Forgot your password?
typodupeerror
Privacy Communications Security

Verizon Exposes the Wrong 1,200 Email Addresses 94

Posted by timothy
from the but-this-was-the-before-picture dept.
netbuzz writes "If you're going to market your expertise by inviting 1,200 IT professionals to a seminar about securing data and protecting personal information, it's probably a good idea to protect the personal information of those you invite. On Tuesday, Verizon forgot that advice and blasted each of the 1,200 email addresses to everyone on the list ... and they did it 17 times."
This discussion has been archived. No new comments can be posted.

Verizon Exposes the Wrong 1,200 Email Addresses

Comments Filter:
  • Blunder (Score:5, Insightful)

    by mfh (56) on Friday October 10, 2008 @02:22PM (#25331285) Homepage Journal

    Whenever email scripts have too many recipients, they do tend to refresh and try again, which can cause dupes. These addresses were likely supposed to be in the BCC field, or nonexistent (duh). So it was a mistake.

    That's an embarassing blunder, to hold a seminar on keeping private info secure and then spamming who is attending the seminar. I wonder how much time they will spend on that blunder, explaining how it can happen to anyone, even the mighty Verizon, but this foolishness will not strengthen Verizon's sales pitch.

    Spammers attend these conferences. Now spammers have known email addresses of everyone there.

    This would only make a difference if spammers made money based on sending targeted email. They don't. They make money based on volume of addresses when a shady merchant pays them. So maybe they could make $25 on this list?

    Apart from making one person in Verizon look stupid, this also enforces the theory that it only takes one idiot to... the whole internet.

    • Re: (Score:2, Funny)

      by Anonymous Coward
      I wish there was mod points for long winded waste of time
    • Re:Blunder (Score:5, Funny)

      by Spacepup (695354) on Friday October 10, 2008 @02:35PM (#25331459)

      Spammers attend these conferences. Now spammers have known email addresses of everyone there.

      If it's just spammers attending, then they only got the email addresses of other spammers. The spammers can spam themselves all they want for all I care.

    • Re:Blunder (Score:5, Interesting)

      by omega_dk (1090143) <alpha.dk@nOSPam.gmail.com> on Friday October 10, 2008 @03:23PM (#25332029)
      That would be insightful, if it were not so clearly wrong. Plenty of spammers target specific individuals; see http://searchcio.techtarget.com/news/article/0,289142,sid182_gci1259674,00.html [techtarget.com] for a specific example. Now, one could argue that targeting IT professionals would be an exercise in futility. Would you bet your livelihood on it? Would you bet access (possibly high-trust access, depending on how high up this IT professional is) to your company's network on it?

      Because that's what's at stake. It's not a question of sending email selling \/|agra to these people. It's a question of a very specific, highly targeted spam operation with the express purpose of getting access to the networks of these specific individuals, in the hopes that they can provide the access the infiltrator would want to the company as a whole.

      Now, I am not saying that this is a big deal; it's not like these emails wouldn't have been available from some other source than this email list. However, I will say that by completely dismissing an entire segment of spam email, that of targeted emails to specific individuals, you are unnecessarily lulling both yourself and anyone who reads your comment into a false sense of security. Highly targeted spam is a real risk; don't discount it as a very real attack vector. You must be ever vigilant, and I don't think you can be with that kind of attitude.
    • Re:Blunder (Score:4, Funny)

      by Anonymous Coward on Friday October 10, 2008 @04:54PM (#25333055)

      enforces the theory that it only takes one idiot to... the whole internet.

      You accidentally... the internet? The whole thing?!

    • Re: (Score:2, Informative)

      by dw604 (900995)

      I write email software [listmailpro.com] and there are ways to prevent this. The way I do it is insert rows into a queue table for each mailing, with each row containing the userid and messageid. As messages are queued to the SMTP server they are removed from this queue. The sending process checks in every 20 seconds. If a queue fails for more than 1 minute, it can be safely resumed with no duplicate messages. A further simple step is taken to prevent a "refresh" on the sending/queuing page. It seems to me they just ne

  • by rehtonAesoohC (954490) on Friday October 10, 2008 @02:26PM (#25331335) Journal
    It's not that Verizon exposed "the wrong" 1200 emails, it's that Verizon exposed any email addresses at all.

    /bad title?
    • by Anonymous Coward on Friday October 10, 2008 @02:29PM (#25331373)

      Sometimes you can get away with doing something stupid because nobody notices.

      This was not one of those times.

      • Re: (Score:3, Interesting)

        Yup, time for a reply all.

        I seem to remember a similar thing happened when a Univeristy made a similar stuff-up, and emailed a raft of journalists. However, in that case it actually brought together journalists who hadn't talk to each other in years.

      • by mcrbids (148650)

        I remember receiving a spammy email like this. And just for giggles, I used "Reply All" and bitched to the sender about how all these email addresses are public knowledge, and about how all the recipients of the email were going to be spammed by any spammer with a worm on anybody's computer on the list, and how annoying it was to receive email like this with everybody on the "to" line...

        By replying to all, everybody's address was on the "to" line.

        Again.

        Maybe I'm just sick. I don't know. But I did get a few

    • by reymyster (521177) <acuity&gmail,com> on Friday October 10, 2008 @02:30PM (#25331391) Homepage
      I believe the "wrong" referred to in the title meant to imply that it was particularly bad to expose these specific emails, like when people say "you just messed with the wrong guy"
    • by Gewalt (1200451) on Friday October 10, 2008 @02:31PM (#25331405)

      It's not that Verizon exposed "the wrong" 1200 emails, it's that Verizon exposed any email addresses at all.

      If ever there was a worst-case-scenario set of 1200 email addresses, this list was it.

    • Re: (Score:3, Insightful)

      by PhrostyMcByte (589271)
      I read it as in "You've fucked with the wrong guy". All leaks are bad, but emails of people interested in "securing data and protecting personal information" are the last ones you'd want to leak.
      • by IdeaMan (216340)

        Maybe now we can have secure, authenticated email.
        It's only laziness and the lack of any security mandates that prevents us from having decent email.

        • Re: (Score:3, Insightful)

          by marcosdumay (620877)

          "It's only laziness and the lack of any security mandates that prevents us from having decent email."

          I'm sure the lack of any authenticating authority doesn't make it any easier.

        • Your post advocates a

          (X) technical ( ) legislative ( ) market-based ( ) vigilante

          approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

          ( ) Spammers can easily use it to harvest email addresses
          (X) Mailing lists and other legitimate email uses would be affected
          ( ) No one will be able to find the guy or collect the mone

    • It's not that Verizon exposed "the wrong" 1200 emails, it's that Verizon exposed any email addresses at all.

      It is a figure of speech - its like saying "The thieves choose the wrong van to break into when they burglarized an FBI SWAT team's van. [news4jax.com]" Breaking into a vehicle is wrong, no doubt, but some vehicles are more worse for the burglar than others.

      Similarly, the most likely people to raise a ruckus and thus embarrass Verizon about poor emailing procedures are security pros. Do it to a buch of joe sixpacks and chances are they won't even notice, much less publicize it.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        That doesn't seem like the wrong van. Seems a reasonably high value score for robbing a van. They weren't caught (at least when that article was written) after all.

      • by SL Baur (19540)

        "The thieves choose the wrong van to break into when they burglarized an FBI SWAT team's van."

        Were they ever caught? YFL says:

        The FBI asks anyone with information that could help recover the rifles to call their Jacksonville office at (904) 721-1211.

        Seems to me that they got away with it and that's a heckuva better reward than could have gotten if they had broken into my car ...

        This is Slashdot and if you're going to do a car analogy, you're going to have to do much better than that.

    • by flyingsquid (813711) on Friday October 10, 2008 @04:00PM (#25332497)

      It's not that Verizon exposed "the wrong" 1200 emails, it's that Verizon exposed any email addresses at all.

      While I agree that the email slip-up was pretty bad, I was more concerned about some of the other sensitive information that Verizon publicized. In addition to those 1200 emails, Verizon also emailed other sensitive information including:

      1.the secret herbs and spices that go into KFC's chicken

      2. the combination to the door of the Bat Cave

      3.The location of Dick Cheney's 'undisclosed location'

      4. The chemical composition of Kryptonite

      5. The burial site of Jimmy Hoffa

      6. the nuclear launch codes for U.S. Trident nuclear missile submarines

      7. the full name, post office box address, and social security number of the The Good, the Bad, and the Ugly's Man with No Name

      8. the address and repository information for that government warehouse that contains the Ark of the Covenant (it's on rack 12, shelf 7, box 336)

      • Re: (Score:3, Funny)

        by nog_lorp (896553) *

        The chemical composition of kryptonite was already known - sodium lithium boron silicate hydroxide. And it exists in nature too!

    • Oh, the news was they exposed the mailing list?

      I thought it was that Verizon had figured out e-mail.

  • by MarkGriz (520778) on Friday October 10, 2008 @02:28PM (#25331361)
    "We just wanted to make sure you could hear us now"
    • ...

      "Can you READ me NEEOWWWWW???!!!"

    • by cmacb (547347)

      No, the typical inter office response is for the same stupid clerk who screwed up in the first place to first send out 1200 message retracts, followed by 1200 "Sorry, please ignore this message". After that of course the only slightly more clueful network administrator sends a message to everyone telling them not to send messages to everyone.

      It can only get better from here.

  • I'll bet they got their point across..
  • Clearly, the email blorf and the conference itself are one in the same -- a cry for help from Verizon.

  • and they did it 17 times.

    They were afraid that if they did it 18 times, it might look suspicious.

    --
    Oh Well, Bad Karma and all . . .

  • Does that mean the Slashdot is more responsible than Verizon?

  • by Bryansix (761547) on Friday October 10, 2008 @02:55PM (#25331685) Homepage
    I am not surprised in the least that this happened coming from Verizon. They hire incompetent assholes all the time there. Their business model is how to screw the customer out of the most money and provide the least amount of service. I can't stand Verizon.

    Note that their cell phone business is completely separate from the rest of the morons. Neither business unit talks to each other and neither knows what the other is doing. If the wireless side of the business had any brains they would split off and change names. Verizon is associated with incompetence and greed.
    • by Lumpy (12016)

      Their business model is how to screw the customer out of the most money and provide the least amount of service.

      This is the business model of EVERY wireless carrier. I have tried them all (in the USA) and have yet to find one that is honest and interestedin delivering good service. So I pick the lesser of all evils and switch when that one become more evil.

    • You fucking kidding me? The wireless side is the problem - their other enterprises aren't great, but they're tolerable at least, and unobtrusive at best.

      If Verizon-not-counting-wireless had any brains, they'd kick out VZW.

    • by owlstead (636356)

      Well, I was just about to mod you informative, but the next Slashdot story:

      http://mobile.slashdot.org/article.pl?sid=08/10/10/209209 [slashdot.org]

      tells me they are trying for a merger instead. (Verizon to charge providers $0.03 per SMS).

    • In a somewhat related matter, I once had the exact same thing happen when applying for a job at the NSA. They had us go through this whole song and dance about how we shouldn't disclose what we were doing in Maryland. Then they emailed us all after the interview process was over (which wasn't fun, btw) thanking us for coming out. Sadly, they must have mixed up the BCC and CC fields. I let them know, but they didn't seem to be perturbed.

  • Sweet, now maybe I can have Verizon start sending me more information on Breast Enlargement and Erectile Disfunction Pills.

  • by Anonymous Coward

    Just this morning, I got an email from bandwidth.com addressed to 1250 other customers.

    I guess it is good I went with them instead of verizon, now I have even more email addresses to spam!

  • by Anonymous Coward

    very strange coincidence indeed. Bandwidth.com blasted about 300 addresses in an email today as well - it's fun to see all the COO's, CIO's and CEO's of bandwith.com customers acting like children and trolls by 'reply-all'ing' and complaining about exposing their addresses.

    Uh, hello mr. ceo - your reply is unsolicited - you are the SPAM you are complaining about!

    what a weird coincidence.

  • Didn't anyone replyed to all? I'd love to see the thread of flames.

  • They should have listened to that good advice that they obviously just didn't take.

    Who would have thought ... it figures!

  • At least it was a prime number. I wouldn't mind it so much then. Had it been 16 or 18 though, damn I'd be angry.
  • I recall that last year SolarWinds' community website (Thwack) launch email was sent to all interested customers, also in the To: field. Some great email addresses those were - NASA, IEEE, California OES, Alabama, Washington, you name it - total of about 100 people... you should have seen those replies! SolarWinds gave everybody a shirt after :)
  • I betcha they did it just to get on Slashdot.
  • yeah and wait until the sms message bills come in on those invites. Why would anyone mess with Verizon? Seriously!
  • My email recently got exposed to the wrong uncle! Please make those stupid animated love-and-nature Powerpoints stop!

  • by v(*_*)vvvv (233078) on Friday October 10, 2008 @08:23PM (#25335207)

    is dead. No really, someone killed him already. Securely and anonymously. We have a list of 1200 suspects and their names. Actually, 1200 people have a list of 1200 suspects and their names.

  • by Anonymous Coward

    Some bandwidth.com representative sent an email to 1,300 of their customers this morning. The reply list was so big it crashed Evolution when opened.

    One interesting thing about the event was that a great discussion raised from it. Customer's were bouncing ideas off each other, asking what their different configurations were, etc. Some were whining about the service or complaining that we should stop spamming them.

    Then, shortly afterward, in the middle of some pretty decent discussion - the CEO of Bandwidth.

Optimization hinders evolution.

Working...