Hi everyone,

For the past few months, I’ve been getting spam sent specifically to my dedicated Proximus-only email alias.

I’m pretty paranoid with my opsec, so I use Gmail plus-addressing for each correspondent (Example: name.surname+PROXIMUS@gmail.com). That way, I can manage things easily and detect possible leaks.

Here’s the strange part:

  • The alias I gave to Proximus has only ever been used with them.
  • The only legit mails that ever landed there were from Proximus, plus one from Bpost when Proximus shared the address for tracking the delivery of the bbox thingy.
  • Now, I’m suddenly receiving spam only on that alias and nowhere else.

For me, that points to one conclusion: either Proximus or Bpost leaked my data.

I already contacted Proximus’s DPO under GDPR. They replied that they investigated themselves and found no sign of a leak on their side.

I don’t care much about the alias itself, but I do care about knowing what happened .. and how far my data might have spread.

Has anyone else experienced something similar with Proximus (or Bpost)?

by wisetyre

19 comments

  1. Did you also ask the DPO whether they sold your data?

  3. Are you 100% sure that you didnt leak this yourself one way or another? Accidents can happen. Maybe you synced your contacts with a different app? For example Meta is notorious for extracting their users address books.

  4. I have been getting calls from weird French numbers the past 2-3 weeks

  5. >We share your personal data with different categories of subcontractors, suppliers, partners, joint controllers, subsidiairies of the Proximus group, governmental entities or other third parties. When you use our products and services, we can share your personal data with third parties who collaborate with Proximus for the provision of products and services. We share your personal data with governmental entities when a legal obligation requires us to do so. In some cases, the sharing of personal data is based on your consent, or where adequate, our legitimate interest. In this section you can find an overview of the different categories of third parties with whom Proximus shares personal data.

    From their website,

    >our legitimate interest.

    Aka, they sold your data for money.

    In other words, report them for a GDPR violation

  6. Following this.

    Notify their DPO, haven’t caught anything on my proximus alias yet, nor on bpost.

  7. There was a post about this earlier that is very similar but instead of Proximus it was telenet.

  8. Genuine question, but if you are worried about your data being leaked/used and went through the hassle of going with mail aliases for each company/correspondent, why are you using Gmail?

  9. Maybe I should make a separate post about this, but I recently had something similar with ACV. I also got an ad on the unique email I use for them.

    ACV’s DPO said an employee only got my email and name from the database, but their reply didn’t make it clear if other people’s data was also taken. They say the third party that got my data has removed it and that they filed a report with de Gegevensbeschermingsautoriteit.

  10. You must keep in mind that almost every company sells user data.

  11. Yeh I noticed the same on my proximus alias. This indeed started some months ago.

  13. I have noticed the exact same thing happening to me. I use an actual separate alias for Proximus which is tied to my primary mailbox, using [SimpleLogin](https://simplelogin.io).
    I noticed I’m getting spam to my specific Proximus alias for the past few months as well.

  15. i’ve had customised spam emails the moment I
    1. switched my prime from the netherlands to belgium (it didnt’exist before, but it started with a live dataleak, nice)
    2. the moment i switched banks to argenta, i got 5 months of fake argenta spam emails
    3. the moment i signed up for Base i got both fake proximus and base emails

    data security and belgium do not go hand in hand it appears. Not sure how i survive without different email aliasses, i’m asking for a a big problem soon

  16. could be sold data, a leak or if you run browser extensions it could have some “malicious” code

  17. Same exact thing with specifically Scarlet! They say they don’t know of/have any leaks.

    Started April 17 after signing up March 20.

  18. I have also been getting spam on an alias that I only used for Proximus so I came to the conclusion that either there was a leak that they didn’t announce (which would be a breach of GDPR) or they’re selling our data.

    In any case I created a new alias and deleted the one. However Proximus seems to reject SimpleLogin aliases which makes the whole thing even more suspicious (to me it suggests that they want a real address so that they can sell it).

  19. I’d also like to add that Gmail is insanely unsafe. If you have an email that’s NameSurname together, then all emails with a dot in between also get your emails. (Name.Surname, N.ameSurname,…)

    I have an Initial.Surname email, I also get all emails from 2 other people with the same email but with a dot in between. I’ve since moved away from Gmail for important things.

Comments are closed.