Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Register Email Address Blunder

Posted by Unknown on from the flog-thyself-in-penance dept.

First time accepted submitter Tim99 writes "This morning I got an email from The Register informing me that they have sent 3,521 of their readers the names and e-mail addresses of 46,000 other readers. Considering their frequent rants about security this has got to be a major FAIL." El Reg writes: "Obviously, this was an error. The two-stage send process that is the norm for all of our mailers was over-looked because someone was in a hurry."

18 of 70 comments (clear)

  1. Omitted from summary by SpooForBrains · · Score: 5, Funny

    "We are in the process of blowing the whistle on ourselves to the ICO over the matter."

    --
    "The dew has clearly fallen with a particularly sickening thud this morning"
    1. Re:Omitted from summary by Mushdot · · Score: 2

      We should be able to moderate submitters on accuracy of headline and summary. Tim99 obviously left out the bit about the ICO to make his FAIL point.

  2. Reported themselves to the ICO by Sockatume · · Score: 4, Interesting

    They've put their money where their mouth is, and reported themselves to the Information Commisioner's Office for the breach.

    --
    No kidding!!! What do you say at this point?
    1. Re:Reported themselves to the ICO by wvmarle · · Score: 5, Insightful

      And they deserve credit for that. Within an hour of the the problem they report on it already.

      Mistakes will happen, no matter how hard you try to prevent them. The most important part is: how do you handle those mistakes. Many other companies should take note of what El Reg has done here, and follow their example.

    2. Re:Reported themselves to the ICO by Anonymous Coward · · Score: 2, Interesting

      How the Reg handles mistakes. I remember the last time I saw one. Which turned out to be my last visits. This was when they inexplicably decided to use the Sensational Headline Format, designed to lure traffic by little lies. Stolen from celeb news, where stuff like "X dies!" turns out to be "X said he died a little inside when..." There was outrage in the comments when the Register started using it. The way the beloved Reg took care of the problem was to remove and censor every single comment which dared to criticize them.

      They are an inherent bunch of cunts.

  3. Probably worse for The Register than their readers by RogueyWon · · Score: 4, Insightful

    The impacts of this on the Reg readers affected is probably fairly minimal. At worst, the volumes of spam headed towards certain e-mail addresses will increase. But then - how many people these days really use an e-mail address for their website-registrations that they don't expect to be a complete spam-magnet anyway.

    But there's no credit card info out there, no real-world addresses or telephone numbers. And having an account with The Register isn't the kind of thing that people tend to lose their jobs over, so nobody need be particularly embarrassed about their name being on the list (unlike, say, when the British National Party's membership list was leaked a while back).

    This is far worse for The Register itself. It has - quite rightly - been a prominent critic of companies or organisations who fail to protect personal data. And now - even though the breach is at the lowest end of the severity scale - it's gone and done it itself. Fairly or not (and it's probably not, since I doubt it was one of the actual writers who was responsible for this), their own credibility is tarnished.

    UK readers may remember Angus Deayton of Have I Got News For You fame. I can see the potential for similar consequences here...

  4. Re:Pastebin by RogueyWon · · Score: 2

    Check the comments to the Reg's own story. One of their readers has already taken great delight in uploading it - prompting an angry reaction from everybody else on the comments. After all, the Reg's actions, however stupid, were accidental. Posting a bunch of people's e-mail addresses to pastebin is deliberate malice (even if it was probably inevitable with that many recipients).

  5. another reason to always use disposable addresse by frovingslosh · · Score: 4, Informative

    Well, it seems likely that some register users will be getting a lot of spam soon. Even if the list didn't get sent directly to a spammer it might have gone to someone who wants to teach the Register an important lesson.

    I always use disposable addresses when signing up for anything, and even give them to my friends. I've had one Linux forum make my address publicly visible. I've had multiple vendors send out things to lists with CC information in plain sight. I've had friends who had their accounts hacked and their contact information harvested. Always using disposable addresses lets you cut off just the problem rather than having to abandon an entire e-mail account (which I had to do years ago when it suddenly started receiving hundreds of e-mails a day, so much that my normal e-mail was being rejected because my "mailbox was full")..

    I use a great free service from Spamgourmet.com. I have no relationship with them other than being a satisfied user for many years. As far as I know my actual e-mail (which I obviously had to give to them for forwarding) has never been compromised or leaked and I've never received any form of junk mail from them. They are not the only such option, but whichever you choose to use you should definitely use one if you want to protect yourself from spam and worse.

    --
    I'm an American. I love this country and the freedoms that we used to have.
  6. Re:Probably worse for The Register than their read by RogueyWon · · Score: 2

    If he'd stayed, then for years to come, every time he tried to mock any of his guests over their own indiscretions, they could just have turned the tables on him. HIGNIFY has always had a degree of "yah boo sucks" about it - it's not exactly reasoned debate - and this would have amounted to a get-out-of-jail-free card for guests. Having the show run on that basis in the long run would have robbed it of most of its impact.

  7. Re:Probably worse for The Register than their read by sjames · · Score: 3, Interesting

    On the other hand, they probably confessed their error in record time. There can be no claims of downplaying or sweeping things under the rug that usually accompany reports of a data breech.

  8. BOFH... by vikingpower · · Score: 2

    ...struck again >>

    --
    Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
  9. Re:How does this happen still? by Anonymous Coward · · Score: 2, Insightful

    must be great to never make mistakes

  10. Re:already on pastebin by Tomun · · Score: 2

    I found it on pastebin, it wasn't hard, just search in the last 24 hours. My email address wasn't there either despite getting the apology email.

  11. Comment removed by account_deleted · · Score: 4, Insightful

    Comment removed based on user account deletion

  12. Different Tune being sung by Trax3001BBS · · Score: 2

    "Mistakes will happen", "I thought they handled the screw-up exceptionally well",
    "They've put their money where their mouth is", "they deserve credit for that",
    "The impacts of this on the Reg readers affected is probably fairly minimal".

    Anybody else did this and the reactions would be much different. I figure the Register
    has called in everybody they can for damage control.

    I've read the Register for while when they were hacked and down for a full weekend
    just recently, I went to the site Monday and not one word about it was posted.

    Disposable addresses - do support www.bugmenot.com by adding a name and password when you can.

    1. Re:Different Tune being sung by Lieutenant_Dan · · Score: 2

      I appreciate the cynicism and skepticism. Really I do. It's a crappy incident, but they did handle it very well. I deal with breaches all too often and they did everything appropriately. Would you prefer that they consulted their legal and public affair departments and then aknowledged this a few weeks later? It's rare to see a quick response like that.

      Having said that, it was a stupid mistake.

      Regards the DNS hack, nope, they did post it:
      http://www.theregister.co.uk/2011/09/05/dns_hijack_service_updated/

      All in all, it's still one of the better web sites out there.

      --
      Wearing pants should always be optional.
  13. Re:already on pastebin by BeardedChimp · · Score: 2

    Well, the pastebin links to http://theregisteremailleak.webs.com/theregister.txt

    If you scroll right to the bottom you find...

    Just kidding! This list is made up for fun! :)

    Someone having fun trolling?

  14. Re:Probably worse for The Register than their read by BasilBrush · · Score: 2

    The Register has investigative reporters and aggressive editors. If they were able to diagnose the problems in other companies data systems, how come they were so blind to what was happening in their own organisation.

    And how crass not to accept blame as an organisation, but to put the blame on an individual employee. They would ridicule any other company that tried to deflect blame this way.