Intrusion resulted in confirmation emails sent to a “small number” of customers.
Sedo was compromised over the weekend due to a security hole.
This resulted in a number of registered Sedo users, including myself, receiving an email asking them to confirm their account. The confirmation email started:
Thank you for becoming a Sedo member!
In order to submit your offer for you must first verify that the email you provided is a valid email address.
Sedo sent the following email to affected members today:
Dear Andrew Allemann,
We wish to inform you that on Saturday, 12th April, the Sedo website was compromised by an unknown intruder through a previously unknown security loophole. This resulted in an unauthorized email with the subject “Confirm your Sedo Account” being sent to a small number of our customers.
Our immediate investigation into the matter has shown that your email address was unfortunately one of those affected. That means that the intruder has got your email address only. NO other data has been compromised, i.e. no passwords or other account information was obtained. The security vulnerability was closed as soon as it was detected and any further unauthorized access was successfully prevented. This means that your Sedo account is safe, and you do not need to take any action to safeguard data stored in your account. Clicking on the link in the unauthorized email has no adverse effects.
If you have any questions we will be happy to help you. Please contact your account manager or visit our customer support center at http://support.sedo.com.
We apologize for any inconvenience this issue may has caused.