A few weeks ago I started receiving spam emails to my scan-only email address. I know there has been a thread regarding the release of scan customer details to Revoo: Scan - What are you doing with my personal details?, but this new issue is much more significant.
Today I received a spam email to the same email address, containing my scan password IN PLAIN TEXT in the To: field. I can be quite certain that this is a security breach as I have two scan accounts and both were breached in exactly the same manner.
The received email was addressed in the form:
to: Password <scan_email_address>
subject: Looking for Manager
I reported the original breach to scan customer services and was assured that no password or credit-card details could have been obtained. Clearly at least the first part of that response is not true. I have updated scan on this matter, but thought it prudent to inform as many customers as possible to at least change their scan passwords.
I've provided an update with a bunch more information in post #63: Security breach at scan! Consider at least changing passwords