Update to our community: Our email service provider was hacked the morning of April 14th.
On April 14, you might have received an email from Jumpcut with the title “Invoice 1147 from Jumpcut, Inc.” As we mentioned in a follow up email, this invoice is not real and was sent by someone who hacked into our Maropost account (our email sender). Fortunately, no personal data or credit cards were compromised at all.
I’m writing you this email to give you the full details of what happened, what we plan to do in the future to prevent this from happening again, and to personally apologize for any inconvenience and alarm this has caused you.
How did you get my email?
This is a common question we kept getting. If you asked this, it’s likely that you signed up for our newsletter a long time ago and unsubscribed (we’ve been operating since 2016). You were kept in a list called “unsubscribed” (keeping a separate list of unsubscribes is very common with all email marketing platforms like Mailchimp, ConstantContact, etc).
We had no intention of emailing you again, but unfortunately the malicious actor who accessed our Maropost account (the email marketing software we use) decided to send the fake invoice to ALL of our lists, including people who have unsubscribed.
What we will do moving forward: we will now regularly do a manual deletion of anyone who unsubscribes from our list. This means if you unsubscribe, your email will NOT be stored in a separate “unsubscribed” list anymore… instead, it will be deleted from the system entirely.
What if I clicked on the link?
We've had multiple cybersecurity firms look into the link in the fake invoice email. If you clicked on the link using your iPhone or Android phone, you are safe. If you clicked into it on an Apple laptop, you are safe. If you clicked on it using a Windows based computer, please see below.
If you are using a Windows based computer and clicked on the link, a file might have been downloaded on your computer. If you have not opened this file, please delete it immediately. If you did open the file, we suggest running a virus scanner. Specifically, Microsoft Bitdefender and Malwarebytes are both 100% effective at removing this from your computer.
Windows 10 comes with Bitdefender, which automatically runs and would have blocked this threat even if you opened the file. See here to check if you're up to date: https://www.microsoft.com/en-us/windows/comprehensive-security
If you don't have Bitdefender, or don't want to use it, we've confirmed that Malwarebytes also is 100% effective at removing any virus that might be on your computer. You can download Malwarebytes for free here: https://www.malwarebytes.com/
Again, you only need to run anti-virus software if you clicked, downloaded, and opened the file on a Windows computer.
How did this happen?
We have multiple users at our company who access Maropost to send emails to our audience. One of our users had her phone compromised by someone halfway around the world, and the malicious actor sent out the invoice email within two hours of access.
It's depressing that somebody would try to do this during a worldwide pandemic…but unfortunately, there's always going to be people out there that try to take advantage of others during shitty circumstances.
It's actually not that difficult to send emails that LOOK legit (they're using the correct domain). Vox made a video a week ago warning people that scammers can send fake emails from the WHO (if you're curious about seeing how, watch this great Vox video here: https://www.youtube.com/watch?v=_CrbHvbvvMw)
Why didn’t you send out a follow up email as soon as you found out?
We actually did do this. We sent a follow up email 45 minutes after the original hacked email was sent out. Unfortunately, because there are so many people on the total email list (2M+), it takes hours for all the emails to be sent out. One of our employees got her email over 6 hours after we sent it.
If you still have questions...
Because of the extraordinarily high amount of responses we received at support[at]jumpcut.com, our email service has been throttled. We’ve created a new account to deal with all requests from this issue.
Please email firstname.lastname@example.org with any outstanding concerns and questions that you have.
Note: we try to get back to you within the day, but because of the influx of emails that we’ve received, responses right now might take longer than usual.
Please know: we take your privacy and our security very seriously and will make sure we do everything we can to prevent this from happening in the future. I personally apologize for this happening, especially during such a stressful time, and want to emphasize that you will NOT be charged $470, and any payment information you have with us was NOT compromised.
CEO of Jumpcut