When I switched to a new maildomain, I implemented personalized addresses for every service that I sign up for. This way, I can keep track who sells or loses my information and as an added bonus, I can easily block based on the mail header, even when I am spammed via bcc (thanks to “Delivered-To”).
Today I have received potency-pill-spam to 3 addresses I used for signing up with this service in the last 4 years, give or take. The addresses are like
All three addresses have received the spam at the same time, so I am pretty confident, that this was no coincidence (it is very unlikely a spammer would guess correctly how my mail setup works and guess the addresses I have used).
Eweka was not yet available for a statement on this issue, so we don’t know if they had a database breach or sold the addresses. However, at this moment, it is better you treat your Eweka password as compromised and change it.
Congratulations to Eweka for being the first company to lose my new address!