Slashdot Mirror
Telstra Denies Selling BigPond Customers' Data
Red Wolf writes "The Age reports that allegations that Telstra sells email addresses of BigPond customers have been denied by the telco. Melbourne-based IT worker Mark Edwards had doubts in this direction when he began receiving unusually large amounts of spam at his bigpond email address. Edwards grew suspicious because some of the spam being issued to him was also addressed only to a number of users within the bigpond.com domain, indicating that the unsolicited mass emailings were being sent to lists of BigPond users."
I'm with testra, and have had nothing but problems. Their Privacy policy allows selling your email address to advertisers. They've also got this insane capping system, that's stopped the rollout of broadband in AU.
Read more in Whirlpool. They've got the facts.
I'm not Seth.
I even got a phone book from them! And Yellow Pages too! ;-)
Wish they'd stop wasting the paper.. I have an internet connection for a reason! (and no, I'm not with Hellstra...anymore)
At times I get spam that the To: header contains a list of users all on my ISP in alphabetical order. All it means is that the spammer has a sorted list and spits out the spam to groups of addresses at once. The ISP doesn't have any thing to do with it in this case.
ln -s
They got hacked and don't want to admit it. Instead they play dumb when their users are getting spammed.
-Look lively. LOOK LIVELY!!! --Mr. Shmallow
Just because the company doesn't sell the list doesn't mean that no-one within the company does (or someone that used to work there). I know of a few people that have taken lists of thousands of email addresses from their work on their last day, just in case they wanted to sell it.
On top of that, I know I've been offered cash more than once to get a list of the addresses in our database. If you were working in a call centre, in a country that you're just visiting, knowing that you'll only be there for a month or two, and knowing you'll never go back, wouldn't it just be too tempting to nap that list for future reference?
The only way to find out for sure if an ISP sells subscriber addresses is to make a long, hard to guess address (such as jon4859493@bigpond.com) and give it to no one, just let it sit there. If you receive spam, it's a pretty good indication that your ISP is being rather loose with your contact info.
At our school, we don't earn a degree when we graduate—we earn pi/180 radians
Maybe Mr Edwards pissed off a support guy there, who kindly submitted his email address to several "opt-out" and assorted email collection^H^H^H^H^H^H porn sites.
http://pcblues.com - Digits and Wood
I also noticed that the recipient names on the last spam I checked were a mixture of one initial and surname (i.e., skelly) with more-than-one initial and surname (i.e., sfkelly).
The other odd thing was that there were quite a few uncommon surnames included and few common ones (no Smith, for example).
Based on this I'd say that either they were sold or they were harvested and carefully preened.
I agree. I attended UCLA, and I would often receive e-mail from spammers with all UCLA domain address and all in alphabetical order.
The Australian government recently (a day ago) announced that they will be privatising the rest (remaining 51%) of telstra. I wonder if this being on slashdot has anything to do with that?
Anyway, a day before the government's annoucement the senate was going to vote for an enquiry into broadband access in Australia.
Then later on the same day (or the next day) 4 independent senators voted against it (damn bastards, technophobics afraid of technology).
Look at these are two days in Australian politics and think, are Australians governed by morons?
Broadband enquiry likely
Broadband inquiry killed
New attempt at broadband enquiry
Analytic & algebraic topology of locally Euclidean meterization of infinitely differentiable Riemmanian manifold
Quite a lot of ISPs now re-sell Comindico's ADSL now.
Their entry into the market caused a small price war with wholesale prices, leading to the number of cheaper ADSL ISP options lately.
For those not familiar.
Telstra has a habit of raising their wholesale price to be close to or in some cases higher than their retail prices to end users, after a short delay the ACCC steps in and slaps down Telstra, who then behave for a while, then repeat.
This has the effect of discouraging competition.
So far the ACCC has not given out much more then slaps on the wrist, but this is mainly because the government is trying to sell off their share of Telstra, so they want the share price to be high.
You'll note that ACCC has been showing more teeth, and Telstra has been quiet lately, because the government has sidelined their plans to sell their shares (mainly because Telstra's share price is quite low atm).
In all fairness, I've got to question the claim that Mark has made. I am a self un-employable person who works from home. I have been using the Internet for about 5 years, and for the last three years have been using Telstra Bigpond cable. As part of my profession, I send and receive Email every day. I participate in a couple of "closed" mail lists. I don't run my own mail server, and simply use my Bigpond mailbox. My spam filtering software consists of absolutely nothing. On average, I receive 1 spam message a month. The simple fact is that if you do not participate in newsgroups, or other "open" forums, don't frequent porn sites, or buy stuff on the net, you won't get spam. In short, I treat my Email address as I do my mobile phone number, which means that it isn't handed out to just anyone. If the topic was the slow response times you get on Bigpond Broadband, and how a 10Mb cable-modem link still can't handle 160x120 movies in real time. Or, that surfing the net is still painful on Telstra cable, then the complaint might be valid.
%host -t mx bigpond.com
/ index/
bigpond.com mail is handled (pri=10) by extmail.bigpond.com
so you run your dictionary attack against the server
%telnet extmail.bigpond.com 25
Trying 144.135.24.8...
Connected to extmail.bigpond.com.
Escape character is '^]'.
220 bigpond.com service ready (identifier 29/4290323)
helo numpty
250 bigpond.com
MAIL FROM: <>
250 ok
RCPT TO: <aardvark@bigpond.com>
550 recipient <aardvark@bigpond.com> unknown
RCPT TO: <apple@bigpond.com>
550 recipient <apple@bigpond.com> unknown
RCPT TO: <mr_brianpowell@bigpond.com>
250 ok
and every 250 is a valid paid up customer
and there's not a long entry in the world that's going to find you
in fact you can visit http://www.bigpond.com/home/memservices/community
to harvest email addresses like I just did while waiting to post with EXTRANS
still it's more newsworthy if you CHARGE someone for this information !
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Did any one else read that as Telstra denies selling data to it's customers? As a user of ADSL in australia, most of which runs off the Telstra backbone, I can say there are certainly time where you are paying for nothing. Outages are all too common. Like it goes out when it rains common. I could see how they might deny selling anything at all given the level of service they provide.
EGG, the Electronic Gamers Guild
maybee an employee sold them to a spammer.
I have always wondered about inside jobs of this sort.
im sure it wouldnt be hard these days with the compact USB hard disks you can put on your keys.
simply plug it in, transfer all the email addresses, zip it up and send it to your favorite spammer, then collect.
sound easy? yeah... its scary.
I administer a mail server for an ISP of about 20,000 customers. We see mail come in all the time with JUST customers addresses in them. (ie.. no outside e-mail).. but I know that we don't sell customer information. I do believe this guy is over reacting. I've actually had to explain to several customers of ours that we don't sell information, because they came to the same conclusion. I think spammers must be wising up or something and sending all the e-mails to one domain in a CC or something rather then seperate e-mails... takes less effort/bandwidth.
When I got my phone connected here, Telstra mis-spelled my name. My name is incredibly uncommon.
... mis-spelled just as Telstra had ( at my company dot com dot au ).
:
About a month later, I was looking through the logs on the mail server at work ( as you do ) and saw an error about an unknown user, which just happened to be made up of my first initial, and then my last name
I immeditately called Telstra and confronted them, and they denied everything. The girl was quite rude about it and implied that I might also have stories about little green men carrying experiments out on my while I was asleep.
I absolutely INSIST that Telstra sold my details, consisting of ( but not limited to )
- my first and last name
- my employer
The above I can deduce from the logs on the mail server at work.