Note: I heard back anonymously from a customer of iContact. Are they upset that all their customer's email addresses were stolen? Yes. But they aren't that worried about the impact, because they know that most of their customers will never realize that iContact or their company was the source of the leak. In other words, there is no incentive for bulk mail providers to improve security. An email address, particularly one associated with a particular set of services, is the means by which targeting spammers target phishing attacks. It's the key to password changes, bank accounts, and more. Why are the security standards for email any less than they are for credit cards?
When your email provider's database gets broken into, and a spammer gets all of their customer emails? They don't necessarily tell you, the client. And they certainly don't bother telling the poor sucker whose email address was stolen.
Image via CrunchBase
Starting December 2009, I began receiving spam to the address I use for the help-a-reporter service. I filed a report with their existing bulk mail provider, but got no response. It turned out that HARO had only recently switched to this provider, the real culprit was their previous email provider. A discussion with Adam Shankman led him to research the issue and find out (from an article on the internet!), that his previous email provider had been compromised and all of HARO's email addresses had been fed to spammers. AWeber's subscriber list had been compromised, and they had told none of their customers until they started getting complaints.
Image via CrunchBase
Case #2—iContact
Today I noticed three identical spam messages to three different custom email addresses. They were for the morrisonsoftdesign.com, fontgear.net and myhappyplanet.com. I went back and found that a) it had been going on for at least a few weeks and b) all three companies do, or have used icontact.com to deliver their mail (morrisonsoftdesign.com switched providers at some point). So in other words. If you have an account with morrisonsoftdesign.com, fontgear.net or myhappyplanet.com, or any other company that uses iContact, your email address has almost certainly been fed to the spammers. But don't blame the company you subscribed with, the culprit is iContact. Other iContact customers include (according to their web site) Peach Running Co., West Race Cars, Pro Mom Couture and 58,654 other customers with 577,545 email addresses. Feel free to let them know what you think of their ineptitude.
It's unconscionable that these companies are not notifying their own clients of data breaches, let alone the end-users who end up getting spammed. If any of them have a presence in California, it is probably also illegal.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=4979affc-3bfe-46ad-a0e5-369171171990)
