29 Addendum:Even if the contents of the text are the same, I also noticed that there are spam e-mails with real names listed and spam e-mails not listed.

Example 1:
I know about ● ● (real name full name) !! Honesty

Example 2:
【Free trial OK !!】 ●●! (Real name full name) Dear Mr. incoming voice voice message!

Furthermore, although some shop names used by Rakuten Market exclusive e-mail address were also taught from talismans, we have not yet identified which shop in the Rakuten Market it is leaking because the number of samples is small.

By the way, Rakuten Ichiba's "Privacy policyAccording to the FAQ such as "It is said that various personal information entered when shopping in the Rakuten market is used as follows.

Q. What kind of information is offered to the counterparties when I do business?

A. Among the items described in the Personal Information Protection Policy "3. About Collection of Personal Information", personal data within the range necessary for the transaction is referred to as the service provider (shop, seller of freema, A person who provides goods or services to be traded, such as accommodation facilities or their agents, affiliated golf courses, etc.), and the service provider manages the information.
For details, please refer to "5. Handling of personal information etc."

Q. Is personal information provided in addition to Rakuten?

A. In the event that the customer has applied for a transaction, to the extent necessary for the transaction, transfer the customer's personal data to the service provider who is the counterparty (shop, seller of Flema, accommodation facility or its agent, partnering golf course etc. , Those who provide products or services targeted for trading), and the service provider manages the information.
Also, within the range necessary for achieving the purposes of use, we will jointly use your personal data between Rakuten Group companies.
In addition, we may provide personal information to third parties based on the Personal Information Protection Act.
For details, please refer to "5. Handling of Personal Information, etc." for Personal Information Protection Policy.

As long as I read the above texts, it seems that the real name, address, mail address, and Rakuten Ichiba shop may not know as well, but what kind of personal information is displayed on the Rakuten shop opening shop side Whether it is provided to third parties other than this is unknown only in this sentence, so I investigated further.

First of all, in July 2005, a massive personal information leakage incident occurred in the Rakuten Market, and various private information, e-mail address, credit card number, etc. leaked at that time.

July 23, 2005
On the leakage of personal information related to transactions at Rakuten Ichiba Store

【2】 Facts found so far
1. 123 cases were confirmed leakage of personal information at this stage.
2. The contents that flowed out are the customer's address, name, telephone number, purchased item, date of birth, credit card number.

Those that were 123 at the beginning will be doubled to 284 cases after 5 days.

July 28, 2005
About the outflow of personal information related to transactions at Rakuten Ichiba Store (continued)

As of 7:00 am today, the number of leaked personal information that we confirmed about this case increased by 161, 284 cases.

Furthermore, in August, it will increase from 284 cases to more than 100 times more than 36,239 cases at a stretch.

August 6, 2005
About the outflow of personal information related to transactions at Rakuten Ichiba Store (continued)

As of today (10 PM), the cumulative amount of personal information that could be confirmed as leaked for this case is 36,239 out of about 94,000, which is the number of orders received for the store concerned, and the number of cases in which the internal credit card number is included is It is 10,026 out of about 21,000 credit cards of the card owner who have been used to date in the store and contacted the attention. Each card company company continues monitoring (monitoring).

In other words, it ranged from 123 cases to 284 cases to 36,239 cases.

As expected, Rakuten who saw this matter heavily announced that it will take the following measures on August 1, 2005.

About the outflow of personal information concerning dealings in Rakuten Ichiba Store 【Future Measures】

With this, as for dealings with Rakuten from now on, credit card number and e-mail address of personal information can not be seen at store side.

A PDF file that can be viewed in the above page "Outline material on introduction of new customer information management system"According to page 7," Implementation of a new service that does not require credit card number information during transactions while a store is trading "" Non-display correspondence of partial mail addresses will be implemented in mid-September " It is clearly stated.


In addition, the page that explains this is actually below.

~ Toward creation of safe · secure Rakuten Ichiba ~
About introduction of new customer information management system such as "Rakuten market card payment substitution service" Anshin service "for stores

Until now, when you ordered on the Rakuten Ichiba, there was the following personal information that you entered.

name
Street address
phone number
mail address
credit card number

The name, address and telephone number were required for "shipping items", the e-mail address was "contact after ordering", and the credit card number was necessary for "settlement".

However, in order to reduce the possibility of leakage of personal information as much as possible, switch to a service that does not provide personal information (e-mail address and credit card number) not necessary for "delivery of goods" to each store.

So it is supposed that the e-mail address is not understood by the shop which stores stores in the Rakuten Market at present, and if the shop can know the e-mail address of Rakuten market user in some way, It is enough enough that alone already.

Therefore, after May 3, 2009 "E-mail address dedicated to Rakuten Market"By using Rakuten Ichiba,"Real names registered on Rakuten Market are posted"If someone who receives spam mail or spam mail seems to be in the person who is reading this article,This inquiry mail formIf you send the following content from, it will be very helpful for fact finding.

■ Rakuten market exclusive email address
■ Rakuten's shop name used with the e-mail address dedicated to Rakuten Ichiba
■ Sender email address of spam mail
■ Date and time of transmission of spam
■ Subject and Body of Spam


As an example it looks like the following.

■ Rakuten market exclusive email address
[email protected]

■ Rakuten's shop name used with the e-mail address dedicated to Rakuten Ichiba
○○ Rakuten Market Store, △△ Center, ×× 屋, ◎ ○ Shop Rakuten Ichiba Store

■ Sender email address of spam mail
[email protected]

■ Date and time of transmission of spam
2009/05/03 16:31

■ Subject of spam
Immediately once a million times. Address attachment

■ Body of spam mail
━━━━━━━━━━
Hello Name 【Anonymous Desire】
Registration ID: 000000000
━━━━━━━━━━
Thank you very much for using [GIGAZINE] all the time.

New ┃ 着 ┃ Mail has arrived.
━┛━┛

▼ Mail browsing free ▼
[Read the mail body]

[Site Top Page]

· Inquiry mail form is here

· Continued
Rakuten, personal information including user's e-mail address was found to be downloaded and sold by "1 case 10 yen"

10 problems that "Rakuten" is holding up Summary

in Note,   Web Service, Posted by darkhorse