Between 8:58 and 10:20 BST this morning we sent an email to 3,521 of you that contained the names and email addresses of 46,524 of our readers. Obviously, this was an error. The two-stage send process that is the norm for all of our mailers was over-looked because someone was in a hurry. We would like to offer our genuine and …
Wonder how many aeons will pass before you live this one down...
It's already on Pastebin :( So I think they're pretty much NEVER going to live it down!
@ER. Dumbass Reg. won't live this down.
This reminds me of Angus Deayton. How can they rip into other company's data policies if they're too lackadaisical to keep their own users' information safe? Wankers. Forevermore, Reg. stories about data loss will need to have a pot/kettle icon attached.
Email changed to Spamgourmet.
Well, that's an easy one; 'coz they're reporters. It's their job to report on that sort of stuff. Don't confuse the hacks who do the stories with the tit in the IT dept who caused this fuck up. It's good to see them own up and follow the correct procedures.
quick on the trigger there Fryerman.
Pretty quick to blame the "tit in the IT dept" aren't you sunshine? Why would someone in IT be sending out emails though? It's more likely to be someone in marketing or management - that's my usual blame target. People who don't listen to IT tell them for the Nth bloody time to not do it that way.
"46,524 of our readers."
Personally, I'm just astonished that you have more than 50 readers!
you need to type more carefully, you put the 0 in the wrong place....
It's one reader ...
... with a very bad case of OCD.
... not to mention talking to myself.
But I knew that already.
And have they let everyone...
...who's address was sent out know they won the lucky raffle?
I concur.. should we be receiving notifications if our details have been leaked?
Well, I guess even the hacks ^H^H^H^H^H techies in El Reg can make mistakes in a hurry...
Are the vultures circling the person who pressed the SEND button?
awwww, damn. I didn't get a copy. let me know next time, yeh ?
Well, what's a copy worth to you? Genuine, live email addresses, just waiting for you to send them anything you like. All you need is to make sure it appears to come from The Register, and especially titles like "BOFH" will ensure it'll get opened.
Actually, no, I'm keeping it for myself. Still have some water in powder form to sell..
Duh. Duh. Duh. Next time, drink coffee first, THEN start work...
I didn't get a copy either! Now I'm REALLY jerked.
Yeah, me neither. What, I don't rate a good e-mail leak?
Alien pic chosen as the only good approximation of a pout available.
wonder if I got one, i'll need to remember the logon to the spam hotmail account to do so.
I'm not angry, just disappointed.
Why doesn't the Reg support stronger downstream anti-spam tools to help break the spammers' "business" models? Right now most of the effective anti-spam work is being done upstream by Microsoft.
You do know that the system should be designed so you can't do that, right?
Easier said than done. Set one flag wrong in a sql query and it doesn't matter how many tests. I'd like to know why the email address was compiled in the first place though.
and if you can do that
many millions await you. Blocking this from happening would have required a system to scan the content of the message being sent and to detect that it contained thousands of addresses rather than standard marketing material. Maybe not so difficult in this instance, but making it 100% effective would be a challenge.
The recent Hays cockup was caused (I have it on unreliable authority) <http://www.theregister.co.uk/2011/08/24/hays_rbs_email_fail/> by someone picking the wrong file to attach from a directory - instead of a standard HR attachment, they got a list of everyone's day rates.
It's an old but true saying: anyone can make a system foolproof; with some effort and skill you can even make it idiotproof; but no-one will ever make a system cretinproof.
My first thought was "where were you trying to send the list of names and e-mail addresses?"
I'm not sure that the Register marketing department would be setting SQL flags (whatever they are?) or getting anywhere near SQL. I presume they were adding field codes, which should always be programmed to make sure that the sender can see a post merged sample before sending.
Pretty freakin' poor show if you ask me. A company who goes to great pleasure in sneering at other organisations who commit the same mistake, then doesn't have the same tight controls it 'demands' of others is more than a bit hypocritical.
I wonder whether the Register would have been so forthcoming in divulging this information if it wasn't so readily going to be exposed very quickly by one of the thousands who received it?
I'm sure "lessons will be learned", "procedures will be tightened" and so forth in line with everyone else and it will be done about the same time they find $20 to fork out on an SSL certificate to protect your login to the site!
However, now for some people there will be some nice targeted spam with your name attached and some nice IT related text. Luckily no will fall for the inevitable targeted phishing attacks - will they?
echo 'WARNING: Your email is going out to '.count($email_addresses).' people. Are you sure you want to do this?';
Many (decent) firewalls block emails with a large (>100) number of recipients by default.
A system that scans the email and rejects for further review anything with more than, say, 100 '@' symbols in it?
Been there done that...
Or how about ...
... a mailing system that sends one email to one recipient at a fucking time. That's all your mass-mailer should be able to do. For anything else, use vanilla email.
If your system is capable of including mass customer data in a mass email, it is broken.
Nah, editors should be trained so that they won't do that instead.
Makes you wonder; is this part of an El Reg plot? As soon as the government comes knocking on their door /someone/ hits this big red "DON'T PUSH" button and all accounts get sent across the Innernet?
I notice the reason you didn't put your name on your puppet is because you have absolutely zero idea of what you speak. The protections to stop this kind of idiocy aren't that hard. Marketing database, check emails against customers, yes 4 thou customers, check respondent companies, check, many companies get our email customers, no, false, stop... See, pretty easy logic. Now please refrain from talking crap...
yes, yes, A. Lewis, this is the big issue on this one,
Go on, Reg, tell us the truth, the whole truth and nothing but the truth..
Reg, good that you fessed, but when you've told 3,521 of the nosiest and nosiest readers around, there was no other option.
But once you'd decided to fess, there was no point fudging, and that explanation is straight from the fudge factory.
You'd have got more credibility by telling the whole, awful truth. Or, is it that the Reg minion really meant to send out bulk email addresses, unencrypted, by email, but just got the wrong address list!
And when they realised it was hitting the fan, they tried to kill the send, but only managed to do it after it had got down to the 3,521st address!!.
I think we should be told.
They did want to do that
What they did NOT want to do was include the payload with the email addresses.
How on earth are they hyporcritical??
hypocritcial - of the natureof hypocrisy, or pretense of having virtues, beliefs, principles, etc., that one does not actually possess.
Key word being pretense - in no way did they show pretense in not wanting to live up to these values .... they just screwed up! You're saying that they never had any intention of repsecting privacy???
Big brother has never seemed so smiley and PR video ready :)
I wonder how long this data will take to appear on BitTorrent. You only need one person out of the 3,512 people to be a shit. And to be honest, that's quite likely :)
How much could I sell this list for ?
Seeing as it is freely up on pastebin for every spambot to find, £0.00, I imagine.
Managers love incident reports.
When can we expect the full incident report with a follow up detailing process improvements to ensure no repeat incident occurs.
When you're sending off your report to the ICO be sure to CC the rest of us.
I'll take a BCC cheers
Umm, yea, that was the joke.
Anonymous... until the next "oops".