Verizon Exposes the Wrong 1,200 Email Addresses

← Back to Stories (view on slashdot.org)

Verizon Exposes the Wrong 1,200 Email Addresses

Posted by timothy on Friday October 10, 2008 @07:22AM from the but-this-was-the-before-picture dept.

netbuzz writes "If you're going to market your expertise by inviting 1,200 IT professionals to a seminar about securing data and protecting personal information, it's probably a good idea to protect the personal information of those you invite. On Tuesday, Verizon forgot that advice and blasted each of the 1,200 email addresses to everyone on the list ... and they did it 17 times."

33 of 94 comments (clear)

Blunder by mfh · 2008-10-10 07:22 · Score: 5, Insightful

Whenever email scripts have too many recipients, they do tend to refresh and try again, which can cause dupes. These addresses were likely supposed to be in the BCC field, or nonexistent (duh). So it was a mistake.
That's an embarassing blunder, to hold a seminar on keeping private info secure and then spamming who is attending the seminar. I wonder how much time they will spend on that blunder, explaining how it can happen to anyone, even the mighty Verizon, but this foolishness will not strengthen Verizon's sales pitch.
Spammers attend these conferences. Now spammers have known email addresses of everyone there.
This would only make a difference if spammers made money based on sending targeted email. They don't. They make money based on volume of addresses when a shady merchant pays them. So maybe they could make $25 on this list?
Apart from making one person in Verizon look stupid, this also enforces the theory that it only takes one idiot to... the whole internet.

--
The dangers of knowledge trigger emotional distress in human beings.
1. Re:Blunder by Anonymous Coward · 2008-10-10 07:26 · Score: 2, Funny
  
  I wish there was mod points for long winded waste of time
2. Re:Blunder by Spacepup · 2008-10-10 07:35 · Score: 5, Funny
  
  Spammers attend these conferences. Now spammers have known email addresses of everyone there.
  If it's just spammers attending, then they only got the email addresses of other spammers. The spammers can spam themselves all they want for all I care.
3. Re:Blunder by Ethanol-fueled · 2008-10-10 07:39 · Score: 3, Funny
  
  As your score(1, insightful @ 12:38pm pacific time) demonstrates, there are mod points available for short-winded wastes of time.
4. Re:Blunder by omega_dk · 2008-10-10 08:23 · Score: 5, Interesting
  
  That would be insightful, if it were not so clearly wrong. Plenty of spammers target specific individuals; see http://searchcio.techtarget.com/news/article/0,289142,sid182_gci1259674,00.html for a specific example. Now, one could argue that targeting IT professionals would be an exercise in futility. Would you bet your livelihood on it? Would you bet access (possibly high-trust access, depending on how high up this IT professional is) to your company's network on it?
  
  Because that's what's at stake. It's not a question of sending email selling \/|agra to these people. It's a question of a very specific, highly targeted spam operation with the express purpose of getting access to the networks of these specific individuals, in the hopes that they can provide the access the infiltrator would want to the company as a whole.
  
  Now, I am not saying that this is a big deal; it's not like these emails wouldn't have been available from some other source than this email list. However, I will say that by completely dismissing an entire segment of spam email, that of targeted emails to specific individuals, you are unnecessarily lulling both yourself and anyone who reads your comment into a false sense of security. Highly targeted spam is a real risk; don't discount it as a very real attack vector. You must be ever vigilant, and I don't think you can be with that kind of attitude.
  
  --
  Just because you don't like the truth, does not make it false.
5. Re:Blunder by Obfuscant · 2008-10-10 08:54 · Score: 3, Interesting
  
  Now, one could argue that targeting IT professionals would be an exercise in futility.
  Similarly, you'd think that spamming "postmaster" or "abuse" at a domain would be futile and wasteful, but I get more spam there than at my actual address.
6. Re:Blunder by Anonymous Coward · 2008-10-10 09:00 · Score: 5, Funny
  
  you showed him dude, I certainly wouldn't want to be him because I would be reeling from that burn
7. Re:Blunder by AndrewNeo · 2008-10-10 09:08 · Score: 3, Insightful
  
  Probably because they assume it will be a valid address.
8. Re:Blunder by Anonymous Coward · 2008-10-10 09:54 · Score: 4, Funny
  
  enforces the theory that it only takes one idiot to... the whole internet.
  You accidentally... the internet? The whole thing?!
9. Re:Blunder by dw604 · 2008-10-10 11:09 · Score: 2, Informative
  
  I write email software and there are ways to prevent this. The way I do it is insert rows into a queue table for each mailing, with each row containing the userid and messageid. As messages are queued to the SMTP server they are removed from this queue. The sending process checks in every 20 seconds. If a queue fails for more than 1 minute, it can be safely resumed with no duplicate messages. A further simple step is taken to prevent a "refresh" on the sending/queuing page. It seems to me they just need better software or a more competent advertising department.
Title is Misleading by rehtonAesoohC · 2008-10-10 07:26 · Score: 4, Insightful

It's not that Verizon exposed "the wrong" 1200 emails, it's that Verizon exposed any email addresses at all.

/bad title?
1. Re:Title is Misleading by Anonymous Coward · 2008-10-10 07:29 · Score: 4, Insightful
  
  Sometimes you can get away with doing something stupid because nobody notices.
  This was not one of those times.
2. Re:Title is Misleading by reymyster · 2008-10-10 07:30 · Score: 4, Insightful
  
  I believe the "wrong" referred to in the title meant to imply that it was particularly bad to expose these specific emails, like when people say "you just messed with the wrong guy"
  
  --
  http://instagram.com/thephotographer
3. Re:Title is Misleading by Gewalt · 2008-10-10 07:31 · Score: 4, Insightful
  
  It's not that Verizon exposed "the wrong" 1200 emails, it's that Verizon exposed any email addresses at all.
  If ever there was a worst-case-scenario set of 1200 email addresses, this list was it.
  
  --
  Modding Trolls +1 inciteful since 1999
4. Re:Title is Misleading by PhrostyMcByte · 2008-10-10 07:32 · Score: 2, Insightful
  
  I read it as in "You've fucked with the wrong guy". All leaks are bad, but emails of people interested in "securing data and protecting personal information" are the last ones you'd want to leak.
5. Re:Title is Misleading by Naughty+Bob · 2008-10-10 08:03 · Score: 4, Insightful
  
  If ever there was a worst-case-scenario set of 1200 email addresses, this list was it.
  Yes and no. In terms of potential harm done, these people are much more equipped than your average person to be able to mitigate this fuck up.
  
  On the other hand, if there was ever a subsection of people who you donn't want to piss off in this regard....
  
  --
  "Be light, stinging, insolent and melancholy"
6. Re:Title is Misleading by flyingsquid · 2008-10-10 09:00 · Score: 5, Funny
  
  It's not that Verizon exposed "the wrong" 1200 emails, it's that Verizon exposed any email addresses at all.
  While I agree that the email slip-up was pretty bad, I was more concerned about some of the other sensitive information that Verizon publicized. In addition to those 1200 emails, Verizon also emailed other sensitive information including:
  1.the secret herbs and spices that go into KFC's chicken
  2. the combination to the door of the Bat Cave
  3.The location of Dick Cheney's 'undisclosed location'
  4. The chemical composition of Kryptonite
  5. The burial site of Jimmy Hoffa
  6. the nuclear launch codes for U.S. Trident nuclear missile submarines
  7. the full name, post office box address, and social security number of the The Good, the Bad, and the Ugly's Man with No Name
  8. the address and repository information for that government warehouse that contains the Ark of the Covenant (it's on rack 12, shelf 7, box 336)
7. Re:Title is Misleading by Anonymous Coward · 2008-10-10 09:29 · Score: 2, Insightful
  
  That doesn't seem like the wrong van. Seems a reasonably high value score for robbing a van. They weren't caught (at least when that article was written) after all.
8. Re:Title is Misleading by Teun · 2008-10-10 09:38 · Score: 3, Funny
  
  No, no.
  
  Verison is so sure about their new security policies that they wanted to show the experts that publishing their collective addresses is no longer a problem.
  
  --
  "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
9. Re:Title is Misleading by ta+bu+shi+da+yu · 2008-10-10 11:27 · Score: 2, Interesting
  
  Yup, time for a reply all.
  I seem to remember a similar thing happened when a Univeristy made a similar stuff-up, and emailed a raft of journalists. However, in that case it actually brought together journalists who hadn't talk to each other in years.
  
  --
  XML is like violence. If it doesn't solve the problem, use more.
10. Re:Title is Misleading by nog_lorp · 2008-10-10 11:56 · Score: 2, Funny
  
  The chemical composition of kryptonite was already known - sodium lithium boron silicate hydroxide. And it exists in nature too!
Verizon responds by MarkGriz · 2008-10-10 07:28 · Score: 5, Funny

"We just wanted to make sure you could hear us now"

--
Beauty is in the eye of the beerholder.
Times Time Times Time by arizwebfoot · 2008-10-10 07:40 · Score: 2, Funny

and they did it 17 times.
They were afraid that if they did it 18 times, it might look suspicious.

--
Oh Well, Bad Karma and all . . .

--
Beer is proof that God loves us and wants us to be happy.
Just more of the same from Verizon by Bryansix · 2008-10-10 07:55 · Score: 2, Insightful

I am not surprised in the least that this happened coming from Verizon. They hire incompetent assholes all the time there. Their business model is how to screw the customer out of the most money and provide the least amount of service. I can't stand Verizon.

Note that their cell phone business is completely separate from the rest of the morons. Neither business unit talks to each other and neither knows what the other is doing. If the wireless side of the business had any brains they would split off and change names. Verizon is associated with incompetence and greed.
Simple fix: boycot & save time by Alwin+Henseler · 2008-10-10 08:03 · Score: 4, Interesting

If I were one of those invited, then a thing like this would immediately make me loose interest in whatever they'd have to say. Show in advance you can't do yourself what you're preaching about. Duh!
I'd just decline the invitation, and spend my time elsewhere (probably more productive). If a majority of the invited folks would do this, the event would be dead in the water. Killed by stupidity of the organization.
1. Re:Simple fix: boycot & save time by mrchaotica · 2008-10-10 08:23 · Score: 3, Funny
  
  ...a thing like this would immediately make me loose interest...
  Why, was your interest tight before?
  
  --
  "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
I think it's awesome. by IdeaMan · 2008-10-10 08:17 · Score: 2, Insightful

Maybe now we can have secure, authenticated email.
It's only laziness and the lack of any security mandates that prevents us from having decent email.

--
They ARE out to get you simply because They are in it for themselves and they don't care about you.
1. Re:I think it's awesome. by marcosdumay · 2008-10-10 08:38 · Score: 2, Insightful
  
  "It's only laziness and the lack of any security mandates that prevents us from having decent email."
  
  I'm sure the lack of any authenticating authority doesn't make it any easier.
  
  --
  Rethinking email
Re:I know this is /. and all... by david_thornley · 2008-10-10 08:20 · Score: 4, Insightful

Except that there is absolutely nothing to distinguish some clerical errors and actual security issues. If information is leaked by clerical error, it's leaked just as effectively as if it were hacked out of an on-line database through cross-site scripting. Maybe more effectively.

--
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Similar email blunde with bandwidth.com today too! by Anonymous Coward · 2008-10-10 08:28 · Score: 2, Interesting

very strange coincidence indeed. Bandwidth.com blasted about 300 addresses in an email today as well - it's fun to see all the COO's, CIO's and CEO's of bandwith.com customers acting like children and trolls by 'reply-all'ing' and complaining about exposing their addresses.
Uh, hello mr. ceo - your reply is unsolicited - you are the SPAM you are complaining about!
what a weird coincidence.
This happens more than you think... by wiedzmin · 2008-10-10 09:45 · Score: 2, Interesting

I recall that last year SolarWinds' community website (Thwack) launch email was sent to all interested customers, also in the To: field. Some great email addresses those were - NASA, IEEE, California OES, Alabama, Washington, you name it - total of about 100 people... you should have seen those replies! SolarWinds gave everybody a shirt after :)

--
Bow before me, for I am root.
The person responsible... by v(*_*)vvvv · 2008-10-10 13:23 · Score: 2, Funny

is dead. No really, someone killed him already. Securely and anonymously. We have a list of 1200 suspects and their names. Actually, 1200 people have a list of 1200 suspects and their names.
What a coinsidence - bandwidth.com - same today by Anonymous Coward · 2008-10-10 17:10 · Score: 2, Insightful

Some bandwidth.com representative sent an email to 1,300 of their customers this morning. The reply list was so big it crashed Evolution when opened.
One interesting thing about the event was that a great discussion raised from it. Customer's were bouncing ideas off each other, asking what their different configurations were, etc. Some were whining about the service or complaining that we should stop spamming them.
Then, shortly afterward, in the middle of some pretty decent discussion - the CEO of Bandwidth.com sends out an email saying that people are fired, they care about security blah blah..
What this guy failed to do was seize the moment and take the opportunity to start a blog or forum to keep the discussion going..Instead, he fired some poor schmuck(s) over an error that could of happened to anyone.
What about actually addressing some of the concerns and ideas that were brought up?
Just bad leadership from that guy - I would love his job.