Verizon Exposes the Wrong 1,200 Email Addresses

netbuzz writes "If you're going to market your expertise by inviting 1,200 IT professionals to a seminar about securing data and protecting personal information, it's probably a good idea to protect the personal information of those you invite. On Tuesday, Verizon forgot that advice and blasted each of the 1,200 email addresses to everyone on the list ... and they did it 17 times."

Simple fix: boycot & save time

[Alwin Henseler]

If I were one of those invited, then a thing like this would immediately make me loose interest in whatever they'd have to say. Show in advance you can't do yourself what you're preaching about. Duh!

I'd just decline the invitation, and spend my time elsewhere (probably more productive). If a majority of the invited folks would do this, the event would be dead in the water. Killed by stupidity of the organization.

Re:Blunder

[omega_dk]

That would be insightful, if it were not so clearly wrong. Plenty of spammers target specific individuals; see http://searchcio.techtarget.com/news/article/0,289142,sid182_gci1259674,00.html [techtarget.com] for a specific example. Now, one could argue that targeting IT professionals would be an exercise in futility. Would you bet your livelihood on it? Would you bet access (possibly high-trust access, depending on how high up this IT professional is) to your company's network on it?

Because that's what's at stake. It's not a question of sending email selling \/|agra to these people. It's a question of a very specific, highly targeted spam operation with the express purpose of getting access to the networks of these specific individuals, in the hopes that they can provide the access the infiltrator would want to the company as a whole.

Now, I am not saying that this is a big deal; it's not like these emails wouldn't have been available from some other source than this email list. However, I will say that by completely dismissing an entire segment of spam email, that of targeted emails to specific individuals, you are unnecessarily lulling both yourself and anyone who reads your comment into a false sense of security. Highly targeted spam is a real risk; don't discount it as a very real attack vector. You must be ever vigilant, and I don't think you can be with that kind of attitude.

Similar email blunde with bandwidth.com today too!

[Anonymous Coward]

very strange coincidence indeed. Bandwidth.com blasted about 300 addresses in an email today as well - it's fun to see all the COO's, CIO's and CEO's of bandwith.com customers acting like children and trolls by 'reply-all'ing' and complaining about exposing their addresses.

Uh, hello mr. ceo - your reply is unsolicited - you are the SPAM you are complaining about!

what a weird coincidence.

Re:Blunder

[Obfuscant]

Now, one could argue that targeting IT professionals would be an exercise in futility.

Similarly, you'd think that spamming "postmaster" or "abuse" at a domain would be futile and wasteful, but I get more spam there than at my actual address.

This happens more than you think...

[wiedzmin]

I recall that last year SolarWinds' community website (Thwack) launch email was sent to all interested customers, also in the To: field. Some great email addresses those were - NASA, IEEE, California OES, Alabama, Washington, you name it - total of about 100 people... you should have seen those replies! SolarWinds gave everybody a shirt after :)

Re:Simple fix: boycot & save time

[Anonymous Coward]

You're efforts are useless... people will never learn.

Re:Title is Misleading

[ta bu shi da yu]

Yup, time for a reply all.

I seem to remember a similar thing happened when a Univeristy made a similar stuff-up, and emailed a raft of journalists. However, in that case it actually brought together journalists who hadn't talk to each other in years.