Notice the date on the emails? This shows you just how long we have been intercepting the emails.
We would like to point out we attempted to contact TheKiddy on the StarView support forum to tell him his system was leaking details; the result was he banned us.
The interesting detail about emails however is there headers. They contain a complete trace of the email from start to finish as it is delivered to it's final destination. In this case, the start was the customers PC, so the headers contained the IP/Hostname and computer name of the sender - This is how we got this information in the recently sent out emails. The rest of the information was what you entered into the support program (box number, your email address)
We collected several thousand email addresses and recently emailed a small number of people.
Why are we sending out emails?
Because The Kiddy is taking the piss out of his customers by ripping them off, and ignoring their complaints. He continually refuses to admit there had been any chance of a data leak - but the data had been stolen from his system long before it even reached the intended receipents. They lost control of the flow of the email right at the first stage due to a complete lack of understanding on how to secure this very confidential information.
We informed The Kiddy that his system was leaking private details over a year ago by PM on his site. Instead of listening to our advice and securing the system, he banned us from his site. Something that has become all to common when anything negative is said about them on their site.
Maybe the Kiddy would like to offer his customers an appology now and admit that his design was insecure leading to this massive breach of security we exploited.
As of 29th November 2012, we have commandeered the gmail accounts to prevent others from abusing the system. As a result the StarView support tool 1.02 is now permanently broken. The recovery information was also removed so they won't be getting them back any time soon.
We were also pissed off that The Kiddy was in such a hurry to get his payment system back up and running to take new subs, despite the fact he has not got the channels put back on yet and that there are hundreds of people who have paid and are awaiting activation. The Kiddy has asked those who paid by PayPal to request a refund and pay him his new increased prices. He is ignoring the fact that he may have already withdrawn your money into his account, and most of you will not be able to claim a refund by PayPal because it is now over the maximum time permitted for a claim. It's very clear his only priority is obtaining your money.
And Finally...
For those who did not use the support tool... Don't think your details are safe!
THIS IS NOT THE ONLY SECURITY ISSUE OR DATA LEAK THEY HAVE SUFFERED
More to come on that later. Were saving that one for (another) rainy day.
It is just the earliest one in the chain of events that occur when you to subscribe, so we chose to abuse this one first. It shows there complete lack of understanding of basic security and how they have lost control of their security so early on. That makes this a nice little exploit. But it's not the only one...
Update 02/12/2012
Why is it that the staff at mystarview.com are banning any and all members who dare to ask about their personal information been leaked, and removing all posts relating to anything bad about StarView and there security. Looks like TheKiddy is still hiding behind denial. Very shoddy operation.