Tuesday, November 20, 2007

Data Leakage/Linkage Mystery

I have a mystery that came up tonight that I'm hoping someone can help me figure out.

I have a Yahoo! account that I hardly ever use anymore. I check it once every 6 months or so for email, but it remains unused otherwise. I do have my IM client Adium set to log into the account , but I don't ever use it for chatting. I also don't have the account generally associated with any of my other accounts, and it doesn't even have my real name on it.

Tonight I logged into yahoo-mail and checked the mailbox for said account. Delightfully I found several emails from Jayde.com to my unused yahoo mailbox, but with information about this blog.

Somehow I received mail to my unused yahoo account mentioning this blog.

I've never linked the two email addresses, I don't ever log into the yahoo email address, and haven't sent/received mail from it in forever.

The messages were dated back in March...

So, now I'm wondering how these two data items got linked.

  • Advertising site that is buying data and/or access logs and linking disparate things together?
  • Malware?
  • Weird CSRF or some-such?
Any ideas? I'm not sweating it too badly I suppose, but it is slightly disconcerting.

1 comment:

Steve said...

Think about the ads that you might see when logged into Yahoo. These ads could have the same cookies as when you set up your blogger account. A mere discussion between Yahoo and a company like double-click (owned by Google) and bingo, they know that the machine that accesses the Yahoo account also goes to your blog. Steve Gibson of Security now has a good primer.