I know this because I use SimpleLogin to provide each service with its own specialized email address. You can see in the picture the address starts with bixi@sl.***

It’s also possible but unlikely that they sold user data.

  • Starbuck@lemmy.world
    link
    fedilink
    arrow-up
    14
    ·
    5 months ago

    I wouldn’t expect a lot of overlap between MAGA / crypto idiots and bike share users (especially in Montreal), but there’s the proof. Weird.

  • AnotherDirtyAnglo
    link
    fedilink
    arrow-up
    9
    ·
    5 months ago

    I also assign unique eMail addresses for my online accounts, and also got this eMail today.

    It’s likely that Bixi got hacked, not that they sold the eMail address.

    Just do what I do – change the eMail address slightly on the mail server and on your online account.

    • setVeryLoud(true);OPM
      link
      fedilink
      arrow-up
      7
      ·
      5 months ago

      Oh yeah absolutely, it was just concerning to me that Bixi of all people would let my email address loose.

  • Pasta Dental@sh.itjust.works
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    5 months ago

    haha ouais j’ai eu le même email tantot, j’utilise aussi mon nom de domaine mais j’étais pas sur si c’était un pur hasard comme j’utilise un catch-all. Merci d’avoir confirmé!

    ça serait vraiment pratique d’avoir un système de signature automatique avec SimpleLogin avec protonmail comme proposé dans ce blog: https://kevincox.ca/2022/07/07/signed-email-addresses/ comme ça, seul le courriel avec la signature unique peut recevoir des messages, et des messages perdus par des bots qui tentent des noms de domaines au hasard qui pourraient avoir un catch-all se font automatiquement rejeter.

    update: simplelogin fait quelquechose presque comme j’aimerais, mais c’est pas aussi bien intégré que j’aimerais

    • brbposting@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      5 months ago

      Haha yeah I got the same tantot email, I also use my domain name but I wasn’t sure if it was a pure chance like I use a catch-all. Thank you for confirming!

      It would be really convenient to have an automatic signature system with SimpleLogin with protonmail as proposed in this blog: https://kevincox.ca/2022/07/07/signed-email-addresses/ like that, only the email with the single signature can receive messages, and messages lost by bots that try random domain names that could have a catch-all are automatically rejected.

      Update: simplelogin does something almost as I would like, but it’s not as well integrated as I would like

      Apple’s native translation Edit: for those browsing by All, didn’t see the community at first :)

  • Max-P@lemmy.max-p.me
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    5 months ago

    I think it’s more likely they got breached, or a third-party was breached (I see “zoho” in there). It’s easy for companies with shitty code to leak things like SendGrid tokens and web scrapers pick them up and use them for shit like the email you got.

    I do the same thing for my emails, it’s wild to trace back who leaked my email addresses. Man I hate how lousy our tech security is these days, or rather, the lack of fucks given and the lack of protections for consumers. Companies would rather buy cybersecurity insurance than actually make their shit secure.

    • AnotherDirtyAnglo
      link
      fedilink
      arrow-up
      2
      ·
      5 months ago

      I just checked some older eMails, and it’s not their mail provider / API token that got breached (previous messages used cyberimpact, not zoho).

  • Paige
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    edit-2
    5 months ago

    This is not sufficient for your conclusion given the burden of proof required for this claim. And, to be clear, you are claiming that: This organization controlled by the municipality is SELLING your email address. Your proof is a screenshot with the addressed censored. Not that there was a leak, not that someone guessed this handle, not that PBSC got hacked, not that you typed the wrong handle into a form. I can run this past bixi for you if you DM me your address, but you’re assuming a lot and I would bet not just MAGA but real coins that you’re wrong about bixi selling your info.

    • setVeryLoud(true);OPM
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      5 months ago

      That’s a fair point, it’s totally possible they got breached, I’ll update my title / desc accordingly :)

      Btw, as far as I know, Bixi is owned by Lyft and not the municipality, but feel free to correct me.

      • Nouveau_Burnswick@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        5 months ago

        Bixi is owned by Bixi Montréal a non profit created by the city in 2014.

        Your confusion is probably that the founding company, PBSC, is now owned by Lyft. Now called PBSC Urban Solutions, it was the international operations portion of the company before the bankruptcy.

        • setVeryLoud(true);OPM
          link
          fedilink
          arrow-up
          1
          ·
          5 months ago

          Oh interesting, that was 10 years ago, some sites are still providing this information as if it were actual and factual. Thanks for the correction!

    • setVeryLoud(true);OPM
      link
      fedilink
      arrow-up
      1
      ·
      5 months ago

      Btw I contacted them by email this morning and gave them all the information I have, waiting on a reply.

      I sent you a PM with the information, let me know if you got it :)

      • Paige
        link
        fedilink
        arrow-up
        1
        ·
        4 months ago

        I’ve gotten no response from them after a couple of days

        • setVeryLoud(true);OPM
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          4 months ago

          Call em, let them know your case number, it’s what I did.

          They replied to me letting me know they were looking into it after our call.

  • RealCaptPicard
    link
    fedilink
    arrow-up
    2
    ·
    5 months ago

    Pour ma part je n’ai pas reçu ce joli courriel. Peut-être que leur modèle de traitement pense que je suis trop pauvre pour leur arnaque 🤷

    • setVeryLoud(true);OPM
      link
      fedilink
      arrow-up
      1
      ·
      5 months ago

      Il est possible que tu sois tombé sur une autre liste de distribution, Zoho ne semble pas être leur fournisseur courant.

      • RealCaptPicard
        link
        fedilink
        arrow-up
        2
        ·
        5 months ago

        Ou alors la possible fuite se serait produite avant mon inscription en 2019. C’est quand même intriguant comme situation en lien avec bixi

        • setVeryLoud(true);OPM
          link
          fedilink
          arrow-up
          1
          ·
          5 months ago

          Impossible, ça fait moins d’un an que j’ai cette adresse courriel

          Perso je pense qu’ils testent les eaux avec une petite batch avant d’envoyer une grosse batch de spam à tout le monde, voir si Bixi va s’en rendre compte.

          • RealCaptPicard
            link
            fedilink
            arrow-up
            2
            ·
            5 months ago

            Bon bien on va rester sur le qui-vive. On n’est pas rendu à une alerte de fuite de données personnelles près depuis quelques mois…

  • lurch (he/him)@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    ·
    5 months ago

    There’s a typo in the screenshot. It seems to use the french word “mouvement”, which seems very odd to me in this far right US nationalist context.

  • 9488fcea02a9@sh.itjust.works
    link
    fedilink
    arrow-up
    2
    ·
    5 months ago

    I was about to send them an email… Why havent they disclosed publicly? They have my credit card info

    The spam i got was for MAGA coin lol

    • setVeryLoud(true);OPM
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      4 months ago

      Yup it is most likely a breach, I reported it to them on my side, it’d be great since you also have a single-use email address if you could also report it to them.

      You can give them a call after you email them the info to get them to get on it, that’s what I did :)