Slashdot Mirror
The Register Email Address Blunder
First time accepted submitter Tim99 writes "This morning I got an email from The Register informing me that they have sent 3,521 of their readers the names and e-mail addresses of 46,000 other readers. Considering their frequent rants about security this has got to be a major FAIL."
El Reg writes: "Obviously, this was an error. The two-stage send process that is the norm for all of our mailers was over-looked because someone was in a hurry."
"We are in the process of blowing the whistle on ourselves to the ICO over the matter."
"The dew has clearly fallen with a particularly sickening thud this morning"
They've put their money where their mouth is, and reported themselves to the Information Commisioner's Office for the breach.
No kidding!!! What do you say at this point?
The impacts of this on the Reg readers affected is probably fairly minimal. At worst, the volumes of spam headed towards certain e-mail addresses will increase. But then - how many people these days really use an e-mail address for their website-registrations that they don't expect to be a complete spam-magnet anyway.
But there's no credit card info out there, no real-world addresses or telephone numbers. And having an account with The Register isn't the kind of thing that people tend to lose their jobs over, so nobody need be particularly embarrassed about their name being on the list (unlike, say, when the British National Party's membership list was leaked a while back).
This is far worse for The Register itself. It has - quite rightly - been a prominent critic of companies or organisations who fail to protect personal data. And now - even though the breach is at the lowest end of the severity scale - it's gone and done it itself. Fairly or not (and it's probably not, since I doubt it was one of the actual writers who was responsible for this), their own credibility is tarnished.
UK readers may remember Angus Deayton of Have I Got News For You fame. I can see the potential for similar consequences here...
Well, it seems likely that some register users will be getting a lot of spam soon. Even if the list didn't get sent directly to a spammer it might have gone to someone who wants to teach the Register an important lesson.
I always use disposable addresses when signing up for anything, and even give them to my friends. I've had one Linux forum make my address publicly visible. I've had multiple vendors send out things to lists with CC information in plain sight. I've had friends who had their accounts hacked and their contact information harvested. Always using disposable addresses lets you cut off just the problem rather than having to abandon an entire e-mail account (which I had to do years ago when it suddenly started receiving hundreds of e-mails a day, so much that my normal e-mail was being rejected because my "mailbox was full")..
I use a great free service from Spamgourmet.com. I have no relationship with them other than being a satisfied user for many years. As far as I know my actual e-mail (which I obviously had to give to them for forwarding) has never been compromised or leaked and I've never received any form of junk mail from them. They are not the only such option, but whichever you choose to use you should definitely use one if you want to protect yourself from spam and worse.
I'm an American. I love this country and the freedoms that we used to have.
On the other hand, they probably confessed their error in record time. There can be no claims of downplaying or sweeping things under the rug that usually accompany reports of a data breech.
Comment removed based on user account deletion