I can't say whether or not any of my actions did anything to help the situation.
1) I contacted the business through their website with a strict tone.
2) I reported all the parties involved to their domain or ISP. That is, the site that sold my e-mail address to spammers, the address the spam was delivered from, and the site the spam is pointing to trying to collect information.
3) I reported the business to the FTC. Best case scenario is they would fine the business for negligence. Not that I am a fan of bigger government, probably nothing will come of this.
4) The fourth party involved, I was able to trace back to http://www.fishbowl.com/. It is just like it sounds, they offer a service for mailing lists and if they were ever compromised I image the attacker would make off with a pretty nice payload. Unfortunately, there is nothing and no one governing their security practices.
Slashdot Mirror
I can't say whether or not any of my actions did anything to help the situation. 1) I contacted the business through their website with a strict tone. 2) I reported all the parties involved to their domain or ISP. That is, the site that sold my e-mail address to spammers, the address the spam was delivered from, and the site the spam is pointing to trying to collect information. 3) I reported the business to the FTC. Best case scenario is they would fine the business for negligence. Not that I am a fan of bigger government, probably nothing will come of this. 4) The fourth party involved, I was able to trace back to http://www.fishbowl.com/. It is just like it sounds, they offer a service for mailing lists and if they were ever compromised I image the attacker would make off with a pretty nice payload. Unfortunately, there is nothing and no one governing their security practices.