Shortly after the ReturnPath incident, two ESPs -- and -- came forward to say that they had been hacked as well.

In many of these cases, overseas criminals apparently broke into ESP accounts and then used them to send spam. Criminals use hacked accounts to send links to questionable Adobe Reader updates, which could be pirated software, or worse -- malicious Trojan horse programs, said Gary Warner, director of research in computer forensics with the University of Alabama at Birmingham.

Silverpop's breach , including McDonald's. And some of them were promptly phished and spammed by scammers looking to steal sensitive information, using the Silverpop e-mail system.

Epsilon had problems last year too. In December 2010, and was using it in phishing attacks, asking for Social Security numbers and credit card accounts. Walgreens, which was hit again by this latest Epsilon breach, used Epsilon as its e-mail service provider at the time of the December 2010 incident, said Tiffani Washington, a spokeswoman for the drugstore chain.

All three of the compromised ESPs -- AWeber, Silverpop and Epsilon -- have business relationships with ReturnPath. However, with so many ESPs under attack for so long, it's not clear whether the ReturnPath attack can be linked to any of the other hacks, including the recent Epsilon breach, now thought to have affected , including Verizon, Citibank and JPMorgan Chase.