Veritas != Symantec
Minor correction - Veritas Hasn't been owned by Symantec since they sold it in August last year.
Hundreds of UK video game fans became unwitting recipients of each others’ email addresses this week following a messaging cock-up at online retailer GAME.co.uk. El Reg learned of the snafu through reader David, who seems to have been something of a patient zero in the minor privacy flap. Human error meant that “To:” field …
... (in a totally non-amusing way) when, as they almost inevitably do, these 'apologies' begin with 'a small number of customers...'.
I accept it's possibly, even probably, a deliberate or habitual messaging massage to try to make things appear like they're no big deal. However, that's (to me at least) part of what rankles.
First, it may well be that it really _isn't_ a big deal to the company, and they're just mouthing platitudes.
Second, even if they do actually care, for me they're giving the wrong impression with the wording.
Third, even if they have 99999999999999999999999999999 customers so, for example, 1000 is a vanishingly small percentage number to them, _1_ is a rather large percentage (100%) and even a large number to each of those individual 1000 people who are elements of the failure.
Of course, I'm probably over-reacting. After all, I'm an Idiot (blush).
"Although mildly irksome it’s no big deal – except where the recipients or email are in themselves confidential or sensitive."
I'm sorry, but I don't think it is for El Reg to be dismissing the severity of the problem. Some people keep their contact details very well guarded, for good reason, and not everyone has the luxury of multiple or unlimited e-mail accounts to assign one to a given purpose. How severely it affects them is down to the individual to judge.
Author is obviously not familiar with information security principles. Many web applications and web connected application (multiplayer games.....), use the email as the login user ID. They just provided what is likely user IDs for a couple of thousand players. This means an attacker has half of the login information for the attack, making brute force of the password the likely only other requirement.
Adding spam fodder is another effect of this mistake, as well as privacy. How many people wanted others knowing they were involved with this retailer?
We had someone do that with an internal email just yesterday, an email that had its very first line stating "DO NOT REPLY TO ALL", so they either didn't read, or didn't absorb that little bit of info!
A double fail really, since the original author of the email, also neglected to use BCC: !
Luckily there was only the one reply yesterday, but I've seen these run and run for hours before now!
It's like a mild IT version of the Darwin awards.
Those are great. Especially when the big bosses start getting involved and start SHOUTING IN CAPS LOCK that everyone should stop replying to all....by replying to all and telling them so...
Snarky emails to point out the irony (replied to all of course) never go down well...
Get on as many of these marketing lists as you can, and set up a .procmailrc rule to extract all the Cc: address. MUAHAhahaha!!!
Marketard protip: just use friggin' MailChimp, Mailgun, Constant Contact... it's cheap, it's easy, and some of your drivel might actually make it out of the recipients' spam folders.
As the other person said above... to me 100% percent of me has been affected, so i don't care how small or large it is in the context of the company.
... and telling me my privacy is important to you while explaining how you demonstrated that its not is simply lying to me. Just don't say it.... we know that in general you probably do care about privacy, and yes in general you probably didn't want to f**k up today... but the fact is you did so stop insulting me.
Is it not beyond the bounds of human ingenuity that email clients *by default* are not provided with a cc field, but require an active intervention on a per-send basis to turn one on? Or even just remove the cc field; it doesn't really have much utility these days.
This seems such an obvious stop to this sort of cockup that I'm really surprised not to see it, yet everything I use seems to be the other way around.
RTFA.
The addresses were in the 'To' field, not 'CC'. Hiding the CC field would simply result in more marketing muppets putting all addresses in the 'To' field instead.
Now a prompt that says "I see you're sending this message to more than x recipients - are you sure you want them to see each others addresses?" might be more effective. (Or, probably better, phrase it "do you want those in the BCC field instead?")
'Now a prompt that says "I see you're sending this message to more than x recipients - are you sure you want them to see each others addresses?"'
Were it my client list, I don't think I'd want the users to even have the option to email the clients directly from their outlook or whatever. Recipe for disaster.
This post has been deleted by its author
Feeling very grumpy here as although I got an email from GAME it only had my email address in. I NEVER get rolled into these cock-ups and I feel very left out. How am I supposed to have a good whinge if they never get it wrong for me
mumble mumble mutter millennium hand and shrimp
Why are marketing emails even being sent out through a system that allows this? I'd have expected some kind of mailer application, that you just submit your content to and it does the heavy lifting of sending it out for you to the right people in the right way.
I can't believe you have a marketing department designing the mails, then manually copying and pasting them into something like outlook to send out, so it's possibly some mailing list setup that was configured incorrectly, but it's still hard to see how it's not all automated in a big organisation.
Not surprised... I tweeted at them at Christmas mocking them for their utter distain for PC gamers now they stock roughly 7 PC games at a time (plus all the Sims Expansions obvs), only to receive a tweet mentioning their new partnership with a PC Peripherals company starting this spring.
Really? Miss the point much? You don't sell games for the platform anymore but you expect me to pay over the odds to receive terrible customer service while I buy a keyboard from you? And be excited about this prospect?
Riiiiight...