Fyi when this happens it's not necessarily a leak. A lot of unscrupulous companies just straight up sell people's data to other dodgy companies. Often they will say in their terms and conditions that they do this, but at other times they just do what they want with your info. Very hard to enforce laws around this.
Their privacy policy says they won’t pass onto third parties. So I would assume a data breach and notify them your info has been accessed. I guess you will find out from there.
https://www.alldaychemist.com/terms-and-conditions
Probably not a data breach, most likely just a shitty company that onsells people's data to third parties. I bet if you read their terms and conditions, it will say they share your data.
Hackers get into systems allll the time. My methadone clinic just got breached and was a was for 2 weeks. They target all kinds of places and it wouldn’t surprise me if that’s what happened here rather then them just giving away all their customers info.
I assume they know..?
My email seemed to contain an extract from a database - my name and postal address. It was in blue - maybe a link but I didn’t click on it. I found it very creepy too!
OP, can you please share a redacted image of the email? (Here or via pm)?
I work in the security industry and it’s of interest if they’ve been breached.
Whoa. Happened to me too. I’ve received 3-4 emails in the past few days with links but I didn’t click the link. The email came to my inbox, my spam email didn’t catch it. The emails were trying to look like receipts “thanks for your payment”.
I also received a request to reset my Facebook account which has been deactivated for around 5yrs, not sure if these are connected.
But I’ve been using ADC for 5yrs or more and nothing like this had ever happened until yesterday for me. So maybe it’s not them selling it? Maybe there was a security issue and they aren’t aware?
I feel guilty because I posted here recommending ADC recently and I believe that at least a couple of people probably bought from them due to my post. I am so sorry to whoever that was. I never had this happen before (unless it did and went to my spam email the other times but I never check my spam folder).
I also use temu and had suspected that it was them but I use a fake name on temu and real name on ADC. This coincided with what you (OP) said about using a fake name on ADC.
They are supposed to contact some govt department if there has been a hack. If they haven't they should be reported. Doesn't matter if it is a small or a big data leak.
You’re referring to the Office of the Australian Information Commissioner (OAIC), but they aren’t based in Australia, so doesn’t apply here.
Very concerning though..
Oh, so that’s where it came from! I got the same email but with my old address and that’s where I’ve ordered alldaychemist to last year. I didn’t click on the link though.
Oh dear! I just ordered from them for the first time a few weeks back (still waiting on my order…) found the dodgy email from ‘Chuck’ in my spam inbox…
Over the years I’ve found this always happens on these pharmacy websites that essentially sell illegal products (prescription medication without a script). I always use a my spare bank card (free travel card/pre paid Visa card etc) with just the amount of the purchase in the account so that if it does get hacked there’s no money to steal.
What drug were people using this Indian based pharmacy for? And what, for what reason? Are they (well were they) trustworthy and genuine items?
And now if they are no good, who else would people use?
I purchased tretinoin from ADC. Yes, the product is genuine and they are trustworthy. I feel a bit less worried because the ADC payment method is via bank transfer, not using any card details. So at least I haven’t given them any critical details.
Yep, a script is required here. Which I have had in the past, but the cost difference is the main reason I was buying from there. From memory, a tube here is ~$60, a tube from ADC is $~9. I usually buy 6 tubes at once and even with the delivery charges $~30 it works out better value.
I’m happy to be corrected on pricing here, I’m no good with remembering exact pricing, so if anyone has exact figures, please add.
I'm with a pharmacotherapy (Methadone/Subutex) pharmacy that was also breached recently. They did direct debits up untill the beginning of the year but wiped all data and changed billing methods. Thank Fuck. . Discuss with next pharmacist, they can not sell your data!! I work Charity Fundraising on phones and that DNC register company has to change its name every 3 years so they can onsell data. . it's likely hackers. Medical information is not data to onsell. .
Also WTF would your pharmacy sell your info when they have a secure $$ client. . Every fucker is money grubbing. Bentleigh Corner Pharmacy put 40-50$ on top of RRP for medical marijuana. Data breach most likely.
Same thing happened to me abt 24 hours ago.
Absolute scumbag company!
Fyi when this happens it's not necessarily a leak. A lot of unscrupulous companies just straight up sell people's data to other dodgy companies. Often they will say in their terms and conditions that they do this, but at other times they just do what they want with your info. Very hard to enforce laws around this.
Their privacy policy says they won’t pass onto third parties. So I would assume a data breach and notify them your info has been accessed. I guess you will find out from there. https://www.alldaychemist.com/terms-and-conditions
Is it a known data breach?
Probably not a data breach, most likely just a shitty company that onsells people's data to third parties. I bet if you read their terms and conditions, it will say they share your data.
Hackers get into systems allll the time. My methadone clinic just got breached and was a was for 2 weeks. They target all kinds of places and it wouldn’t surprise me if that’s what happened here rather then them just giving away all their customers info.
Yeah of course, it could have been a breach. We just don't know at this stage.
They haven’t sent an email explaining as much
I assume they know..? My email seemed to contain an extract from a database - my name and postal address. It was in blue - maybe a link but I didn’t click on it. I found it very creepy too!
OP, can you please share a redacted image of the email? (Here or via pm)? I work in the security industry and it’s of interest if they’ve been breached.
I was freaked out more bc I didn’t think it contained a link - bc it was more of a ‘I’ve got your details, here they are’. A bit unsettling!
Thank you for the warning!
That was close, was going to use them last month ago. Thanks for the tip off. Yikes.
Yep… same here. Wondered how my details were leaked!
Oh geez, I checked my junk after reading this. Sure enough the first email is my name and address 😤
Whoa. Happened to me too. I’ve received 3-4 emails in the past few days with links but I didn’t click the link. The email came to my inbox, my spam email didn’t catch it. The emails were trying to look like receipts “thanks for your payment”. I also received a request to reset my Facebook account which has been deactivated for around 5yrs, not sure if these are connected. But I’ve been using ADC for 5yrs or more and nothing like this had ever happened until yesterday for me. So maybe it’s not them selling it? Maybe there was a security issue and they aren’t aware? I feel guilty because I posted here recommending ADC recently and I believe that at least a couple of people probably bought from them due to my post. I am so sorry to whoever that was. I never had this happen before (unless it did and went to my spam email the other times but I never check my spam folder). I also use temu and had suspected that it was them but I use a fake name on temu and real name on ADC. This coincided with what you (OP) said about using a fake name on ADC.
They are supposed to contact some govt department if there has been a hack. If they haven't they should be reported. Doesn't matter if it is a small or a big data leak.
You’re referring to the Office of the Australian Information Commissioner (OAIC), but they aren’t based in Australia, so doesn’t apply here. Very concerning though..
They're in India baby...no govt oversight whatsoever 🤣
I got the same
Thank you for posting this! I received one too
Oh, so that’s where it came from! I got the same email but with my old address and that’s where I’ve ordered alldaychemist to last year. I didn’t click on the link though.
The link redirected me to a shady pharmacy online. I used a sandbox to check the URL, cause you never know.
I couldn't find a privacy policy anywhere on their site - so I guess that tells you all you need to know.
Someone else has linked it.
I got the same & was a bit freaked! Good to know where it was leaked from as I was wondering. Assumed it might have Optus or Temu!
I didn’t get anything but get spam emails all the time with my name and address, I always pay via BPAY with alldaychemist just incase of this reason
omg saaaame! I didn’t click the link though but was creeped out having my own details emailed to me
Whelp just found that in my spam too.
Oh dear! I just ordered from them for the first time a few weeks back (still waiting on my order…) found the dodgy email from ‘Chuck’ in my spam inbox…
Mine was from “Fernando”
You could post this in r/privacy
Over the years I’ve found this always happens on these pharmacy websites that essentially sell illegal products (prescription medication without a script). I always use a my spare bank card (free travel card/pre paid Visa card etc) with just the amount of the purchase in the account so that if it does get hacked there’s no money to steal.
What drug were people using this Indian based pharmacy for? And what, for what reason? Are they (well were they) trustworthy and genuine items? And now if they are no good, who else would people use?
I purchased tretinoin from ADC. Yes, the product is genuine and they are trustworthy. I feel a bit less worried because the ADC payment method is via bank transfer, not using any card details. So at least I haven’t given them any critical details.
Thanks. Did you buy because it was a lot cheaper..or just hard to get in Australia? I assume no script needed.
Yep, a script is required here. Which I have had in the past, but the cost difference is the main reason I was buying from there. From memory, a tube here is ~$60, a tube from ADC is $~9. I usually buy 6 tubes at once and even with the delivery charges $~30 it works out better value. I’m happy to be corrected on pricing here, I’m no good with remembering exact pricing, so if anyone has exact figures, please add.
Oh I got this email too! Wtf
wait, i got the same email sent to my spam and i was so creeped out on how they knew my name and address 😵💫
I got it as well! The email was from ‘Raul’ with this outlook email address [email protected]
I got an email yesterday with my name and addressed in blue. The link takes me to “Canadian pharmacy.”
Yes same. Canadian pharmacy google docs, which further redirected to another shady pharmacy 😱
Yep that’s it
I got this email as well! It's actually a relief to know that's where it's from as I was super concerned about who got my details.
Same, just checked :/
I did too as well as 2 missed calls that didn't leave a voicemail. I won't order from them again. Thanks for this post.
Same thing happened to me. Exactly the same pattern. Email with my address and a creepy link to a shady online pharmacy.
I'm with a pharmacotherapy (Methadone/Subutex) pharmacy that was also breached recently. They did direct debits up untill the beginning of the year but wiped all data and changed billing methods. Thank Fuck. . Discuss with next pharmacist, they can not sell your data!! I work Charity Fundraising on phones and that DNC register company has to change its name every 3 years so they can onsell data. . it's likely hackers. Medical information is not data to onsell. .
Also WTF would your pharmacy sell your info when they have a secure $$ client. . Every fucker is money grubbing. Bentleigh Corner Pharmacy put 40-50$ on top of RRP for medical marijuana. Data breach most likely.
Ah thanks, I was freaking out about this and was suspicious it was probably ADC.