The Register Email Address Blunder

First time accepted submitter Tim99 writes "This morning I got an email from The Register informing me that they have sent 3,521 of their readers the names and e-mail addresses of 46,000 other readers. Considering their frequent rants about security this has got to be a major FAIL." El Reg writes: "Obviously, this was an error. The two-stage send process that is the norm for all of our mailers was over-looked because someone was in a hurry."

Omitted from summary

[SpooForBrains]

"We are in the process of blowing the whistle on ourselves to the ICO over the matter."

Reported themselves to the ICO

[Sockatume]

They've put their money where their mouth is, and reported themselves to the Information Commisioner's Office for the breach.

Re:Reported themselves to the ICO

[wvmarle]

And they deserve credit for that. Within an hour of the the problem they report on it already.

Mistakes will happen, no matter how hard you try to prevent them. The most important part is: how do you handle those mistakes. Many other companies should take note of what El Reg has done here, and follow their example.

Probably worse for The Register than their readers

[RogueyWon]

The impacts of this on the Reg readers affected is probably fairly minimal. At worst, the volumes of spam headed towards certain e-mail addresses will increase. But then - how many people these days really use an e-mail address for their website-registrations that they don't expect to be a complete spam-magnet anyway.

But there's no credit card info out there, no real-world addresses or telephone numbers. And having an account with The Register isn't the kind of thing that people tend to lose their jobs over, so nobody need be particularly embarrassed about their name being on the list (unlike, say, when the British National Party's membership list was leaked a while back).

This is far worse for The Register itself. It has - quite rightly - been a prominent critic of companies or organisations who fail to protect personal data. And now - even though the breach is at the lowest end of the severity scale - it's gone and done it itself. Fairly or not (and it's probably not, since I doubt it was one of the actual writers who was responsible for this), their own credibility is tarnished.

UK readers may remember Angus Deayton of Have I Got News For You fame. I can see the potential for similar consequences here...

another reason to always use disposable addresse

[frovingslosh]

Well, it seems likely that some register users will be getting a lot of spam soon. Even if the list didn't get sent directly to a spammer it might have gone to someone who wants to teach the Register an important lesson.

I always use disposable addresses when signing up for anything, and even give them to my friends. I've had one Linux forum make my address publicly visible. I've had multiple vendors send out things to lists with CC information in plain sight. I've had friends who had their accounts hacked and their contact information harvested. Always using disposable addresses lets you cut off just the problem rather than having to abandon an entire e-mail account (which I had to do years ago when it suddenly started receiving hundreds of e-mails a day, so much that my normal e-mail was being rejected because my "mailbox was full")..

I use a great free service from Spamgourmet.com. I have no relationship with them other than being a satisfied user for many years. As far as I know my actual e-mail (which I obviously had to give to them for forwarding) has never been compromised or leaked and I've never received any form of junk mail from them. They are not the only such option, but whichever you choose to use you should definitely use one if you want to protect yourself from spam and worse.

Comment removed

[account_deleted]

Comment removed based on user account deletion